PricingContact salesFree trialPricingSupportRequest a demo

Public And Private Key In Digital Signature Guide

  • Quick to start
  • Easy-to-use
  • 24/7 support

No credit card required
E-signature frame illustration

Award-winning eSignature solution

What a public and private key does in digital signature

A public and private key in digital signature is a matched pair of cryptographic keys used to sign and verify electronic records. The private key stays secret with the signer and creates the signature by locking a hash of the document. The public key is shared so others can verify that the signature came from the matching private key and that the document has not changed. In U.S. eSignature workflows, this supports identity, integrity, and nonrepudiation without relying on paper.

Why public and private keys matter legally

They help preserve document integrity, speed approvals, and support defensible attribution. Under ESIGN and UETA, an electronic signature can be legally effective when the signer’s intent and record integrity are shown, and a cryptographic signature helps support that evidence.

Why teams look for DocuSign alternatives

Common issues with public and private keys

  • Private key loss can prevent future signing or verification if the key is not backed up or managed securely.
  • Weak authentication can make it harder to prove who actually controlled the signing action.
  • Certificate expiration or revocation can break validation if revocation status is not checked.
  • Document changes after signing can invalidate the signature and create dispute risk.

Who uses public and private keys

Contract workflows

Used for contracts, approvals, and records where signer identity and document integrity matter.

Regulated records

Used for forms, disclosures, and regulated records that need audit-ready electronic evidence.

be ready to get more
Get legally-binding signatures now!
  • Best ROI. Our customers achieve an average 7x ROI within the first six months.
  • Scales with your use cases. From SMBs to mid-market, airSlate SignNow delivers results for businesses of all sizes.
  • Intuitive UI and API. Sign and send documents from your apps in minutes.

Typical users and real-world roles

  • Real estate teams use cryptographic signatures for lease packets, closing documents, and rental applications. signNow customer stories in property workflows emphasize faster execution, mobile signing, and fewer paper delays across distributed offices and field teams.
  • Healthcare operations leaders use them for consent forms, intake packets, and patient authorizations. signNow customer stories and healthcare use cases align with HIPAA workflows, BAA requirements, and secure audit trails for desktop and mobile signing.

Key features of cryptographic signatures

Cryptographic signing adds identity, integrity, and traceable evidence to electronic records while keeping the workflow simple for signers and administrators.

Integrity

Creates a tamper-evident record that helps show the document was not altered after signing.

Attribution

Supports signer attribution by linking the signature to the private key holder.

Faster review

Speeds approvals by replacing manual paper routing with electronic verification.

Audit evidence

Preserves evidence for disputes with time-stamped signing history and document metadata.

Device flexibility

Works across desktop and mobile signing flows without changing the legal record.

Controlled workflows

Fits regulated workflows that need controlled access, traceability, and retention support.

Integrations that connect signing workflows

Connected systems move signed records into the tools teams already use, reducing duplicate entry and keeping approvals tied to the source record.

Salesforce
Procore
Zapier
Microsoft Teams
Hub spot
Box

How the signature process works

The signing process follows a simple cryptographic sequence that creates a verifiable record and lets recipients confirm authenticity later.

  • Private key signs: The signer creates a signature with the private key.
  • Hash is created: The document hash is generated before signing.
  • Public key checks: The public key verifies the signature and hash.
  • Tamper check: Any change breaks verification and flags tampering.

Quick steps to send a signature request

Use a short workflow to prepare the file, route it to the right signer, and confirm completion in the record.

  • Prepare file:

    Upload the document you need signed.
  • Assign signers:

    Choose the signer and signing order.
  • Send request:

    Send the request through signNow.
  • Check completion:

    Review the completed record and audit trail.

Recommended setup for secure signing

Use a controlled signing setup that supports attribution, record integrity, and retention for regulated U.S. document workflows.

SettingRecommendation
Authentication methodSMS OTP with identity checks
Signature typeCryptographic digital signature
Audit trailTime-stamped event log
Document retention6 years for HIPAA records
EncryptionTLS 1.2/1.3 and AES-256

Platform requirements for signing access

signNow works across major desktop browsers and mobile devices, with secure transport required for login, document access, and signing actions.

  • Desktop browsers Chrome, Firefox, Safari, and Edge on Windows and macOS.
  • Mobile devices iOS and Android mobile apps for signing on the go.
  • Connection security TLS 1.2 or TLS 1.3 required for secure access.

For regulated deployments, use managed Windows or macOS devices, current Chrome, Firefox, Safari, or Edge versions, and mobile apps on iOS or Android. Admins should also plan for SSO, API access, and retention controls when documents fall under HIPAA, 21 CFR Part 11, or internal policy requirements.

Security and compliance safeguards

Transport security:

Encrypts data in transit with TLS 1.2/1.3.

Data at rest:

Encrypts stored data with AES-256.

SOC 2 Type II:

Supports SOC 2 Type II controls.

HIPAA support:

Supports HIPAA workflows with a BAA.

