Document Signing
Create legally binding electronic signatures for documents stored in your vaults.
What is Document Signing?
Document Signing allows you to electronically sign documents with legally binding signatures that are:
- Legally Valid: Recognized under eIDAS (EU), ESIGN Act (US), and UETA
- Tamper-Proof: Any modification to document after signing invalidates signature
- Verifiable: Anyone can verify signature authenticity
- Timestamped: Exact date and time of signing recorded
- Identity-Linked: Signature cryptographically tied to your identity
Why Use Digital Signatures?
Advantages over Physical Signatures:
- ✅ Tamper-Evident: Know if document was modified after signing
- ✅ Non-Repudiation: Cannot deny you signed document (cryptographic proof)
- ✅ Timestamped: Exact signing time recorded (important for legal deadlines)
- ✅ Verifiable: Anyone can verify signature is authentic
- ✅ Convenient: Sign documents from anywhere, no printing/scanning
- ✅ Legally Binding: Same legal weight as handwritten signature in most jurisdictions
Use Cases:
- Contracts and agreements
- Legal documents (wills, trusts, powers of attorney)
- Business documents (invoices, purchase orders)
- Financial documents (loan agreements, investment documents)
- Medical documents (consent forms, directives)
- Real estate documents (leases, purchase agreements)
How It Works
Signing Process
Step 1: Upload Document Upload PDF document to your vault (or use existing document).
Step 2: Choose Signature Level Select signature type based on legal requirements:
- BES (Basic Electronic Signature): Standard digital signature
- AdES (Advanced Electronic Signature): Enhanced security and identity verification
- QES (Qualified Electronic Signature): Highest level, equivalent to handwritten signature
Step 3: Sign Document
- Review document contents
- Confirm identity (2FA verification)
- Click Sign Document
- Signature applied to PDF
Step 4: Verification
- Signed PDF includes embedded signature
- Anyone can verify signature using standard PDF readers (Adobe Acrobat, etc.)
- Verification shows: Signer identity, signing time, document integrity status
Technical Details
PAdES Standard: Torvus uses PAdES (PDF Advanced Electronic Signatures), the international standard for PDF signatures.
What Gets Signed:
- Document contents (entire PDF)
- Signer identity (name, email, certificate)
- Timestamp (exact signing time)
- Signature metadata
Cryptography:
- RSA 2048-bit or 4096-bit keys
- SHA-256 hash algorithm
- X.509 certificates
- TSA (Time Stamp Authority) timestamping
Tamper Detection: If document is modified after signing:
- PDF readers will show "Invalid" or "Signature has been invalidated"
- Verification fails
- Document cannot be trusted
Signature Levels
BES (Basic Electronic Signature)
What It Is: Standard electronic signature with basic identity verification.
Requirements:
- Torvus account (verified email)
- Two-factor authentication
- Document review and consent
Use Cases:
- Internal company documents
- Non-critical agreements
- General business documents
- Personal documents (not requiring high assurance)
Legal Recognition:
- Valid under ESIGN Act (US) and UETA
- Valid for most business transactions
- May not be accepted for high-value or regulated documents
Verification:
- PDF shows signature is valid
- Signer identity: Email address and name (from Torvus account)
- Timestamp: Server-based timestamp
Example Signature Block:
═══════════════════════════════════════════════════════════
Digitally Signed by: John Michael Smith
Email: john.smith@email.com
Date: March 15, 2025, 3:42 PM PST
Signature Level: BES (Basic Electronic Signature)
Signed via: Torvus Security
Certificate: [Certificate fingerprint]
═══════════════════════════════════════════════════════════
AdES (Advanced Electronic Signature)
What It Is: Enhanced signature with stronger identity verification and certificate-based cryptography.
