Document integrity and digital signatures
A digital signature seals the signed document to protect it against tampering.
What is document integrity?
For both paper and digital documents, integrity protection is a key requirement. You can retain a paper original, but anyone could easily manipulate an electronic document and claim it’s the original. This makes the integrity aspect even more important when you use electronic signatures.
Document integrity means that in the event of a dispute, you can prove that:
- no one has altered the original document
- the document you’re presenting isn’t a forgery
To ensure integrity, as soon as a document is electronically signed, Scrive seals it with a digital signature in partnership with our supplier Guardtime. Guardtime uses a method called Keyless Signature Infrastructure (KSI), which uses blockchain technology. Once a document has been sealed with KSI, you can verify its integrity immediately, a year later, even decades later.
What does it mean to “sign”?
Before moving forward, let’s clear up a common source of confusion regarding electronic and digital signatures:
- A document signatory, such as a person signing an agreement, creates an electronic signature when they sign the document by clicking to sign, or drawing their signature and then clicking to sign.
- A digital signature is like a fingerprint that is unique to that document. Guardtime applies a digital signature when they seal a Scrive document to make it tamper-proof and forgery-proof. As with our own human fingerprints, it’s impossible for any other document to have that same digital signature.
What a digital signature is not:
- a method for encrypting documents: anyone can view your sealed document with a PDF viewer
- a method for securely archiving your documents: backup and storage is your responsibility
To learn more about the difference between these two terms, see our guide: Electronic vs. Digital signatures – Is there a difference?
Keyless security
Scrive has chosen KSI rather than PKI (Public Key Infrastructure), which is the most common method.
PKI works on the model of a trusted party that issues certificates and keys to parties who want to protect the integrity of their documents. The issued keys and certificates are used to seal documents. These keys and certificates can be traced back to the trusted party, and trustworthiness is assigned to that party. This is a well-known and relatively straightforward way of sealing documents.
A notable disadvantage of PKI is that the seal becomes more vulnerable to forgery over time, as the possibility increases that someone could mathematically break the seal. As an analogy, a thief trying to break into someone’s bank account using their ATM card would have an increasing chance of success if the ATM didn’t limit them to three attempts to guess the 4-digit PIN.
KSI is not based on certificates and keys, hence keyless, and doesn’t rely on third parties. And unlike PKI, KSI seals become stronger over time because KSI is based on blockchain technology. With KSI, a unique fingerprint of each document is generated and then published in a way that allows you to verify with absolute certainty that your document:
- has not been altered in any way
- was created on the same date and at the exact time indicated on the document.