Legal framework:

Supports ESIGN and UETA compliance.

ISO 27001:

Certified to ISO 27001.

Real-world examples from signNow customers

Customer stories show how controlled signing, integrations, and audit-ready records fit practical business workflows across industries.

NetSuite operations

A NetSuite operations leader needed the right signatures on the right documents in the right formats.

  • Kodi-Marie Evans at Xerox used signNow with NetSuite.

The workflow reduced format mismatches and helped route documents through the correct approval path with better control over signature placement and record handling.

Real estate operations

A property founder needed online execution for leases and related forms across mobile and offline workflows.

  • Tim Martin at Martin Properties used signNow for compliance-focused document execution.

The process supported faster turnaround, mobile access, and a clearer audit trail for property documents that needed reliable execution and retention.

Best practices for secure signing

Good key management and recordkeeping reduce disputes, support compliance, and make electronic signatures easier to defend in regulated workflows.

Protect private keys carefully

Store private keys in controlled environments and limit access to authorized administrators only. Use role-based permissions, strong authentication, and documented recovery procedures so key loss or misuse does not interrupt signing operations or weaken evidence.

Match verification to risk

Use signer verification that matches the document risk. SMS OTP may fit routine approvals, while higher-risk transactions may need stronger identity checks, such as ID verification or two-factor authentication, to support attribution and dispute defense.

Preserve complete audit evidence

Keep audit trails complete and exportable. Record signer identity, timestamps, IP data when available, and document history so the final record can support ESIGN, UETA, HIPAA, or 21 CFR Part 11 review if needed.

Define retention before launch

Set retention rules before rollout. Align storage, access, and deletion with HIPAA, financial recordkeeping, or internal policy so signed records remain available for the required period and can be retrieved without altering the original file.

Risks of improper key handling

Weak attribution

Document may be harder to defend in court.

Tamper risk

Signature can fail after file changes.

Missing trail

Audit evidence may be incomplete.

HIPAA exposure

PHI handling may violate HIPAA.

What happens inside the audit trail

The audit trail records each signing event so teams can review identity, timing, and document integrity after completion.

01

Signer authentication:

Verifies the signer before the signing event.
02

Timestamp capture:

Records the exact time of each action.
03

Document hashing:

Creates a hash of the signed file.
04

Tamper-evident sealing:

Locks the record against later changes.
05

Audit log storage:

Stores the event history with the document.
06

Trail retrieval:

Exports the trail for review or evidence.

Rollout and retention timeline

Plan the rollout alongside retention and compliance rules so the signing process stays usable and defensible over time.

Day 0:

Set up the account, authentication, and retention rules.

Day 1:

Send the first document for signature.

Week 1:

Onboard the full team and review permissions.

7-day trial:

Free trial ends after 7 days.

HIPAA retention:

Keep signed PHI records 6 years per 45 CFR 164.530(j)(2).

21 CFR Part 11:

Maintain secure audit trails and validation records.

ESIGN and UETA:

Electronic signatures remain legally effective when intent and attribution are shown.

Annual review:

Recheck access, retention, and certificate settings each year.

Pricing and feature snapshot

Pricing and feature notes reflect verified annual-billing entry tiers and published plan details available in the provided data.

Plan / FeaturesignNowDocuSignAdobe SignPandaDocHelloSign
Starting price$8/user/mo$15/user/mo$14/user/mo$19/user/mo$15/user/mo
Free trial7-day trialNot verifiedNot verifiedNot verifiedNot verified
Bulk sendBusiness PremiumNot verifiedNot verifiedNot verifiedNot verified
Audit trailIncludedIncludedIncludedIncludedIncluded
HIPAA complianceBAA requiredBAA availableBAA availableNot verifiedNot verified

FAQ about public and private keys

These answers focus on setup limits, compliance questions, and validation issues that affect real signing workflows in the U.S.

signNow Business starts at $8/user/mo on annual billing. If you need HIPAA workflows, confirm a BAA is in place before handling PHI, and keep audit trails enabled for ESIGN and UETA evidence.

The 7-day free trial has no credit card requirement. If you cannot test bulk send or advanced controls, those features are tied to higher plans such as Business Premium or Enterprise.

If a signature fails validation after editing, the document hash changed. Re-send the file and avoid post-sign changes, because tamper-evident records rely on the original signed content remaining intact.

For 21 CFR Part 11 workflows, use unique user IDs, two-component authentication, and secure audit trails. signNow’s enterprise controls help support regulated electronic records, but validation and SOPs remain the customer’s responsibility.

If a signer cannot access the document, check email delivery, browser support, and mobile app access on iOS or Android. signNow supports major browsers, and admins can review routing and permissions in the account.

If you need a higher-assurance workflow, use ID verification or stronger authentication instead of weak knowledge-based questions. U.S. enforceability under ESIGN and UETA depends on attribution, intent, and reliable record evidence.

ROI at a Glance

Key performance indicators that demonstrate SignNow's proven track record.

28M+Documents signed
13+Years in business
4.6/5Average G2 rating