Requirements (in addition to BES):
- Government-issued ID verification (driver's license, passport)
- Video selfie verification (liveness check)
- Certificate issued by Torvus Certificate Authority
- Higher account security (device fingerprinting, IP logging)
Use Cases:
- Contracts over $10K value
- Legal documents (wills, trusts, powers of attorney)
- Real estate documents (leases, deeds)
- Financial documents (loan agreements, investment contracts)
- Medical documents (consent forms, healthcare directives)
- Regulated industry documents (requires proven identity)
Legal Recognition:
- Meets eIDAS requirements for AdES (EU)
- Strong legal recognition in US courts
- Accepted by banks, legal institutions, government agencies
- Suitable for most business and legal needs
Verification:
- PDF shows enhanced signature with certificate chain
- Signer identity: Full legal name, ID-verified
- Certificate: Issued by Torvus Certificate Authority
- Timestamp: TSA (Time Stamp Authority) trusted timestamp
- Verification trail: ID documents, video verification, IP address, device info
Example Signature Block:
═══════��════════════════════════════════════════════════════
Digitally Signed by: John Michael Smith
Identity Verified: Government ID (Driver's License #D1234567, CA)
Date: March 15, 2025, 3:42 PM PST
Signature Level: AdES (Advanced Electronic Signature)
Certificate Authority: Torvus Security CA
Certificate Serial: 0x4A3B2C1D
Timestamp Authority: DigiCert Timestamp Authority
Verification: ID verified, video liveness check, 2FA
═══════════════════════════════════════════════════════════
Certificate Chain:
Root CA: Torvus Security Root CA
↳ Intermediate CA: Torvus Document Signing CA
↳ User Certificate: John Michael Smith (john.smith@email.com)
↳ Document: [Document name]
QES (Qualified Electronic Signature)
What It Is: Highest level of electronic signature, legally equivalent to handwritten signature in EU and many other jurisdictions.
Requirements (in addition to AdES):
- In-person identity verification (notary, certified verification center, or video notary)
- Hardware security module (HSM) or qualified signature creation device (QSCD)
- Certificate issued by Qualified Trust Service Provider (QTSP)
- Compliance with eIDAS Qualified Certificate requirements
Use Cases:
- High-value contracts ($100K+)
- Government documents and filings
- Regulatory filings (SEC, FDA, etc.)
- Cross-border transactions (where QES required by law)
- Documents requiring notarization (QES can replace notary in many jurisdictions)
- Situations where handwritten signature would normally be required
Legal Recognition:
- EU: Legally equivalent to handwritten signature (eIDAS Article 25)
- US: Strong legal recognition, meets ESIGN Act highest standards
- International: Recognized in 60+ countries with eIDAS mutual recognition
- Courts: Highest evidentiary weight in legal disputes
Verification:
- PDF shows qualified signature with QTSP certificate chain
- Signer identity: Full legal name, in-person verified, government ID
- Certificate: Issued by QTSP (Qualified Trust Service Provider)
- QSCD: Hardware-backed signature (tamper-proof device)
- Timestamp: Qualified timestamp (legally binding timestamp)
- Full audit trail: In-person verification record, biometric data (optional), device logs
Example Signature Block:
═══════════════════════════════════════════════════════════
Qualified Electronic Signature
Signed by: John Michael Smith
Date of Birth: January 1, 1980
Identity Verified: In-person verification by notary public
ID Document: US Passport #123456789 (issued 2020, expires 2030)
Date: March 15, 2025, 3:42 PM PST
Signature Level: QES (Qualified Electronic Signature)
Qualified Trust Service Provider: Torvus QTSP (eIDAS-certified)
Certificate Serial: 0xQTSP-8F7E6D5C
QSCD: Torvus Hardware Security Module (FIPS 140-2 Level 3)
Timestamp Authority: NIST-Certified Timestamp Authority
Legal Equivalence: This signature has the same legal effect as a
handwritten signature under eIDAS (EU) and ESIGN Act (US).
Verification: Full identity verification, in-person notary, hardware-backed
signature, qualified timestamp, audit trail maintained for 10 years.
