Digital vs. Electronic Signatures: The Real Difference
One is a legal concept as broad as clicking "I agree." The other is a cryptographic mechanism that can prove a document hasn't changed by a single byte. Confusing them can cost you real money.
By the Andromeda PDF Team · Published December 7, 2025 · Updated July 2, 2026
If you have ever typed your name at the bottom of a form, drawn a wobbly line with your trackpad, or clicked an "Accept" button, you have made an electronic signature. If you have ever opened a PDF and seen a green checkmark declaring "Signed and all signatures are valid," you have encountered a digital signature. These two things are related the way "vehicle" is related to "armored truck": every digital signature is an electronic signature, but the vast majority of electronic signatures involve no cryptography at all. Understanding the gap between them tells you when a squiggle is enough — and when you need math on your side.
Electronic Signatures: A Legal Concept
An electronic signature is not a technology. It is a legal category that covers any electronic sound, symbol, or process attached to a record with the intent to sign it. That definition — deliberately broad — comes from laws like the U.S. ESIGN Act, and it means all of the following can be legally binding signatures:
- Typing /s/ Jane Smith or just your name into a signature field
- Drawing your signature with a mouse, stylus, or finger
- Pasting a scanned image of your handwritten signature into a document
- Clicking "I agree to the terms" during a checkout flow
- Replying "confirmed" to an email, in some contexts
What all of these have in common is that they capture intent. What none of them do, on their own, is prove identity (that the signer is who they claim to be) or integrity (that the document wasn't altered after signing). A pasted signature image can be copied out of one PDF and dropped into another in about ten seconds. E-signature platforms compensate with surrounding evidence — audit trails, email verification, IP logs, timestamps — but the signature mark itself proves nothing.
Digital Signatures: A Cryptographic Mechanism
A digital signature is a specific technical implementation built on public-key cryptography. The signer holds a private key that only they control, paired with a public key that anyone can use to verify their signature. A certificate authority (CA) vouches for the link between that key pair and a real identity by issuing a digital certificate — conceptually similar to how HTTPS certificates vouch for websites.
How signing a PDF actually works
When you digitally sign a PDF, the software does roughly this under the hood:
- Hash the document. The PDF's bytes are run through a cryptographic hash function (such as SHA-256), producing a short fingerprint. Change one character anywhere in the file and the fingerprint changes completely.
- Encrypt the hash with the private key. This encrypted hash is the signature. Only the holder of the private key could have produced it.
- Embed everything in the file. The signature, the signer's certificate, and usually a trusted timestamp are stored inside a reserved region of the PDF itself.
- Verify on open. When someone opens the file, their PDF reader re-hashes the document, decrypts the embedded signature with the public key, and compares the two fingerprints. A match means the document is byte-for-byte identical to what was signed. A mismatch flags the signature as invalid.
This is why a digital signature is tamper-evident. Nobody can silently edit a digitally signed contract — not the counterparty, not a middleman, not even the signer. Any modification breaks the math, and the reader says so loudly. Note that this is separate from password protection or encryption; a digitally signed PDF can be freely readable while still being provably unmodified. (Signing is also unrelated to how a file looks — the formatting stability that makes PDF preferable to editable formats is covered in our PDF vs. Word comparison.)
What the Law Says (Plainly)
In the United States, the federal ESIGN Act (2000) and the state-level UETA establish that a signature cannot be denied legal effect merely because it is electronic. Neither law requires cryptography — a typed name with demonstrable intent generally satisfies them for most everyday agreements. Certain documents (wills, some family-law and court filings) are commonly excluded and may need traditional signatures or specific procedures.
The European Union's eIDAS regulation is more granular, defining three tiers:
- Simple electronic signature (SES): the broad catch-all — typed names, checkboxes, drawn marks.
- Advanced electronic signature (AdES): must be uniquely linked to the signer, capable of identifying them, and able to detect subsequent changes — in practice, this means digital-signature technology.
- Qualified electronic signature (QES): an advanced signature created with a qualified certificate and a certified signing device. A QES is legally equivalent to a handwritten signature across the EU.
