What is the most important difference between a handwritten signature and a digital signature with respect to verifying the document's content?
A handwritten signature is independent of the content — the same scribble looks identical regardless of what's typed above it. A digital signature is cryptographically bound to the content — change one byte and the signature is invalid.
Practical implications:
| Handwritten | Digital | |
|---|---|---|
| Content change after signing | Undetected — text can be edited/added above the signature line | Instantly detected — hash changes → signature fails |
| Forgery of signature | Difficult but possible to imitate the scribble | Computationally infeasible (with proper crypto) |
| Verification | Subjective — human eyeball comparison or expert graphology | Objective — VERIFY returns OK or NOK |
| Across documents | Same scribble for every document signed | Different signature per document (because the hash is different) |
| Legal weight (with proper trust) | Same | Same (qualified electronic signature) |
The "blank pages above the signature" trap: because handwriting is content-independent, the classic con is to have someone sign the last page of a contract — then swap out the earlier pages. With digital signatures this attack is impossible: the signature covers the entire document.
Conversely, the "I never signed this" repudiation is much weaker against a properly-implemented digital signature: only someone with the private key could have signed it. (Of course, if your private key got stolen, the legal situation gets messy — that's why secure key storage matters.)
Tip: When digitising signed paper contracts, the digital signature should be made anew over the scanned + OCRd PDF — don't just scan the wet-signed paper and call it digital. The scan provides no integrity protection.