═══════════════════════════════════════════════════════════
Certificate Chain (QTSP):
eIDAS Root CA (EU Trusted List)
↳ Torvus QTSP Root CA (eIDAS-certified)
↳ Torvus QTSP Issuing CA
↳ Qualified Certificate: John Michael Smith (QES)
↳ Document: [Document name]
Signature Comparison
| Feature | BES | AdES | QES |
|---|---|---|---|
| Identity Verification | Email + 2FA | Government ID + Video | In-person + Notary |
| Certificate Type | Basic | Standard X.509 | Qualified (QTSP) |
| Hardware Device | No | No | Yes (HSM/QSCD) |
| Timestamp | Server timestamp | TSA timestamp | Qualified timestamp |
| Legal Weight (US) | Valid | Strong | Highest |
| Legal Weight (EU) | Valid | Advanced (eIDAS) | Equivalent to handwritten |
| Use Case | General business | Legal/financial | High-value/regulated |
| Setup Time | Instant | 1-2 days | 1-2 weeks |
| Cost | Free (Pro plan) | $10/signature | $50/signature |
| Verification | Basic | Enhanced | Qualified |
| Audit Trail | Standard | Detailed | Complete |
| Accepted by Banks | Sometimes | Usually | Always |
| Accepted by Courts | Yes (lower weight) | Yes (strong weight) | Yes (highest weight) |
| Cross-Border | Varies | Varies | eIDAS mutual recognition |
Signing Documents in Torvus
Prerequisites
Account Requirements:
- Business or Enterprise plan (Document Signing not available on Free/Pro)
- Two-factor authentication enabled
- Verified email address
For AdES:
- Government-issued ID uploaded and verified
- Video selfie completed (liveness check)
- Certificate request approved (1-2 business days)
For QES:
- In-person identity verification completed
- QSCD device enrolled (hardware security module or smart card)
- Qualified certificate issued (1-2 weeks)
Step-by-Step: Sign a Document
Step 1: Open Document
- Navigate to vault containing document
- Click on PDF document to open
- Click Sign Document button (top right)
Step 2: Choose Signature Type
Choose Signature Level:
⚪ BES - Basic Electronic Signature
Fast, suitable for general business documents
Available now
⚪ AdES - Advanced Electronic Signature
ID-verified, suitable for legal/financial documents
[Set up AdES] (if not yet configured)
⚪ QES - Qualified Electronic Signature
Legally equivalent to handwritten signature
[Set up QES] (if not yet configured)
Step 3: Review Document
- Scroll through entire document (required)
- Checkbox: ☐ "I have reviewed and agree to the contents of this document"
- Cannot proceed until document fully reviewed
Step 4: Signature Placement
Choose where to place signature:
⚪ End of document (recommended)
Signature block added to last page
⚪ Specific location
Click on document to place signature
⚪ Multiple locations
Sign in multiple places (e.g., initial each page)
Step 5: Confirm Identity
Verify your identity:
Enter 2FA code: [______]
For AdES/QES only:
- Confirm ID matches: John Michael Smith
- Confirm document fingerprint: SHA-256: 4A3B2C1D...
Step 6: Sign
Final Confirmation
You are about to sign:
Document: [Document name]
Pages: 10
Signature Type: AdES (Advanced Electronic Signature)
Timestamp: March 15, 2025, 3:42 PM PST
⚠️ This action cannot be undone. The signature will be permanently
embedded in the PDF.
[Cancel] [Sign Document]
Step 7: Download Signed Document
✅ Document signed successfully!
Signed PDF: [Document name]_signed.pdf
Signature Level: AdES
Timestamp: March 15, 2025, 3:42 PM PST
Actions:
[Download Signed PDF]
[Verify Signature]
[Share with Recipients]
[View Audit Trail]
What Happens After Signing
Signed PDF:
- Original PDF preserved (read-only copy)
- New signed PDF created:
[Document name]_signed.pdf - Signature embedded in PDF (visible signature block + digital signature)
- Cannot be edited without invalidating signature
Audit Trail:
- Signing event logged
- IP address, device, timestamp recorded
- ID verification details (for AdES/QES)
- Downloadable audit report (PDF)
Verification:
- Anyone with signed PDF can verify signature
- Open in Adobe Acrobat, Foxit, or other PDF reader
- Signature panel shows: Valid/Invalid, signer details, timestamp
Verifying Signatures
How to Verify
Using Adobe Acrobat:
- Open signed PDF
- Signature panel appears automatically (or View → Signatures)
- Click on signature to see details
- Status: ✅ Signature is valid (document has not been modified)
Using Other PDF Readers:
- Most modern PDF readers support signature verification
- Foxit Reader, PDF-XChange, browsers (Chrome, Firefox)
- Look for signature icon or verification badge
Verification Details
What Verification Shows:
Signature Verification
Status: ✅ Valid
Signed by: John Michael Smith
Email: john.smith@email.com
Date: March 15, 2025, 3:42 PM PST
Signature Type: AdES (Advanced Electronic Signature)
Certificate: Issued by Torvus Security CA
Valid from: January 1, 2025
Valid until: January 1, 2026
Document Integrity: ✅ Document has not been modified since signing
Timestamp: ✅ Trusted timestamp from DigiCert TSA
Identity Verification: ✅ Signer identity verified (Government ID)
Certificate Chain: ✅ Valid (chain of trust verified)
If Document Was Modified:
Signature Verification
Status: ❌ INVALID
Reason: Document has been modified after signing
⚠️ WARNING: This document cannot be trusted.
