How do our Digital Signatures work?
Last updated
Was this helpful?
Last updated
Was this helpful?
Sign with Singpass uses signing certificates issued by GovTech. GovTech is a public certification authority under paragraph 3(b)(iii) of the Third Schedule to the Electronic Transactions Act 2010 (ETA).
Signatures created through Sign with Singpass are regarded as Secure Electronic Signatures under the ETA.
Public Key Infrastructure (PKI) involves the use of a pair of cryptographic keys: a private key (kept secret by the signer, on the Singpass app) and a public key (embedded in the Singpass signing certificate). The private key is used to create a digital signature, which is a unique encrypted code tied to the document. The public key can be used by anyone to verify the authenticity of the signature. GovTech issues the Singpass signing certificate, which verifies that the identity of the signer is bound to the public key.
This process ensures that only the holder of the private key is able to sign the document, ensuring its authenticity.
Find out more here:
Digital signatures are resistant to tampering or forgery. While a wet ink signature can be scanned and tampered with or forged, digital signatures cannot be modified or forged once created, as they are cryptographically linked to the signed document through a hash.
Digital signatures are directly embedded into the document's metadata, and provide additional safeguards beyond a visual representation, unlike traditional wet-ink signatures. The authenticity of Sign with Singpass signatures can be verified via standard PDF document readers, which will check that the document has not been modified since it was signed.
Find out more about verifying digital signatures .