Authenticity

Are the signatures authentic?

Yes. The signature is signed using Sign with Singpass. The signing certificates are issued by Assurity, an Accredited Certificate Authority under the Electronic Transactions Act (2010), and signatures made using Sign with Singpass are recognised as Secure Electronic Signatures.

How to verify signatures?

You can refer to guide on verifying signatures.

"Certificate validity is unknown"?

If you see "Certificate validity is unknown", this is because you do not have the Singpass root signing certificate on your device. Please refer to this guide to install the Singpass root signing certificate.

Can the signed document be edited?

After a document has been signed, if there are any edits made, there will be a warning that the signed document has been edited after it was signed, when you open the file in Adobe PDF reader.

You will also be able to see the exact copy of the document that was signed, before the changes were made.

Will the signature expire?

Signatures do not expire. Documents are signed by Signify using the PDF Advanced Electronic Signatures Long-Term Validation (PAdES-LTV) standard.

If a signer migrates, will the signature still be valid?

Yes. The document can be traced back to the signer.

What is the difference between Signify and FormSG + Singpass?

Signing in through Singpass on FormSG only provides Ordinary Electronic Signatures (OES) and not Secure Electronic Signatures (SES).

Difference between Secure Electronic Signatures and Ordinary Electronic Signatures?

Ordinary Electronic Signatures (OES) is a broad category that refers to electronic signatures that are not SES.

The key difference between a secure electronic signature and an ordinary electronic signature is that while both are accorded legal effect under the ETA, only secure electronic signatures are accorded the following presumptions:

  • It is the signature of the person to whom it correlates;

  • It is affixed by that person with the intention of signing or approving the electronic record; and

  • It is authentic and has integrity.

Login with Singpass in Signify provides proof of identity, since the login is verified against his Singpass account.

These presumptions are important in disputes over the validity of electronic signatures, as they will automatically apply for secure electronic signatures. The disputing party will then have to adduce evidence to the contrary if it is claiming that the electronic signature is not valid.

Source

A digital signature consists of a transformation of an electronic record using an asymmetric cryptosystem and a hash function such that a person having the initial untransformed electronic record and the signer’s public key can accurately determine whether the:

  1. transformation was created using the private key that corresponds to the signer’s public key and

  2. if the initial electronic record has been altered since the transformation was made.

The digital signature is not the picture that we see affixed on the document. The signature is the electronic record behind the image. Hence, a printed copy of the document is not valid as the digital signature cannot be authenticated.

This is true for all platforms and all digital signatures governed under the Electronic Transactions Act.

If I password protect the document, will it alter the electronic signature?

Yes, PDFs uploaded onto Signify cannot be password protected, as this will change the file and make the signature invalid.

Last updated