The signature was valid when created, but the document contents
have been changed since then.
Do NOT accept this document as legally signed.
Verification Certificate
Downloadable Verification Report:
═══════════════════════════════════════════════════════════
SIGNATURE VERIFICATION REPORT
═══════════════════════════════════════════════════════════
Document: Employment_Contract.pdf
Document Hash (SHA-256): 4A3B2C1D8E9F0A1B2C3D4E5F6A7B8C9D...
Signature Status: VALID ✅
Signer Information:
- Name: John Michael Smith
- Email: john.smith@email.com
- Identity Verified: Yes (Government ID: Driver's License #D1234567, CA)
- Signing Date: March 15, 2025, 3:42:17 PM PST
Certificate Information:
- Issuer: Torvus Security Certificate Authority
- Serial Number: 0x4A3B2C1D
- Valid From: January 1, 2025
- Valid To: January 1, 2026
- Key Algorithm: RSA 2048-bit
- Signature Algorithm: SHA-256 with RSA
Timestamp Information:
- Timestamp: March 15, 2025, 3:42:17 PM PST
- Timestamp Authority: DigiCert Timestamp Authority
- Timestamp Valid: Yes ✅
Document Integrity:
- Status: UNCHANGED ✅
- Document has not been modified since signing
- Hash verification: PASSED ✅
Certificate Chain:
1. Root CA: Torvus Security Root CA ✅
2. Intermediate CA: Torvus Document Signing CA ✅
3. End-Entity Certificate: John Michael Smith ✅
Audit Trail:
- Signing Location: IP address 203.0.113.42 (San Francisco, CA, USA)
- Device: Chrome 120.0 on macOS 14.1
- Identity Verification: Video selfie + Government ID scan
- 2FA: Verified via authenticator app
Legal Notes:
This signature meets requirements for Advanced Electronic Signature (AdES)
under eIDAS (EU) and ESIGN Act (US). This signature has strong legal weight
and is suitable for legal and financial documents.
═══════════════════════════════════════════════════════════
Generated: March 15, 2025, 4:00 PM PST
Report ID: VR-2025-03-15-4A3B2C1D
═══════════════════════════════════════════════════════════
Legal Considerations
Legal Validity (United States)
ESIGN Act (2000): Electronic signatures are legally valid if:
- ✅ Signer intends to sign (demonstrated by clicking "Sign" button)
- ✅ Consent to use electronic signatures (account terms)
- ✅ Association between signature and document (cryptographic binding)
- ✅ Retention of signed document (stored in vault)
All Torvus signature levels (BES, AdES, QES) meet ESIGN Act requirements.
UETA (Uniform Electronic Transactions Act): Adopted by 47 US states. Requirements:
- ✅ Electronic signature attributable to person (identity verification)
- ✅ Intent to sign (explicit consent)
- ✅ Record retention (audit trail)
Torvus signatures meet UETA requirements in all adopting states.
Exceptions (where electronic signatures may not be accepted):
- Wills and testamentary trusts (many states require handwritten or notarized)
- Adoption documents
- Court orders and notices
- Certain family law documents
Check state law: Some documents require notarization or handwritten signatures. QES can replace notarization in many (but not all) cases.
Legal Validity (European Union)
eIDAS Regulation (2014): Three levels of electronic signatures:
Simple Electronic Signature (equivalent to BES):
- Legal effect: Valid, but low evidentiary weight
- Suitable for: Non-critical documents
Advanced Electronic Signature (AdES):
- Requirements: Uniquely linked to signer, capable of identifying signer, under sole control of signer, linked to data in tamper-evident way
- Torvus AdES meets all requirements ✅
- Legal effect: Strong evidentiary weight
- Suitable for: Legal and financial documents
Qualified Electronic Signature (QES):
- Requirements: AdES requirements + qualified certificate + qualified signature creation device (QSCD)
- Torvus QES meets all requirements ✅
- Legal effect: Equivalent to handwritten signature (Article 25)
- Suitable for: High-value contracts, government filings, situations requiring handwritten signature
Cross-Border Recognition: QES issued in one EU member state is recognized in all EU member states (mutual recognition).
