Activity Feed › Discussion Forums › Software, CAD & Mapping › Acrobat Digital Signature Test
Acrobat Digital Signature Test
Posted by jhframe on January 12, 2018 at 5:47 amI’ve been using a self-certified digital signature on PDFs for a few years now, but I’ve never gotten around to seeing what happens when someone modifies (or tries to modify) the document. I’ve attached a test file, and would be interested in learning if others can modify it, and if so what happens when they try to print it.
Thanks!
jhframe replied 6 years, 3 months ago 11 Members · 20 Replies- 20 Replies
Click on the “Digital Signature” block in each file and the difference becomes apparent. Jim’s original fill will show this validation box
while Wendell’s file will not. The original file also shows a rectangular line around the signature when the cursor is moved over that area. Wendell’s copy does not react as that area is a graphic and not an active digital signature.
Clicking on the “Signature Properties” button of the validation box will show the following.
I was then able to edit the file, which I saved and attached here.
Which means that anyone can edit it, and when printed it looks like I’ve signed the modified file. I was kind of hoping that it would be watermarked or rendered in some distinctive way that would make clear that the edits occurred after the signature. Being able to validate the signature only in a digital environment is hardly optimal.
How do others handle this kind of thing?
I use the digital signature in Acrobat with my seal and signature as an “appearance.” I had always assumed that if the file was changed, the “appearance” would disappear, but no, my seal and signature remains and will still be printed. Like your example, the only way to tell that the file was changed was to load the file in Acrobat.
So I add the phrase “Issued as electronic media with encrypted digital signature” that I hope will tip someone off that there is a digitally signed file out there somewhere they can check if there is any doubt about the paper copy.
But other surveyors in my area just seem to scan their seal & signature and add it to the PDF without a digital signature.
In the last 8 years or so that I have been using digital signatures, I have only run across one other person who even knew what a digital signature was (an attorney who digitally signed my digitally signed proposal).
I have had my plans altered (redrawn!) twice by architects (of course), and all they had to work with was a paper copy, so there really is no sure way to protect your plans.
Oregon Statute requires that you add the statement ‘Digital Signature’ along with your stamp.
Jim, Why not just use this. It??s fully accepted in all business transactions, corporate transactions, etc.
??ACES Business Representative Certificate – 2 year certificate?
Jim, Why not just use this.
What I don’t understand is the practical difference between using a certificate like that and one generated by me. Is a recipient really going to reject one of my documents because the certification authority isn’t a third party? Since I’m responsible for the document contents by virtue of my signature and seal, the assumption is that if they can verify the signature certificate they can rely on the document. And if they need to verify the signature certificate, they can call me and I’ll be happy to say, “Yeah, I signed that.”
The edit functions were greyed out in both Adobe and PDF exchange.
The edit functions were greyed out in both Adobe and PDF exchange.
That’s encouraging!
I tried to attach screen shots but I can’t get it to work?
??Is a recipient really going to reject one of my documents because the certification authority isn’t a third party??
I suppose not, however in Fl. all, or mostly all submission of Survey documents to various municipalities for construction (plans, site plans, building permits??..etc.) require a registered digital certificate. $70 bucks a year is less than I spend on beer for one week. ?
Sometimes being too frugal can create a backlash.
not too skilled with image manipulation, but old school works
??Is a recipient really going to reject one of my documents because the certification authority isn’t a third party??
Most probably won’t but you will want to make sure it passes the muster of your applicable state. I know in ID this would be against state code if you are signing the document as a PLS. I believe the same goes for WA as well.
not too skilled with image manipulation, but old school works
There’s not much we can do about that kind of manipulation, which pertains to any kind of document. Poor resolution is usually a giveaway, though.
- Posted by: Jim Frame
I just now realized that when I posted the original test file I hadn’t locked it when signed. I’m posting another that I locked. Anyone care to repeat the test?
Since this is the first time (apparently) that I’ve opened a signed, locked document, I was first presented with this:
I have Adobe Creative Cloud, so I opened the document in Acrobat Pro, and it said there is a problem with the signature, so I opened up the Signatures panel:
I then viewed the signature:
Then I attempted to edit the document:
Then I tried to Save As…
Then as a last ditch attempt to thwart your document, I viewed the Properties and found that the Change Settings button was grayed out:
Your friendly, virtual neighborhood Webmaster I was able to open and edit without issue in Bluebeam. However, upon re-opening and examining the signature, it does indicate that the document has been modified since being signed. I don’t see any evidence of that when opened with Adobe Reader, only Bluebeam tells me there’s been a modification.
Jim,
The first file you posted says it was “signed by Jim Frame” while the second file says it’s bee “certified by Jim Frame.” Using the “signed” file, I can do anything I want to the file, even adding my own signature and save it. The real test is when I open the file and click on the signature box, I can select the “view signed version” box and it opens another version which reverts to your original signed status. That way, I can distinguish between the original “signed” version and the edited version.
The “certified” version does the same thing when you tell it to “view signed version”
I can print either version to a pdf file and make the active signature go away, yet still appear with my edits. The only real protection you have to protect yourself when using a digital signature is to keep your own copy of the original with your signature. That way you can always prove that the file has been manipulated from your original.
- Posted by: Jim Frame
What I don’t understand is the practical difference between using a certificate like that and one generated by me. Is a recipient really going to reject one of my documents because the certification authority isn’t a third party? Since I’m responsible for the document contents by virtue of my signature and seal, the assumption is that if they can verify the signature certificate they can rely on the document. And if they need to verify the signature certificate, they can call me and I’ll be happy to say, “Yeah, I signed that.”
Government agencies are beginning to catch up with technology. By 2009 most states had adopted laws and administrative rules that made submission of documents using digital signatures and certification legal, and in some cases mandatory, for public works projects. These changes were needed to comply with federal laws (U.S. Code ?§ Title 15 ?§ Chapter 96 – ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE) and regulations.
We will never put an end to alteration of certified documents, hard copy or electronic, by others. The purpose of active digital signatures/certifications is simply a way to verify that the original document has not been altered. Some business software, word processors, spreadsheets and CADD (Computer Aided Drafting and Design) supports visually voiding the signature on any printed hard copy made after an alteration. However, creating a CADD overlay with the original as a reference (XREF) and printing a hard copy can result in an appearance similar to the original test here.
EDIT: Some government agencies have requirements that electronic files be the primary document and hard copies are either not required or only viewed as supporting documents. Ohio Administrative Code for Architects, Landscape Architects, Professional Engineers and Professional Surveyors have specific requirements requiring the presence and ability to verify digital signatures.
Most probably won’t but you will want to make sure it passes the muster of your applicable state. I know in ID this would be against state code if you are signing the document as a PLS.
In CA I can do self-certified, but — as I just learned — if the recipient is a public agency the certificate authority has to be on a state-approved list. Since I have a number of public agency clients, I applied for a certificate with Identitrust, as suggested above.
I shopped around some, and found the offerings really confusing. Most firms on the list seem to want to sell SSL certificates or web-based document signing and storage. I did find a couple that offer locally-hosted PDF signature certificates, but they were considerably more expensive than Identitrust.
Log in to reply.