These forums are now Read Only. If you have an Acrobat question, ask questions and get help from one of our experts.

Clear Signature Functionality

Forum Index > Security > Clear Signature Functionality
2009-01-19 23:19:06
nmc091
Registered: Jan 13 2009
Posts: 15

Hi experts,

About the adobe signature functionality. Whenever I signed the PDF file all fields will be in read only. Now the problem is, when I send the PDF file to another user, the recipient can easily clear my signature, thus the recipient can modify sensitive information in the pdf, this should not be the case. How to allow the clear signature functionality available to the first signer and not to other users?

Any feedbacks is appreciated. Thanks.

Regards,
Marc

Top
2009-01-20 09:27:47
#1
jcanepa
Registered: Jan 20 2009
Posts: 2
Are you sure others are able to clear your signature? The only people that should be able to do that are those with your signing certificate (Digital ID). A test of this is to open the Security Setting dialog (Advanced Menu), expand Digital IDs (on the left side of dialog), then click on Digital ID Files. You should see a list of all of your Digital IDs. Select the one you used to sign the file and click on the Detach File item at the top of the dialog window. This will disassociate that Digital ID from Acrobat. Now open the file in question and try clearing the signature. You should now be unable to clear it.
Top
2009-01-20 10:11:36
#2
gkaiseril
Expert
Registered: Feb 23 2006
Posts: 4307
More information may be needed. There are other vendor products that can process PDF's but do not comply with Acrobat's security standard.

What product the is the other user using?

What method are you using for the signature security?

Does the other user have your cirtificate and your password?

Having a second signture added to a PDF will invalidate the first signature, as the second signature field has changed and thus the PDF has changed.

George Kaiser

Top
2009-01-31 15:36:00
#3
plevy
Expert
Registered: Jul 8 2008
Posts: 80
An important point to consider is your application. Suppose someone is able to clear your signature one way or another. If they then fill in data in a form, it is not siged by you. But then suppose they couldn't clear your signature. What prevents someone from obtaining a blank form and filling it in and arriving at the same point?

There are two issues: protection of data and authenticity of the data. Since with most PDF forms, the physical file is sent and it is always possible for an attacker to create a look-alike form. The application must determine the authenticity of the data in some way such as a valid digital signature from a trusted party. Protecting data in a document so that it can't be changed is never a substitute because it depends on an attacker using only a trusted application that follows the protection rules, something an attacker is not likely to do! The attacker can always change the data, but cannot forge the signature on it.
Top
2009-02-17 22:29:43
#4
nmc091
Registered: Jan 13 2009
Posts: 15
Hi,

I tried sending a signed form to a user using adobe reader 9, the user was not able to clear the signature. However, for user using lower versions, they can easily clear the signature. Is there any way we could only allow the clear signature for the original author of the form?
Top