Digital signature in PDF and Acrobat

By July 11, 2006

 

The Good, the Bad and the Ugly

Almost everyone has a signature they use to sign every kind of agreement, from credit-card slips to contracts. A signature is commonly understood as a recognizable scrawl (or flourish, if you are so inclined) that indicates: 'I (the signer) record my agreement to this document as it exists at the time of my signing.'

Placing pen on paper - or "inking" - is a key event in establishing enforceable agreements. Ink is neutral, a third-party witness to the joining of hands. Without ink, it seems, we have no deal.

So what do we do when our documents aren't printed on paper, but delivered electronically, as PDF files? To "ink" them in the conventional sense, we first have to print them, neutralizing the utility of the electronic document format.

figure

PDF digital signatures are beginning to emerge as a viable solution to keeping the "inking" process in the digital realm. The infrastructure for digital signatures exists in Acrobat, but vendors in this space must do a lot better before digital signatures - in PDF files and otherwise - become a significant part of everyday reality. There were a few recent rollouts of digital signatures on a large scale, such as in Belgium, but these remain few and modest compared to the concept's clear potential.

Of course, it's not all up to Adobe, or any other single vendor in the digital signature world. Significant barriers remain. Digital signatures are not yet regarded as legal in many jurisdictions, and most approaches to implementation remain organized around the technology rather than the user, akin to the well-understood role of the ballpoint pen. Digital signature key systems, signature devices and the other accoutrement of secure electronic documents remain arcane to all but the well-initiated. Where digital signatures are gaining in implementation, such as in Belgium, privacy concerns have followed.

Beyond the technical, representational and privacy issues, potent business-cultural and usage barriers to digital signature implementation remain as well.

Most legal and other paper-document workflows are rooted in filing cabinets and fax machines because paper remains the one document medium that is reliably horizontal - i.e., moves easily between organizations. Integrating digital signatures and electronic documents into these workflows without replacing the whole system often doesn't appeal. One of the most serious hurdles is the necessity (under the current implementation) of both sender and receiver being at least somewhat savvy to digital signatures in order to make the whole process work as intended. Today's digital signature technology is principally effective in a vertically integrated environment.

The Good: Digital signatures are here, and they actually work

If you've imagined that a digital signature meant using some magic pen to scratch away on the screen to embed your penmanship into the document, you should forget it. Writing on the screen itself is never going to be good for the screen, and it's pretty uncomfortable as well.

Current theory has it that in electronic documents, one needs to do a lot more than simply bind a signature image onto the electronic page. The good news is that the technology exists to make it all work reasonably well. Once users create a Digital ID (more on that in the "Bad" section), design their signatures, know how to recognize a Signature field and understand what to do with it, they can sign PDF documents quickly, effectively and paperlessly.

Digital signatures have a number of advantages over their inky ancestors:

figure

Figure 1: A certified and signed PDF identifies itself as such when opened

figure

Figure 2: Mouse-over a PDF signature to view its status

figure
Figure 3: If changes have been made since signing, you'll know

figure

Figure 4: Acrobat provides information about the signature

figure
Figure 5: If the document has changed, you'll get a warning

figure
Figure 6: Use any signature you like; includes graphics, text and information about your organization or location.

It seems digital signatures should be easy, their usefulness obvious, and their implementation widespread. Such is not yet the case. Let's look at why.

The Bad: Digital signatures remain complex

iCiX works with Fortune 500 companies to improve document workflows at every level. Digital signatures should be a big part of this package, but due to differing technology standards and security models, they are proving very difficult to implement in multi-enterprise applications. For the moment, iCiX resorts to tracking the identity of users accessing and approving documents via simpler login protocols. "We should take digital signatures for granted, like an email address or a DNS lookup," Paul Horan, iCiX North America's COO says. "Until [it] becomes transparent, digital signature technology is not reality for our application."

Integrating a digital signature infrastructure requires a strategy both broad and deep. First, one must confront the basic requirement that all users in the document lifecycle possess an adequate mix of software, configuration and knowledge of digital signature workflows — not to mention approximately equivalent trust in the very concept of digital signatures. For most users, this remains a big step up.

From configuration to training to adoption, Adobe Acrobat is probably one of the easiest signature applications to deploy and use, but that doesn't mean it's easy or obvious from the end-user's perspective. On the plus side, there is no server-side configuration and network downtime to install Reader or Acrobat, and the only real prerequisite (assuming either Acrobat or use of the Reader Extensions technology or service) for signing is the "Digital ID." Still, to meet their potential, digital signature implementations require a lot more than just a signature field and a Digital ID, but nowhere will you find this clearly laid out in the Acrobat documentation.