Other Jurisdictions
Canada: Electronic signatures valid under PIPEDA and provincial legislation. UK: eIDAS retained post-Brexit; UK equivalent (UK eIDAS) has similar provisions. Australia: Electronic Transactions Act recognizes electronic signatures. Worldwide: 60+ countries recognize electronic signatures to varying degrees.
Check local law: Requirements vary by country and document type.
Best Practices
Choosing Signature Level
Use BES for:
- Internal company documents (memos, policies, non-binding agreements)
- Personal documents (not requiring high assurance)
- Low-value transactions (under $1,000)
- Non-legal documents
Use AdES for:
- Contracts ($1K-$100K)
- Legal documents (wills, trusts, powers of attorney - if permitted in your state)
- Financial documents (loan agreements, investment contracts)
- Real estate documents (leases, purchase agreements under $100K)
- Employment agreements
- Medical consents and directives
- Most business and legal needs (default recommendation)
Use QES for:
- High-value contracts ($100K+)
- Government and regulatory filings
- Cross-border transactions (EU/international)
- Documents where handwritten signature would normally be required
- Situations where maximum legal weight is critical
- Replacement for notarization (where permitted)
Document Preparation
Before Signing:
- ✅ Review document thoroughly (you cannot undo signature)
- ✅ Ensure document is final (no more edits needed)
- ✅ Check that document is correct PDF (not Word doc or image)
- ✅ Verify all parties have reviewed and approved
- ✅ Confirm signing order (if multiple signers)
Multi-Party Signatures:
- First signer signs document
- Send signed PDF to next signer
- Next signer signs (second signature added)
- Repeat for all signers
- Final PDF contains all signatures
Signature Order Matters:
- Each signature includes timestamp
- Order of signatures is evident from timestamps
- Important for documents with signing order requirements (e.g., "signed and agreed by both parties on [date]")
Retention and Storage
Signed Documents:
- Keep signed PDF in vault (automatic)
- Download copy for local backup
- Provide copies to all parties
- Retain for required period (varies by document type: 3-7 years typical, longer for legal documents)
Audit Trail:
- Download and save audit trail report
- Store with signed document
- Provides evidence of signature validity if challenged
Verification:
- Periodically verify signatures are still valid
- Check certificate expiration dates
- Renew certificates before expiration if long-term validity required
FAQ
Is an electronic signature legally binding?
Yes, in most cases. Electronic signatures are legally binding under ESIGN Act (US), eIDAS (EU), and similar laws in 60+ countries. Exceptions exist for certain document types (wills, adoption papers, etc.) - check your local law.
Do I need all signers to use Torvus?
No. You sign the document in Torvus, then share the signed PDF with other parties. They can sign using any electronic signature service (or even print and sign manually if needed). Multiple signatures from different services can coexist on same PDF.
Can I sign documents that are already signed by others?
Yes. If someone sends you a signed PDF, you can add your signature. PDF supports multiple signatures (countersigning).
What if my certificate expires?
Before expiration: Renew certificate (automatic reminder 30 days before expiration).
After expiration: Existing signatures remain valid (timestamps prove signature was created when certificate was valid), but you cannot create new signatures until you renew.
Long-term validity: Use qualified timestamps (AdES/QES) to ensure signatures remain verifiable for 10+ years, even after certificate expires.
Can I remove or change a signature after signing?
No. Signatures are permanent. Any attempt to modify document invalidates signature. If you need to change document, create new version and sign again.
What happens if I lose access to my certificate?
For AdES/QES: Certificate is tied to your Torvus account. As long as you have account access (2FA, password recovery), you can sign documents.
If account compromised: Revoke certificate immediately (Settings → Document Signing → Revoke Certificate). Existing signatures remain valid, but no new signatures can be created with that certificate.
How do I prove a signature was created by me?
Audit trail includes:
- Identity verification (ID documents for AdES/QES)
- Video selfie (liveness proof)
- IP address and device information
- Timestamp and certificate chain
- 2FA verification log
This provides strong evidence that signature was created by you, not someone else.
Can I use Torvus signatures for contracts with customers who don't have Torvus accounts?
Yes. Sign the document in Torvus, then send signed PDF to customer. They can verify signature in any PDF reader. They can sign using their own method (Torvus, DocuSign, print+scan, etc.).
Related Guides
- Document Signing Types: Detailed comparison of BES, AdES, QES
- Document Management: Uploading and organizing documents
- Vault Settings: Vault configuration
- Security Best Practices: Protecting sensitive documents
Last Updated: October 8, 2025