PDFSignatureValidator logo PDFSignatureValidator Validate

What Is a Digital Signature?

A plain-English guide to how digital signatures work, why they prove a document is genuine and unchanged, and how they differ from ordinary electronic signatures.

A digital signature is a cryptographic mechanism that proves a document came from a particular signer and has not been altered since it was signed. It is the digital equivalent of a tamper-evident wax seal, except that instead of relying on the physical difficulty of forging a seal, it relies on mathematics that are, in practice, impossible to fake. When you open a digitally signed PDF, whether an Aadhaar e-PDF, a GST certificate, an offer letter, or a contract, that signature is what lets anyone confirm the file is authentic.

The two guarantees: authenticity and integrity

Every digital signature provides two distinct assurances at once. Authenticity answers "who signed this?": the signature is tied to a certificate that identifies the signer. Integrity answers "has anything changed?": if a single character, pixel, or byte of the signed content is modified afterwards, the signature breaks. Together these mean that a valid digital signature tells you both that the document genuinely came from the named signer and that what you're reading is exactly what they signed.

How it works: public-key cryptography

Digital signatures are built on public-key (asymmetric) cryptography. The signer holds a matched pair of keys: a private key that only they possess, and a public key that anyone can see. These keys are mathematically linked so that something processed with the private key can only be verified with the corresponding public key, and vice versa.

When a document is signed, the software first computes a hash, a short, fixed length fingerprint of the entire document produced by an algorithm such as SHA-256. Even a tiny change to the document produces a completely different hash. The signer's private key then encrypts that hash, and the result is embedded in the file as the signature, along with the signer's certificate.

To verify the signature, anyone can recompute the document's hash, use the signer's public key (from the embedded certificate) to decrypt the signed hash, and compare the two. If they match, the document is intact and the signature genuinely came from the holder of the private key. If they differ, the document was changed or the signature is invalid. This is exactly what our PDF signature validator does, entirely inside your browser.

Certificates and trust chains

A signature is only as meaningful as the identity behind it. That identity comes from a digital certificate (an X.509 certificate) that binds the signer's name to their public key. But how do you trust the certificate itself? Certificates are issued by Certifying Authorities (CAs), and each CA's certificate is in turn signed by a higher authority, forming a trust chain that leads up to a root certificate. In India, that root is operated by the Controller of Certifying Authorities (CCA). If a signer's certificate chains up to a root your software trusts, the signature is shown as trusted; if not, you may see a "validity unknown" warning even though the signature math is perfectly correct.

Digital signature vs. electronic signature

The terms are often confused. An electronic signature is a broad legal concept: any electronic mark indicating intent to sign, such as a typed name, a scanned image of a handwritten signature, or a checkbox that says "I agree". A digital signature is a specific, cryptographic technology. All digital signatures are electronic signatures, but most electronic signatures are not digital signatures. The difference matters: a typed name can be copied and a document edited with no trace, whereas a digital signature mathematically detects any change.

Where you'll encounter digital signatures

  • Aadhaar e-PDFs: signed by UIDAI to prove the document is genuine.
  • GST and tax documents: registration certificates and filings signed by government systems.
  • Company filings and tenders: signed with a Digital Signature Certificate (DSC).
  • Contracts and agreements: signed by individuals or organisations to bind the terms.
  • Invoices and statements: banks and vendors increasingly sign these for authenticity.

Are digital signatures legally valid?

In most jurisdictions, yes. Frameworks like India's Information Technology Act, the US ESIGN Act, and the EU's eIDAS regulation give legal recognition to digital signatures backed by appropriate certificates. A signature created with a certificate from a licensed CA generally carries the same legal standing as a handwritten signature. The precise weight depends on the certificate class and local law, so for high-stakes documents it's worth confirming the requirements with the relevant authority.

How to check a digital signature yourself

You don't need specialist software. Upload any signed PDF to our free PDF signature validator and it will extract every signature, verify the cryptography, parse the signer's certificate, and tell you whether the document is valid and unchanged, all locally in your browser, with nothing uploaded. If you want to understand a specific result, see how to check a PDF signature or why a signature might show as not valid. You can also sign a PDF yourself to see the whole process end to end.

Related tools & guides

PDF Signature Validator How to check a PDF signature Digital Signature Verifier Sign a PDF Why is my signature not valid?

Frequently asked questions

What is a digital signature in simple terms? +

A digital signature is a cryptographic seal attached to a document that proves two things: who signed it (authenticity) and that it hasn't changed since (integrity). If even one byte of the document is altered after signing, the signature no longer matches and any validator flags it.

Is a digital signature the same as an electronic signature? +

No. An electronic signature (e-signature) is any electronic indication of intent, including a typed name or a drawn squiggle. A digital signature is a specific, cryptographic type of e-signature that uses a certificate and public-key cryptography, making it tamper-evident and verifiable.

Is a digital signature legally valid? +

In most countries, yes. Digital signatures backed by a certificate from a licensed Certifying Authority are legally recognised, for example under the IT Act in India, the ESIGN Act in the US, and eIDAS in the EU. The exact legal weight depends on the type of certificate and jurisdiction.

What is a Digital Signature Certificate (DSC)? +

A DSC is a certificate issued by a licensed Certifying Authority that binds a person's or organisation's identity to a public/private key pair. It's what you use to apply a legally recognised digital signature, and it's commonly required for filing taxes, tenders, and company filings in India.

How can I check if a digital signature is valid? +

Upload the signed PDF to our PDF signature validator. It recomputes the document hash, verifies the signature against the signer's certificate, and reports whether the signature is valid and the document unchanged, all in your browser.