Introducing USB token and PFX file-based document signing in Zoho Sign

With the digitization of paperwork, the average time it takes to get work done has reduced drastically. While fast-growing businesses around the world sign hundreds of documents every day, it can be tough to track and authenticate each document and the signers. As many businesses now prefer e-signatures to wet signatures, the question becomes: How do we ensure the authenticity of signers who provide digital signatures, and how do we ensure the security of these documents when in transit?

Regulated industries, including banking, finance, insurance, healthcare, and legal, sign critical and confidential documents every day with their own compliance standards. These documents not only require the highest level of data security but also require the signer's identity to be clearly established. In such cases, it is recommended for organizations in regulated industries to use digital certificate-based signatures, like USB tokens or PFX files, where the signer's identity is verified by a trust service provider (TSP) and signing keys are managed by end-users themselves.

To extend our support to users in these regulated industries, we're excited to unveil the support for digital certificate-based signatures in Zoho Sign. Our users can now sign documents with either of these methods:

  • Through Zoho's certificate and signing keys that are stored in Zoho's FIPS-compliant hardware security module (HSM).

  • Through their own or their organization's certificate via USB tokens or PFX files, where the certificate and signing keys are stored and managed by the end-users themselves.

 How signing documents with a digital certificate works:

  1. The signer first verifies their identity from a verified TSP in their region.

  1. The TSP provides a digital certificate to the signer, usually in a PFX file or as a USB token, which contains a private key and a public key. The signer's digital signature certificate and the certificate authority’s details are also included in the file.

  2. Each document is hashed and then signed using the private key that is unique to the user, and the copy of the public key is embedded along with the document.This ensures that no changes are made to the document while in transit. If a document is changed after it has been signed, the document hashes will not match there by invalidating the digital signature.

If you haven't explored digital certificate-based signing yet, do check out this feature on Zoho Sign today. If you’re not already a Zoho Sign customer, head over to and sign up for a free 14-day Enterprise trial. For feedback, queries, and personalized demo requests, write to us at

Happy signing!

P.S. Feel free to register for our upcoming webinar on "Digital certificate-based signatures with USB token and PFX files in Zoho Sign" on the 31st of this month. 


Related Posts