What is the difference between a digital signature and an electronic signature?

An electronic signature is any digital mark indicating agreement — a drawn signature, typed name, or checkbox click. A digital signature is a specific technical implementation using public key cryptography and a certificate. Digital signatures are verifiable, tamper-evident, and provide cryptographic proof of identity and signing time. For most business documents, an e-signature suffices; for regulated or high-stakes documents, a digital signature is required.

Is a digital signature from Dokk.ai legally valid in the EU?

Yes, for Advanced Electronic Signatures (AdES) signed with a valid certificate from a qualified trust service provider listed on an EU member state's trusted list. For Qualified Electronic Signatures (QES), you need a certificate from a Qualified Trust Service Provider (QTSP) — the legal effect is equivalent to a handwritten signature under eIDAS.

Where do I get a signing certificate?

Certificates for legally binding signatures are issued by Qualified Trust Service Providers (QTSPs). In the EU, each member state publishes a national trusted list of approved providers. For business use, your country's national digital identity scheme or commercial providers like DocuSign, GlobalSign, or DigiCert issue suitable certificates.

Is my private key safe when I upload my certificate?

Your certificate file is loaded into memory for signing and discarded immediately after. It is never written to persistent storage, never logged, and never transmitted beyond the signing process. Dokk.ai cannot access or reuse your private key after the session.

What is a trusted timestamp and why does it matter?

A trusted timestamp from an RFC 3161 authority cryptographically records the exact date and time of signing, signed by a neutral third party. This proves the document was signed before a specific moment in time — useful if the validity of a certificate is later questioned or revoked after signing.

Can multiple people sign the same document?

Yes. Each signer uploads the document and their own certificate and signs. Multiple signatures are embedded in the PDF in sequence. The signature panel in Acrobat shows all signatories and the order they signed. If any signature is invalid, Acrobat flags it individually.

What happens if the document is modified after signing?

The signature becomes invalid. Any PDF reader that checks the signature will show a red 'document has been modified after signing' warning. This tamper-evidence is a core property of digital signatures — it guarantees the document's integrity after signing.

What is LTV (Long-Term Validation) and is it supported?

LTV embeds the full certificate chain, OCSP responses, and CRL data inside the PDF at signing time. This means the signature can be verified in the future even if the certificate has expired and its issuing CA is no longer publicly accessible. Dokk.ai embeds LTV data by default for all digital signatures.

Can I sign a PDF form that was filled using Fill & Sign?

Yes. The recommended workflow is: fill the form using Fill & Sign, then apply a certificate-based digital signature using Digital Sign. This combines the simplicity of form filling with the legal assurance of a PKI signature.

Does the tool work with self-signed certificates?

Yes, technically. A self-signed certificate will produce a valid cryptographic signature, but Acrobat Reader will show a yellow warning because the certificate is not from a trusted CA. For legally binding purposes, use a certificate from a recognised trust service provider.

සියලු මෙවලම්

ඩිජිටල් අත්සන

Premium+

PKCS#7 ක්‍රිප්ටොග්‍රැෆික් අත්සන

1උඩුගත කරන්න

2වින්‍යාස කරන්න

3සකසන්න

Drop file here

PDF, Word, Excel, PowerPoint, images up to 25 MB

ප්‍රධාන විශේෂාංග

PKCS#7/CMS (PAdES) certificate-based signatures
Supports Advanced and Qualified Electronic Signatures
Upload PKCS#12 (.p12/.pfx) personal certificates
RFC 3161 trusted timestamp by default
Signature verification embedded in PDF output
Tamper-evident — any modification invalidates signature
Multi-signatory workflows with sequential signing order
Visual signature representation on the page
Long-term validation (LTV) data embedded
Works with certificates from any qualified trust service provider
Signature reason and location metadata
Certificate chain validation before signing
Batch signing for multiple documents
Private keys processed in memory only — never stored

භාවිත අවස්ථා

Signing cross-border commercial contracts under eIDAS
Government tender and procurement submissions
Regulated financial institution document signing
Healthcare provider consent and clinical trial authorisations
Legal notarisation of digital documents
Accounting firm client report sign-off
Real estate transaction document signing
Insurance policy issuance and claims
Pharmaceutical regulatory submission signing
High-value purchase agreements requiring qualified signatures

භාවිත කරන ආකාරය

1Upload the PDF document you need to sign.
2Upload your PKCS#12 certificate file (.p12 or .pfx) and enter the certificate password. The private key is used in memory for signing and is never stored.
3Configure signature metadata: signing reason, location, and whether to apply a visible signature appearance on the page.
4Click Sign Document. The tool creates a cryptographic hash of the PDF, signs it with your certificate, and embeds the signature with a trusted timestamp.
5Download the signed PDF. Open it in Acrobat Reader to verify the signature panel shows a green checkmark confirming the signature is valid and the document has not been modified.

For most everyday documents, an electronic signature is sufficient. But for regulated industries, cross-border legal agreements, government filings, and any document where you need to prove that specific person signed a specific version of a specific document at a specific moment in time, a certificate-based digital signature is what the law and the standard require. Dokk.ai's Digital Sign tool implements PKI-based PDF signatures using PKCS#7/CMS (PAdES format), the standard mandated by EU eIDAS for Advanced and Qualified Electronic Signatures. When you sign a document, the tool creates a cryptographic hash of the PDF content, encrypts it with your private key, and embeds the signature along with your public certificate in the PDF. Any PDF reader can verify this signature independently by decrypting the hash with your public key and confirming it matches the current document state. This architecture makes the signature verifiable by anyone, offline, without trusting Dokk.ai or any intermediary. A modified document fails verification immediately — even a single changed character invalidates the signature. This tamper-evidence is what distinguishes digital signatures from scanned signatures or drawn e-signatures. Dokk.ai supports multiple signing scenarios. Upload your own PKCS#12 (.p12 or .pfx) certificate from a qualified trust service provider. For organisations without individual certificates, the platform supports signing with organisation-level certificates. A trusted timestamp from an RFC 3161 timestamp authority is applied by default, cryptographically proving the signing time. After signing, use the Flatten tool to merge visual signature representation into the page, or Encrypt PDF to add a password layer. Fill & Sign handles the earlier document completion step if the document is also a form. Certificate management settings let you store and manage your certificates for reuse across multiple signing sessions. All private keys are processed in memory only and never written to disk or stored in any form.

නිතර අසන ප්‍රශ්න

ආරක්ෂාව සහ පෞද්ගලිකත්වය

Private keys from uploaded certificates are processed in memory only and never written to disk or logged. Certificate files are deleted immediately after signing. The signed PDF is available for download for 1 hour before deletion. TLS encryption in transit. Dokk.ai does not retain certificates or signing credentials.