Not legal advice. Signature law varies by jurisdiction, document type, and industry. This article summarizes well-known frameworks in general terms — for anything with real stakes, talk to a lawyer licensed where you operate.
Side-by-Side Comparison
| Aspect | Electronic Signature | Digital Signature |
|---|---|---|
| What it is | Legal concept: any mark showing intent | Cryptographic mechanism (PKI) |
| Proves identity | Only via external evidence (audit logs, email) | Yes, via CA-issued certificate |
| Detects tampering | No | Yes — any edit invalidates the signature |
| Typical cost/effort | Free, instant | Requires a certificate; more setup |
| Best for | Everyday agreements, consents, HR forms | High-value contracts, regulated filings, long-term records |
How to Verify a Signed PDF
Verification is where digital signatures earn their keep, and it costs you nothing. In Adobe Acrobat Reader, open the file and check the blue signature banner at the top, or open the Signatures panel from the left sidebar. You want to confirm three things: the document has not been modified since signing, the signer's certificate chains to a trusted authority, and the signing time is covered by a valid timestamp. Clicking the signature shows certificate details — who issued it, to whom, and when it expires. Other readers (Foxit, macOS Preview to a limited extent, and most browsers' built-in viewers) vary in how much validation they perform, so for anything contractual, verify in a reader that fully checks the certificate chain. For a quick first look at any PDF someone sends you, a browser-based viewer like our private PDF reader lets you inspect the file without uploading it anywhere — the file never leaves your device.
Common Pitfalls and Scams
The flattened signature image
The most common trick is also the simplest: a signature that is just a picture. Someone crops your signature from one document and pastes it into another, or "flattens" a signed page into an image so the mark looks authentic but carries zero verifiable data. If a PDF reader shows no signature panel entry, there is no digital signature — no matter how official the ink looks.
Editing after signing
With a mere signature image, nothing stops a counterparty from changing the payment terms on page 3 after you signed page 7. A digital signature makes this detectable; an electronic one does not. If you must send an image-signed document, reduce casual misuse by adding a visible watermark (for example, "Executed copy — {date} — not for reuse") and keeping your own copy with a recorded hash or timestamped email trail.
Trusting the badge, not the chain
A signature panel entry alone is not proof either — self-signed certificates are trivial to create. The green checkmark only means something when the certificate chains to an authority your reader trusts. If validation says "signer's identity is unknown," treat the document as unverified. And remember that a valid signature says nothing about the content being honest — scam invoices can be validly signed by scammers. For broader document hygiene, see our PDF security tips.
Which One Do You Need?
For most day-to-day agreements — freelance contracts, NDAs, rental applications, permission slips — a plain electronic signature through a reputable platform is legally sufficient and far more convenient. Reach for a true digital signature when the stakes justify it: high-value transactions, regulated industries, government submissions, documents that must remain provably intact for years, or any EU context that requires an advanced or qualified signature. The rule of thumb: if you would have insisted on a notary in the paper world, you probably want cryptography in the digital one.
Frequently Asked Questions
Is a typed name really a legal signature?
In the U.S. and many other jurisdictions, generally yes — if there is intent to sign and the parties agreed to transact electronically. The weakness isn't legality; it's proving later who actually typed it, which is why platforms layer on identity checks and audit trails.
Does drawing my signature on a touchscreen make it a digital signature?
No. A drawn signature is still just an image — an electronic signature. It becomes a digital signature only if the software also cryptographically signs the document hash with a private key and embeds a certificate.
Can a digitally signed PDF ever be legitimately changed?
PDFs support incremental updates, so a second signer or a form fill can be appended without breaking the first signature — readers show this as separate signed revisions. What can never happen silently is modification of the content that was covered by an existing signature.
Do DocuSign-style platforms use digital signatures?
Usually both. The mark you draw is an electronic signature, but reputable platforms then apply their own digital certificate to seal the completed document, so the final PDF is tamper-evident even though you never handled a private key yourself.