Digital signature vs electronic signature: what's the actual difference?

Walk into any office and ask what a digital signature is, and most people will describe drawing their name on a screen. That's an electronic signature. A digital signature is something more specific — a cryptographic mechanism using public key infrastructure (PKI) to mathematically prove that a specific person signed a specific document and that the document hasn't changed since. The two terms get conflated constantly, but the distinction matters in regulated industries and certain legal contexts.

Electronic signature: the broad category

An electronic signature is any electronic symbol, sound, or process applied with the intent to sign. This definition — from the ESIGN Act — is deliberately wide. A typed name qualifies. A drawn signature qualifies. A clicked 'I agree' button qualifies. A biometric marker qualifies. What matters is intent to sign and a record of that intent.

Most e-signature platforms (DocuSign, Dropbox Sign, InkRobin) produce Simple Electronic Signatures (SES) with audit trail evidence: timestamp, email, IP, and document hash. This is legally valid for the vast majority of commercial transactions worldwide.

Digital signature: the cryptographic subset

A digital signature uses asymmetric cryptography — a pair of mathematically linked keys. You sign the document with your private key (which only you hold). The recipient verifies the signature using your public key, which proves: (1) the signature came from whoever holds that private key, and (2) the document hasn't been altered since signing, because any change would invalidate the signature.

To use a digital signature in this sense, you need a digital certificate issued by a trusted Certificate Authority (CA) — organisations like DigiCert, GlobalSign, or IdenTrust. The certificate links your public key to your verified identity. When Adobe Acrobat displays a blue banner saying 'Signature is valid', it's checking that the certificate is trusted and the document is unchanged.

When does the difference actually matter?

For most business contracts — service agreements, NDAs, employment contracts, lease documents, purchase orders — the difference doesn't matter. A simple electronic signature with a good audit trail is legally sufficient under ESIGN, UETA, and eIDAS SES. Courts have consistently upheld e-signed contracts at the SES level.

The difference matters in specific regulated contexts: EU financial services firms that need to meet eIDAS AES requirements, government documents requiring qualified signatures, pharmaceutical regulatory filings, and some public sector procurement processes. In these cases, a PKI digital certificate from a qualified trust service provider is required — a typed name on an e-signature platform isn't sufficient.

The eIDAS framework: SES, AES, and QES

• SES (Simple Electronic Signature): any electronic signature — typed, drawn, platform-recorded. Valid for most commercial contracts.
• AES (Advanced Electronic Signature): uniquely linked to the signer, identifies them, created with data under their sole control, detects any subsequent changes. In practice: a PKI signature with a Certificate Authority-issued certificate.
• QES (Qualified Electronic Signature): highest tier. Certificate from an EU-supervised Qualified Trust Service Provider (QTSP), created with a qualified signature creation device. Legally equivalent to a handwritten signature across all EU member states.

Which one does InkRobin produce?

InkRobin produces Simple Electronic Signatures with a comprehensive audit trail — timestamp, email, IP, and SHA-256 document hash embedded in the Certificate of Completion. This meets ESIGN, UETA, and eIDAS SES requirements. For the vast majority of commercial use cases, this is the appropriate and sufficient level. If you're in a regulated industry that specifically requires AES or QES, that's a specific procurement requirement you'll be told about — and the platforms supporting those tiers charge accordingly.

Frequently asked questions

• Do I need a digital certificate to sign a contract? No — for most commercial contracts, an electronic signature with an audit trail is sufficient. PKI certificates are required only in specific regulated contexts.
• Is a digital signature more secure than an electronic signature? In cryptographic terms, yes. In legal evidentiary terms, a well-documented SES with a complete audit trail is sufficient for most disputes.
• Can I verify a digital signature for free? Yes — Adobe Acrobat Reader can verify PKI digital signatures using its built-in certificate trust store.