Soho_Dan
asked on
Digital signature for MS office and PDF files
Hello, we have documents that are in Word, Excel and PDFs that we sent to our trustees to sign. They normally sign and scan the documents back to us via email. However, we wish to change this so that they can digitally sign the documents (Word, Excel and PDF) and email to us. What is the best way to do this? Thanks.
ASKER
How does Docusign work? Must we upload the document to Docusign server and store them there?
Yes, the docs are encrypted and temporarily stored there while there is an active request for signature. The thing is, typically it is the signer who needs to have a certificate to authenticate their signature. Since you don't want to burden or rely upon your trustees with that process, the certificate authority has to make the document available to the signer.
More details here:
https://support.docusign.com/en/articles/How-do-I-get-signatures-on-a-document-New-DocuSign-Experience
More details here:
https://support.docusign.com/en/articles/How-do-I-get-signatures-on-a-document-New-DocuSign-Experience
ASKER
Hi, what do you mean by the docs are temporary stored on the server?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Colleen, so this works with any type of documents such as, Word and PDFs?
So what if the hash is invalidated? Will the sender be notified or what happened at this point?
Btw, thank you for the explanation. I assume you work for Docusign?
So what if the hash is invalidated? Will the sender be notified or what happened at this point?
Btw, thank you for the explanation. I assume you work for Docusign?
I do not work for DocuSign, but have a few clients who utilize their site and I've signed agreements there. PKI (public key infrastructure) has been around for about 20 yrs but in the early days, required both sender and recipient have some measure of expertise about it.
You might check their FAQs regarding invalidated hash. Since they delete the signed document once it is returned to you (the signer cannot edit the document when they sign it), that would mean that someone in your organization edited it. They don't continually track the signed document that is in your custody. I assume that in a litigation event, you'd call them and they'd use the private and public keys to verify the hash is still valid and the document hasn't been edited. The content is the same as the day it was signed.
You might check their FAQs regarding invalidated hash. Since they delete the signed document once it is returned to you (the signer cannot edit the document when they sign it), that would mean that someone in your organization edited it. They don't continually track the signed document that is in your custody. I assume that in a litigation event, you'd call them and they'd use the private and public keys to verify the hash is still valid and the document hasn't been edited. The content is the same as the day it was signed.
ASKER
Thank you! Very informative and very helpful.
This requires a 3rd party certification authority who issues the keys and matches the hashes. That sounds cryptic. This page probably explains it better:
https://www.docusign.com/how-it-works/electronic-signature/digital-signature/digital-signature-faq
Typically, it is the person signing who must have a signature certificate, but that would be burdensome and probably not work very well in your case. DocuSign does allow you to distribute documents via their service and have the recipient "sign" the document in a browser window.
I've worked with several companies that have non-disclosure agreements signed this way.
Here's more details about digital signatures in Office documents:
https://support.office.com/en-us/article/Digital-signatures-and-certificates-8186cd15-e7ac-4a16-8597-22bd163e8e96