The terms are used interchangeably but mean different things. A digital signature is a specific cryptographic mechanism — PKI, X.509 certificates, asymmetric keys. An electronic signature is a broader legal concept that includes digital signatures but does not require them.
Any electronic indication of intent to sign. Legal concept defined by ESIGN, UETA, PIPEDA. Does not require cryptography. Valid for the vast majority of business contracts.
A cryptographic mechanism using PKI and X.509 certificates. A subset of electronic signatures. Required for eIDAS qualified signatures in the EU.
An electronic signature is a broad legal concept: any electronic symbol, sound, or process attached to a document to indicate intent to sign. This includes typed names, drawn signatures, and clicked checkboxes. A digital signature is a specific cryptographic mechanism: it uses asymmetric key cryptography (a private key to sign, a public key to verify) and an X.509 certificate issued by a certificate authority. A digital signature is a type of electronic signature — but not all electronic signatures use digital signature cryptography.
Yes, for most jurisdictions and use cases. Under the US ESIGN Act and UETA, an electronic signature does not need to use cryptographic digital signature technology to be legally enforceable — it needs to demonstrate intent to sign and be attributable to the signer. A well-implemented e-signature service provides this through audit trails, IP logging, OTP identity verification, and document hashing. The legal validity comes from the evidence chain, not the cryptographic mechanism.
A PKCS#7 (CMS) seal is a digital signature applied over the entire sealed document by the e-signature service after all signers have completed. It uses an X.509 certificate held by the service. This proves: (1) the document has not been altered since the service sealed it, and (2) the seal was applied by a specific identified entity. It is not a per-signer PKI certificate — each signer's identity is proven through OTP verification and the audit trail, not through individual certificates. GetSigned applies one service-level PKCS#7 seal on completion.
A qualified electronic signature (QES) under eIDAS in the EU requires a digital signature backed by a qualified certificate from a trust service provider and created by a qualified signature creation device. QES has the same legal effect as a handwritten signature across EU member states. GetSigned does not produce QES — it produces legally valid standard electronic signatures for PIPEDA, ESIGN, and UETA. If your use case requires QES (certain EU legal instruments, notarial acts), GetSigned is not the right tool.
Yes — at the service level. When all signers have completed, GetSigned applies a PKCS#7 digital signature over the sealed PDF using a CA-issued X.509 certificate. This detects any byte-level tampering with the final document. Individual signers do not require their own PKI certificates; their identity is established through OTP verification and captured in the hash-chained audit log.
Informational only — not legal advice. Consult qualified counsel for advice specific to your jurisdiction and use case.