Digital Signatures vs Electronic Signatures
The terms "digital signature" and "electronic signature" are often used interchangeably, but they mean very different things technically. An electronic signature is any digital mark indicating intent to sign — a typed name, a scanned handwriting image, or a checkbox. It carries no built-in mechanism to verify who made it or whether the document changed afterward.
A digital signature, by contrast, is a cryptographic construct. It uses asymmetric key cryptography to bind a signer's identity to a specific version of a document. If even a single bit of the document changes after signing, the signature becomes invalid. This tamper-evidence is the defining property that makes digital signatures legally meaningful.
How Digital Signatures Work
Every digital signature relies on a pair of mathematically related keys: a private key and a public key. The private key is kept secret by the signer. The public key is distributed freely and is typically embedded in a digital certificate issued by a Certificate Authority (CA).
When you digitally sign a PDF, the signing software performs two operations. First, it computes a cryptographic hash of the document — a fixed-length fingerprint that uniquely represents the document's contents. Second, it encrypts that hash with your private key to produce the signature.
Anyone who wants to verify the signature uses your public key to decrypt the signature, recovering the original hash. They then compute a fresh hash of the current document and compare the two. If they match, the document is unchanged and the signature is authentic. If they differ, the document has been modified after signing.
Certificate Authorities and Trust Chains
For a digital signature to be trusted by others, the signer's certificate must be issued by a Certificate Authority that recipients trust. Major CAs like DigiCert, Sectigo, and GlobalSign are pre-trusted by operating systems, browsers, and PDF readers. When Adobe Reader or Foxit displays "signature valid," it means it traced the certificate back to one of these trusted roots.
Self-signed certificates are technically valid but show as "unknown" in most PDF readers because there is no trusted CA vouching for the identity. For internal document workflows this may be acceptable; for contracts sent to outside parties, a certificate from a recognized CA is expected.
Legal Validity of Digital Signatures
In most jurisdictions, digital signatures have legal standing equivalent to handwritten signatures for most document types. The United States Electronic Signatures in Global and National Commerce Act (ESIGN, 2000) and the EU's eIDAS regulation (2016) both establish that electronic and digital signatures are legally enforceable.
eIDAS defines three tiers. A Simple Electronic Signature is any electronic indication of intent. An Advanced Electronic Signature (AdES) is uniquely linked to the signer and based on a qualified certificate. A Qualified Electronic Signature (QES) uses a qualified certificate issued by an EU-accredited trust service provider and is legally equivalent to a handwritten signature across all EU member states.
Some document types — wills, real estate transactions in certain jurisdictions, court filings — may still require wet ink signatures or specific notarization. Always check the requirements for the specific document type and jurisdiction.
Adding a Digital Signature to a PDF
To add a digital signature, you need a signing certificate. If you do not have one, you can create a self-signed certificate using software like Adobe Acrobat or generate one via OpenSSL. For legally significant documents, obtain a certificate from a recognized CA.
Once you have a certificate, open the PDF in a signing tool, select the digital signature option, choose the certificate, and place the signature field. The tool will ask you to confirm, then it writes the cryptographic signature data into the PDF and marks the document as signed.
Most PDF signing tools also let you add a visible signature appearance — a graphical representation showing your name, date, and optionally an image of your handwritten signature. This visible element is separate from the cryptographic signature; it is just for human readability.
Verifying a Digital Signature
To verify a signature in a PDF reader like Adobe Acrobat, open the document and look for the signatures panel. The reader checks three things: whether the certificate is valid and not expired, whether the certificate chains to a trusted CA, and whether the document has been modified since signing.
A green checkmark with "Signature Valid" means all three checks passed. A yellow warning might mean the certificate is self-signed or not trusted. A red X means the document was modified after signing, which is a serious integrity failure.
Flattening and Protecting Signed PDFs
Once a PDF is digitally signed, making changes to it invalidates the signature. If you want to distribute a signed PDF that cannot be further modified, flattening it converts all interactive elements into static content. Protecting the PDF with a password and restricted permissions adds another layer of control, preventing editing, copying, or printing.
For maximum assurance, sign the document first, then flatten and protect it. This sequence preserves the cryptographic signature in the flattened output while making the document tamper-resistant from a practical standpoint.