Digital signature adoption is thus far limited to vertically integrated applications such as that of the Land Title Branch of the Province of British Columbia (PDF) and the Orange County Planning and Development Services Department (PDF). Acrobat also offers Hanko signatures support, as well as support for electronic signature tablets via partnerships such as those with CIC and Interlink. Digital signature solutions that use hardware/software combinations are steadily getting more exciting. For the moment, however, power users make up the (modest) balance of current digital signature aficionados, because for these users, Acrobat makes it reasonably easy to create self-signed IDs and add a signature image to a signature field. Most of the world, however, is still using ink.

The Ugly: Technobabble overkill

What's necessary to take advantage of today's PDF digital signatures? Adobe's digital signature solutions in Reader and Acrobat have something for everyone -— i.e., they include the bare bones of a solution for all levels of information assurance. Unfortunately, even the basics get complicated pretty quickly.

First, you can't sign just any PDF. A signable PDF file must include a Digital Signature field, the device that offers the author greater control over the future use of the document. No special skill is required to make a PDF signable — just a copy of Adobe Acrobat Standard or Professional and a minimal understanding of form fields.

Note that the free Adobe Reader cannot sign a PDF unless the PDF has been "blessed" with extended usage rights (Reader Extensions). Without such rights, every "signer" must have Adobe Acrobat, or equivalent.

Apart from using the right software or a PDF with extended rights, signing a PDF requires a Digital ID. What's that? It's not a familiar concept, even to users who consider themselves savvy to website logins, cookies, PIN numbers and other means of online identification. Digital IDs are issued by third parties, and may also be self-signed — that is, created without a third-party certificate authority. Adobe doesn't recommend self-signed signatures, but offers precious little information as to the distinction, why one might care, or what exactly one should do to acquire a third-party ID.

Now, is a self-signed Digital ID as good as a third party's ID? In some ways, yes, in others, no. For example, with a self-signed ID, you'd have to share your certificate with the other user in order for them to authenticate your signature. Once you've sent them your certificate, they need to know what do to with it. Third-party IDs help to solve this problem, but establishing such an infrastructure - with the associated implementation and training costs - has yet to show obvious payoffs for most organizations. Adobe provides the "plumbing" to automate the sending and delivery of digital signature information, but they leave the actual implementation very much up to you.

Adobe does not recommend the use of self-signed IDs — they are essentially convenience items for experimentation and training, for use among trusted parties or within a small workgroup. Automatic validation is available via the Adobe's Certified Document Service. For other certificates, all the recipient has to do is trust the chain of the sender's certificate in the Advanced > Trusted Identities menu. An official Adobe guide, reference and glossary to the process and considerations of digital signatures is sorely lacking.

On the other hand, a PDF signed with a self-signed ID will announce any changes that occurred since signing. That, by itself, is of real value.

There are hurdles to self-signed signatures too, even for experienced users. Creating a Digital ID, for example, is an 11-step process, well-documented in the Acrobat Help file, but lavish with technical terms, and far from intuitive. See Resources at the end of this article for links to detailed descriptions of the basic digital signature processes.

Even for users who set themselves up with Digital IDs and get to signing their PDFs, nagging doubts often remain. For example, the current self-signed digital signature method almost inevitably means that the "signing" entity is not "really" a person, but the user login under which that digital signature was created. Access to a user's logged-in computer provides access to their digital signature as well. This issue is unaddressed in the documentation. Acrobat 7's Help file offers no advice on how to really employ digital signatures, but focuses entirely on the mechanics of setting up the individual workstation (or is it user login?) to sign a document.

Most users think of their signatures as something that is something only they — not their computer — can create. They want to know, how do you use your digital signature on different computers? (It depends, see Resources, below) What happens when you upgrade your hardware and forget to transfer your signature? You must make a new one. What happens to people using your old certificate? They are unaffected. Should you worry about giving your old computer away? Not necessarily, but if you give away your login as well, then yes. Answers do exist to all these concerns, but many (most) are involved, and anything but obvious.

