How do our Digital Signatures work?
Last updated
Was this helpful?
Last updated
Was this helpful?
A digital signature is a type of electronic signature created using asymmetric or public key cryptography. Unlike traditional signatures, digital signatures are not directly visible on electronic records (e.g. a PDF of the contract). Instead, a cryptographic hash is embedded within the record itself. However, a visual representation is often included when the record is printed.
Digital signatures ensure the integrity of an electronic record. If the record is altered or tampered with in any way, the digital signature becomes invalid because the cryptographic integrity is compromised. Conversely, if the record remains unchanged, the signature remains valid.
The integrity of digital signatures can easily be verified via standard PDF document readers, which will check that the document has not been modified since it was signed. Find out more about verifying digital signatures made with Sign .
Attaching a digital image of a handwritten signature to an electronic document.
Using a finger or stylus to draw a signature on a touchscreen.
Typing a name at the end of an electronic document.
Selecting an "I agree" checkbox.
In Singapore, digital signatures may either be regarded as ordinary electronic signatures (OES) or secure electronic signatures (SES).
Why is it important to that your digital signature is considered SES?
Secure Electronic Signatures (SES) benefit from a rebuttable presumption of authenticity and integrity under the law.
This means that, in the event of a dispute, this shifts the responsibility to the opposing party to provide evidence disproving the authenticity or integrity of the SES.
For a digital signature to be considered a SES, in addition to being tamper-proof, it must also be:
unique to the person using it;
capable of identifying such person; and
created in a manner or using a means under the sole control of the person using it
❌ All other electronic or digital signatures that do not meet this criteria are considered OES. This is because the process of signing is less secure, which may make establishing the authenticity of the signature difficult in the future. For example, an impersonator might mimic the declarant by placing an image of their signature that they obtained from some other source, or by typing their name on a statutory declaration. Detecting such impersonation can be difficult for the person requesting the signature, especially if it is their first time meeting the person, or if the signing is done remotely (e.g. via email, online platforms, etc).
Digital signatures are resistant to tampering or forgery. While a wet ink signature can be scanned and tampered with or forged, digital signatures cannot be modified or forged once created, as they are cryptographically linked to the signed document through a hash.
Digital signatures are directly embedded into the document's metadata, and provide additional safeguards beyond a visual representation, unlike traditional wet-ink signatures. The authenticity of Sign with Singpass signatures can be verified via standard PDF document readers, which will check that the document has not been modified since it was signed.
Sign with Singpass signatures use Public-Key Infrastructure (PKI).
Public Key Infrastructure (PKI) involves the use of a pair of cryptographic keys: a private key (kept secret by the signer, on the Singpass app) and a public key (embedded in the Singpass signing certificate). The private key is used to create a digital signature, which is a unique encrypted code tied to the document. The public key can be used by anyone to verify the authenticity of the signature. GovTech issues the Singpass signing certificate, which verifies that the identity of the signer is bound to the public key.
This process ensures that only the holder of the private key is able to sign the document, ensuring its authenticity.
✅ Signatures created through Sign are regarded as Secure Electronic Signatures under the .
Find out more about verifying digital signatures .
