Imagine that you have been sent a document with an electronic signature. How can you be sure that the signature there is valid? There are a few important things to consider that are explained below.
Electronic signatures fall into 2 broad categories: 1) Simple electronic signatures and 2) Qualified or Advanced electronic signatures (Digital Signature) that are created according to international standards like ETSI.
Simple electronic signature validation
eIDAS regulation Article 3 (10) defines
‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;
Similar definitions are also in many other regulations in different countries.
Since this regulation is very broad then there are no exact steps on how to validate such simple electronic signatures and it goes case by case. In general the only practical way to validate this signature is to ask the service provider or entity who gave you this signature if this is valid.
With simple signatures it is very important to understand details. How was the signer identified and did he really want to sign?
To be absolutely sure if the simple electronic signature is valid then you can go to the court that makes the final decision on simple electronic signature validity based on the additional evidence provided.
Advanced and Qualified electronic signature validation
Internationally recognized standards exist for AdES(Advanced Electronic Signature) and QES(Qualified Electronic Signature). This makes the validation of these signatures very easy, independent of the vendor and possible also offline. Signature validation can be done independently because signature contains all the information needed to validate.
Majority of electronic signatures worldwide are applied to PDF files in PAdES format. Easiest way to validate these is in Adobe Acrobat Reader. When opening the signature panel then you see a list of electronic signatures, who has signed the document and is it qualified or trust is retrieved from AATL. Also if it is LTV (Long Term Validation) or not.
There are plenty of other signature validation solutions. You can use FoxIT reader, Estonian DigiDoc4 app, Latvian https://www.eparaksts.lv/, Lithuanian https://www.gosign.lt/en/documentupload/verification, InfoCert GoSign applications https://www.infocert.it/firma-infocert-it/installazione/ . This list goes on and on.
The European Union even has a special type of “Qualified validation service for qualified electronic signature” and there are 31 certified companies for that. If you use any of their services then they will guarantee that the signature is valid if they say so or they will cover all the damages to you that might come from their validation results. List of these validations can be see from here https://eidas.ec.europa.eu/efda/tl-browser/#/screen/search/type/3