Let's review the terms that digital signature user wannabes will encounter before they could claim to have reviewed their options and made an informed choice. Those terms would be (with added editorial comments):

  • Digital ID also variously known as a private key, credential or profile, depending on when and how you use it. A Digital ID is required in order to digitally sign PDFs.
  • Digital ID Certificates may be sent to a recipient of your signed PDF for use in authenticating your signature. Not everyone will find authentication strictly necessary – after all, the PDF is “signed,” and can’t be changed without unsigning itself.
  • Third-party digital IDs – Digital IDs that are issued by an independent third party ( i.e., a Certificate Authority). Examples of a third party that issues certificates to consumers or businesses or server is Verisign, CyberTrust, Entrust and Geotrust.
  • PKCS#12 and/or PKCS#11 (smartcard) files, or otherwise the Windows Credential Store – perhaps the first time you’ve ever heard of such a thing. See the Resources list, below.
  • Trusted Identities. In order to validate a Digital Signature, the sender’s valid and unexpired Certificate must be in your list of Trusted Identities.
  • Policies. Policies allow document creators to regulate and track PDF usage.
  • Self-signed Signatures “Versus some other kind of signature, not by me?”, I often hear.
  • Trusted roots (as opposed, or course to those nasty untrusted roots). There’s only one reference in the entire Acrobat Help file, and it’s not at all clear what’s meant here, nor by trusted anchor, or what trusted roots (or anchors) should mean to the user.
  • The distinction between certification and signing (sort of the same, sort of different)

Frankly, ‘nuff said. People still trust the pen in their hands when it comes to signing because they understand what it means to literally put ink on paper. Digital signatures require a radical new level of trust, and trust is not easy to find in a blizzard of unfamiliar, interlocking terms. No wonder most people are still hitting “print” and grabbing a ballpoint.

Conclusion

Digital signatures are, in fact, almost here. Adobe has done a lot of good groundwork on the infrastructure of highly evolved digital signature solutions. What escapes them thus far is a simple way for users to treat a PDF as if it were a fax, skipping (or assuming) the arcana of certificate stores, trusted roots, and the like. Let’s review the use case:
To sign a document, Joe User wants to…

  • Open the document (from a local folder, e-mail or website, it shouldn’t matter. Nor should Joe’s current location or current computer matter, he should be able to sign wherever he is)
  • “Sign” the thing, without a lot of messing around. All that’s really called for is that he…
    • Sees his signature scrawl appear in the right place
    • Has some reasonable, uncomplicated assurance that the PDF is now “locked” and can’t be changed
  • Save it
  • E-mail or Submit it to a Web server

Many compatible technologies hold real promise to assist in the acceptance and integration of digital signatures. Signature pads and biometric devices such as thumb-print and retinal scanners – if seamlessly integrated into the signature process – offer dramatic potential for the future.
Signatures are one of the most horizontal of all applications. Gaining broad acceptance means that the basic signature method needs to be both as simple and as safe as humanly possible. We may all tack on third-party Digital IDs from a Trusted Root with full contact-manager integration without a second’s thought in 2012. Before that happens, we’ll need a revolution in simplicity and trust in the electronic-only environment.

Resources

Adobe Solutions Brief on Secure Electronic Documents (PDF, Adobe Systems)
Sample signatures for use with Acrobat Digital Signature plug-ins (PDF, Adobe Systems)

From the Acrobat Help File
Using digital IDs and certification methods
Obtaining a Digital ID from a third party
Creating a Digital ID
Finding and adding Digital IDs
Selecting a Digital ID
Managing Third Party Digital IDs
Managing Digital ID Certificates
Sharing a Digital ID Certificate
Getting Digital ID Information from Other Users

Some Third-Party Solutions
Adobe Security Partners
FormRouter’s Digital Signature Solutions


Was this tutorial helpful?

Please Log in to provide feedback on this tutorial.

Rate this tutorial

Please Log in to rate this tutorial.

Rating:

Did you know?

  • You can ask a question and get an answer from one of our experts.
  • You can search our database of over 800 tutorials by product and/or topic.
  • You can leave a comment below for the author of this tutorial.

Products covered:

Related topics:

Sign documents electronically

Top Searches:

Electronic signatures, Electronic signature, PDF encryption


29 comments

Lori Kassuba

5 days ago

Hi Bill,

Try reinstalling Acrobat and or Reader to see if it corrects the problem.

Thanks,
Lori

Bill

1 week ago

I have been able to apply my signature to documents using the SIGN tab on the top right of my screen which had TOOLS, SIGN and COMMENTS tabs.  It now only has a COMMENTS tab.  I am using Adobe version XI.
Why has this changed?

