Summary

‍

• Agrello signatures are electronic signatures based on the cryptographic algorithms and mutually trusted identities of signers.
• When the user signs the document with Agrello's signature, we add Agrello’s e-seal and the signer’s name on whose behalf the document was signed. This is the most common approach to signing PDF documents nowadays.
• Agrello platform also supports Mobile-ID and Smart-ID signatures where the identity of the signer is based on government-issued digital identity certificates.
• Electronically signed documents can be formatted in two ways in Agrello: as PDF documents, where the signature is stored in the special part of the PDF document (”Signature dictionary”), or ASIC, which is the compressed container (ZIP) that contains signed files and digital signatures.
• In the case of PDF documents, users can validate electronic signatures using Adobe Acrobat Reader. It gives an overview of the content of the digital signature and checks whether the content of the PDF is the same as at the time of signing.

‍

The latest updates of the Agrello platform in June 2022 brought some changes to the electronic signing methods we use on our platform. Since the latest updates, Agrello supports electronic signatures embedded directly into the PDF files. In addition, Agrello supports ASIC formatted documents, where digital signatures and files are “zipped” together into one .asice file.

Furthermore, in the PDF case, we support signing with Agrello’s own signatures, Smart-ID signatures, and Mobile-ID signatures. Seems quite a lot of options, for a simple task. So why is it all necessary?

But first, let’s take a few steps back and talk about what digital signatures are in principle.

‍

‍

Securing the signature in the digital age

From ancient times, the signature is usually considered a visual mark on the document that confirms the fact that the person who signed it has knowingly underwritten the document. In digital times, the same approach was initially used - placing the visual image of the handwritten signature on the document.

‍

However, in the digital age, it is fairly simple to either copy the visual image of the signature and put it into another document or even change the document content after somebody put that signature in the document.

These problems lead to the invention of cryptographic signatures - an array of cryptographic methods to make sure that a) the document has not been changed after the person signed it and b) that nobody else but the signer could give the digital signature.

Here in Agrello, we have only utilized cryptographic signatures from day one. However, over time we have developed more and more signing methods to make the signing process simpler and easier for the user.

‍

Fast and easy or more secure?

‍

Making a signature very secure has its drawback on ease of use. The most secure electronic signatures are based on the physical ID cards or USB sticks, where the user identity certificate is stored and to sign the document the user needs to pair this card with the computer beforehand.

Nowadays, when everybody is quite busy and time is essential, all that hassle is not something people really want to go thru unless pushed. So, people are willing to sacrifice a bit of security in order to gain more time.

This understanding has led to the expansion of our supported signatures portfolio from the easiest to the securest to allow our users to choose the best option for their case.

The easiest and simplest signature method we offer is Agrello’s own signature. For these electronic signatures, we make sure that the document is not changed after signing, but we do not require the signer to have the government-backed digital identity certificate in place. It is a suitable signing method for most business contracts and it is definitely the fastest way to sign the contracts.

In addition to that fast and easy, we also provide options to sign documents with secure mobile identities provided by Mobile-ID and Smart-ID. Both of these options are based on the digital identity certificates issued by the governments of the Baltic states: Estonia, Latvia, and Lithuania.

While Mobile-ID is based on the specifically modified SIM card inside your mobile phone, Smart-ID is a secure mobile app that stores your digital signing certificate. Both of these options require the user to enter PIN codes to confirm their signatures. And both of these options result in Qualified Electronic Signatures, which by the EU law are equal to handwritten signatures.

‍

‍

How do Agrello signatures work?

‍

Let’s explore Agrello’s signatures a bit deeper. For a starter, Agrello’s signature can be used only for PDF formatted output. The PDF file has a unique internal structure where the electronic signatures can be added without changing the texts and images you have in the file. In most cases,  the electronic signature is added with the visual appearance of your handwritten signature, but it is not mandatory to make the signature valid.

Since the signature inside the PDF has this reserved “space” inside the file, Agrello can create a cryptographic fingerprint of the rest of the file content and connect it to the signature given. So if someone wants to change the content, the signature becomes invalid automatically.

The other side of the signature, the signer identity, is a bit trickier to secure. In an ideal world, the rules of cryptography require that the signer has a personal signing certificate, that in turn is issued by the Authority (eg. a Government approved institution or company). However - that makes a system very centralized and slow to operate. This works best in highly digitized societies, where every citizen already has such a digital certificate, for example in Estonia. But in most countries, such advanced digital certificates do not exist. Therefore the parties who sign the contract, usually rely on mutual trust of identity.

Agrello’s signatures are based on that mutual trust principle - if you invite someone to sign the contract by adding their email to the document, you already trust that the person who has access to that email is the person who should sign the document. Therefore, we do not require adding a personal secure signing certificate to create the signature.

But the algorithms of cryptography still dictate that the signing certificate is needed. So how do we solve this problem then? Very simply actually.

Agrello uses its own signing certificate instead to make the cryptographic equations work.  In order to link the signature to the person’s identity, Agrello adds the name of the signer who actually signed to the signature data. That is quite common approach among e-signing solution providers nowadays.

‍

‍

Agrello creates its signing certificates by itself at the moment. We are using industry standards and best practices to create such certificates. But since it is self-created, Adobe Acrobat Reader shows our signature as yellow initially.  Officially it means that the source of trust towards such signature does not come from the certified authority and if the user trusts such signing certificate, they should add it to their trusted certificates list.

In order to do that, simply click on Certificate Details under Signature Details and open up the Certificate Viewer dialog. Under the Trust tab, you can add our certificate to your own trust list.

‍

‍

PDF or ASIC, and how to read them?

PDF and ASIC are the two most common file formats at the moment, that allow users to exchange digitally signed documents. They are both officially recognized technical standards by the EIDAS regulation of the European Union.

‍‍‍We have covered the differences between those formats here, so you can learn more in detail about them.  Here, let’s just state the most important differences:

• PDF is a single digital file, where the digital signatures are “inside” the file itself. Therefore it is technically called “attached” signatures.
• ASIC is a type of compressed folder (like a .zip file), which contains originally signed files and separate XML files for digital signatures.
• ASIC is also unique in that sense, that it allows the signing of any type of digital file and furthermore, multiple files with a single signature.

Both of these digitally signed document types are now supported by the Agrello platform.

The biggest difference is how you can read and validate the signed content of both cases. Here, the PDF format has a huge global advantage - all you need is an Acrobat Reader to validate such signatures. Since it’s free software and needed anyway for previewing PDF files, it is found everywhere nowadays.

When you open a signed PDF document in Acrobat Reader, you can easily access the digital signature data by clicking on Signature Panel from the left-side navigation rail.

ASIC containers, however, have seen less luck in global distribution. It is well established in the Baltic states, but not so much in other countries. To read the ASIC container and validate its signatures you can download Digidoc4 Client software developed by the Estonian government for free from here.

‍
‍
Fast, secure, universal, or specific - your choice

By adding more methods we want to fulfill our vision that signing digitally should not be a hassle, but also should be secure and trusted. New signature methods should provide our users with options to choose the most suitable way of signing for their use case. Whether it means signing with Agrello signatures or Smart-ID, delivering output files as PDF or ASIC is up to our users depending on their specific case and regulatory requirements.

In the future, we will work on increasing the range of available high-security signature methods supported by different EU countries as well as optimizing the user experience of signers. While digital signing is and remains our core technology, we also continue improving our contract management functionality, extending team collaboration features, and expanding our public API and direct integrations.

Looking forward to seeing you try all that out on our platform and feel free to reach us thru support@agrello.org if you feel like something is missing and should be included on our roadmaps.

‍