问题
For fun, I recently build a e-signature web app to allow users to add a handwritten signature to PDF (IE signing a TOS agreement).
It only took a couple minutes of research to realize my method of just added a written signature image to a PDF probably wouldn't hold up very well in a legal dispute.
A cryptographic digital signature is needed to verify the identity of the signee as well as ensure the document has not been altered since signing.
It got me wondering how companies like Docusign can provide digital signatures without having a certificate from the signee.
I found this marketing heavy explanation where it says that they are considered a trusted CA themselves.
Does this mean Docusign is issuing certificate to the users who are signing for them to sign with?
Even that you just need a link to a document envelope to sign (in most cases), this doesn't seem very meaningful.
UPDATE
Looks like you can "verify" signatures using acrobat reader to see the details. I opened up a PDF that I recently signed on Docusign and it appears that docusign is the signing identity?
Maybe I'm confusing "adding an e-signature" with "digitally signing", but shouldn't I be the Signed By __ identify?
来源:https://stackoverflow.com/questions/62551037/how-do-e-signature-companies-create-valid-digital-signatures