Lori Kassuba

1 month ago

Hi Michael Schaefer,

This tutorial should help you understand how to add the JPEG image for your signature:
http://acrobatusers.com/tutorials/how-do-i-add-a-scanned-signature-to-a-digital-signature

Thanks,
Lori

Michael Schaefer

1 month ago

How can I insert a copy of my signature (already in jpeg) into a pdf? I have Adobe Acrobat Pro.
Thanks

Lori Kassuba

2, 2013-09-06 06, 2013

Hi Gary Burleson,

I think you may be experiencing this problem:
http://blogs.adobe.com/acrobat/adobe-reader-and-acrobat-11-0-3-update-and-signature-field-detection/

As a workaround, users can quickly hide the message bar that appears for a document by clicking the icon on the left of the message bar.

Thanks,
Lori

Gary Burleson

3, 2013-09-05 05, 2013

I created a fillable pdf and sent it to several users via e-mail.  Some of the users are unable to save the document without signing it.  I did not request a signature.  Why is this happening only in some cases and not in others?

Thanks,
Gary

Lori Kassuba

12, 2013-09-03 03, 2013

Aprilbing Abrigana,

When you place a digital signature on a document, changing the document and document assembly are disallowed. This is so that the validity of the document can be upheld after signing.

Thanks,
Lori

Aprilbing Abrigana

10, 2013-08-27 27, 2013

Hi,

Just wondering when I insert my digital signature, I can’t insert any document. Please advise. Thanks heaps.

Kind regards,

Aprilbing

Lori Kassuba

10, 2013-07-30 30, 2013

Hi laxmidhar maharana,

Can you post your question here (with more detail) so we can help you interactively?
http://answers.acrobatusers.com/AskQuestion.aspx

Thanks,
Lori

laxmidhar maharana

8, 2013-07-26 26, 2013

after downloading the e aadhar letter there is no signature visible. there is only written that signed digitally by the person.so how can i download a signed copy?

Lori Kassuba

11, 2013-07-11 11, 2013

Hi Peter Man,

Unfortunately it’s not possible to change the date stamp format of a digital signature.

Thanks,
Lori

Lori Kassuba

10, 2013-07-05 05, 2013

Hi Ravi Kumar.V,

Can you post your question here so we can help you interactively?
http://answers.acrobatusers.com/AskQuestion.aspx
Please include more detail about what version of Acrobat you’re using the and exact details of the error.


Thanks,
Lori

Peter Man

9, 2013-07-03 03, 2013

I actually have a question: how to display the date only and not the hour minute sec along the digital signature? Is there a quick way?

Thanks!

Ravi Kumar.V

4, 2013-06-29 29, 2013

Hiii… I’m A Business Man. recently govt made digital signature compelsory for signing statutory form. although i have acquired digital signature i cant sign in C FORM… BUT THE THING MAKING ME MORE CONFUSED IS THAT I CAN SIGN DIGITALLY WHILE E-FILING BUT CANT SIGN IN STATUTORY FORMS…! WHILE TRYING IT IS SHOWING—ERROR IN READING PDF FILES—. CAN YOU SUGGEST A SOLUTION..?

Tarek Faham

4, 2013-04-03 03, 2013

Hi Lori, yes, I got a response. I think this is the best response I can have. Although I feel a bit lost. It is a complicated thing, which confirms what is mentioned in this article here.

Thank you again.

Tarek

Lori Kassuba

9, 2013-04-03 03, 2013

Hi tarekahf,

I’ve asked someone to respond to your post in the U2U forum here:
http://forums.adobe.com/thread/1177783?tstart=0

Thanks,
Lori

tarekahf

5, 2013-03-26 26, 2013

Thanks Lori Kassuba,

Same symptoms, different case. I created the digital signature right from Adobe Reader. Now, the article is talking about CA, which I have no idea what is it all about. Seems far away from the approach I used, beyond my level of experience.

Appreciate any further help.

Tarek.

Lori Kassuba

12, 2013-03-26 26, 2013

Hi tarekahf,

Can you let me know if this applies to your situation:
http://support.microsoft.com/kb/910249/en-us

Thanks,
Lori

tarekahf

7, 2013-03-26 26, 2013

I am facing a problem in renewing Digital Signature Certificate. Check this forum post:

http://forums.adobe.com/thread/1177783?tstart=0

Apprecite your help.

Tarek.

