Digitally signing a document is (or should be) way more than “just a jpeg”. What is happening in the background is that you encrypt that file with a key. This key is one you never give to anyone else. If someone wants to decrypt and see the document, he has to use a different key to decrypt it. (This is asymmetric encryption, check wikipedia if you’re interested). You will give anyone who wants it the key need to decrypt it. If they are able to decrypt it, then it means that it was encrypted with your secret (private) key. Since you are the only one who has that private key, that means the document really comes from you.