Lori Kassuba

4, 2013-03-18 18, 2013

Hi Karthick,

Have you tried this suggestion from LIC:
http://www.licindia.in/images/eReceipt_Verification_Help.pdf

Lori

Karthick

5, 2013-03-16 16, 2013

Hi. I have the same problem as ashish and sagar. If anyone knows how to solve this please do post here.

Thank you in advance.
KARTHICK

Lori Kassuba

11, 2013-03-13 13, 2013

Hi Ashish,

Have you tried contacting LIC about this issue?

Thanks,
Lori

Ashish

12, 2013-03-06 06, 2013

Hello Lori,

My problem is exactly same as Sagar’s and I have followed evry step given in the help document that you have referred to but still no luck.

Any help is greatly appreciated.

Thanks
Ashish

Lori Kassuba

3, 2013-02-19 19, 2013

Hi Alwin,

Can you post your question here so we can assist you interactively:
http://answers.acrobatusers.com/AskQuestion.aspx

Thanks,
Lori

Alwin JOy

4, 2013-02-16 16, 2013

Hiii… I’m working as an Accountant. recently govt made digital signature compelsory for signing statutory form. although i have acquired digital signature i cant sign in C FORM… BUT THE THING MAKING ME MORE CONFUSED IS THAT I CAN SIGN DIGITALLY WHILE E-FILING BUT CANT SIGN IN STATUTORY FORMS…! WHILE TRYING IT IS SOWING—ERROR IN READING PDF FILES—. CAN YOU SUGGEST A SOLUTION..?

Sagar

5, 2013-02-05 05, 2013

Hello
I received a premium receipt from LIC. I am using Adobe Reader X 10.1.5 and was unable to validate the signature and was getting following erros:


The Document has not been modified since this signature was applied

Signature is valid, but revocation of signer’s identity could not be checked

Signing time is from the clock on signer’s computer

Please suggest a solution

Thank you.

Hi Sagar,

Please see this suggestion from LIC:
http://www.licindia.in/images/eReceipt_Verification_Help.pdf

Regards,
Lori

Debrah Binard

11, 2013-01-28 28, 2013

I have signed a document and now need to edit my own signed document.  How can I do this?

Hi Debrah,

This depends on how you signed the document. Can you ask your question here:
http://answers.acrobatusers.com/AskQuestion.aspx

Thanks,
Lori

Jacob

9, 2013-01-24 24, 2013

Hi Lori,

We wanna setup our Acrobat with digital signatures. could you assit me with costs and in summary the answers to the questions below:

1. How are Digital Signatures Implemented in Adobe?
2. What type of architectural deployments exist? Centralized and decentralized?
3. What version of Adobe is required and how much is the cost?

Hi Jacob,

I think the best place to start is to understand the various ways to implement electronic signatures:
http://blogs.adobe.com/security/2009/05/sign_here_getting_started_with.html

Lori

Abhaya Kumar Jena

12, 2012-12-20 20, 2012

I have received a receipt from my LIC Premium. In the Receipt there is a digital signature but it’s showing as Validity Unknown. Trying to view the digital signature facing some error problem. The errors are given below.

Signature validity is UNKNOWN
The Document has not been modified since this signature was applied
The signature identity is unknown because it has bot been included in your list of trusted identities and none of its parent certificates are trusted identities

Please give me some solution & how i can view the digital sign. what is the procedure. Please advise & give me the solution.

Thanking You.

Regards,
Abhaya Kumar Jena

Hi Abhaya,

Please let us know if these instructions help you:
http://www.licindia.in/images/eReceipt_Verification_Help.pdf

Lori

LAURETTO MARCELLO

8, 2012-11-17 17, 2012

COST AND HOW DO I DO IT?

Hi Lauretto,

You’ll need to contact our Security Partners mentioned in the previous comment for pricing information. For more detail on how to create a digital signature check out the following video tutorial:
http://acrobatusers.com/tutorials/using-digital-signatures-pdf-file

Lori

 

RED BROOKE

1, 2012-06-27 27, 2012

I NEED TO OPEN FILES EMAILED THRU ACROBAT… HOW DO I GET DIGITAL SIGNATURE ?

Hi Red,
Digital Signatures for use in Acrobat can be purchased through one of our Security Partners. For more information on our Security Partners please visit the following URL:
http://www.adobe.com/security/partners/index.html

Lori K.

Leave a reply:

Have an urgent question? Post your question to our Ask an Expert forum for a faster response.

Fields marked with * are required.

Download
Acrobat XI trial

Get the trial now

Learn how to
sign documents
electronically.

Get started