Precision Geosystems, Where Precision Meets Value.

Community Forums

Acrobat Digital Signature Test  

Page 2 / 2 Prev
  RSS

Jim Frame
(@jim-frame)
5,000+ posts Member
Joined:8 years  ago
Posts: 5589
January 12, 2018 9:14 am  

not too skilled with image manipulation, but old school works

There's not much we can do about that kind of manipulation, which pertains to any kind of document.  Poor resolution is usually a giveaway, though.

Jim Frame
Frame Surveying & Mapping
609 A Street
Davis, CA 95616


ReplyQuote
Wendell
(@wendell)
2,500+ posts Admin
Joined:8 years  ago
Posts: 4188
January 12, 2018 9:33 am  
Posted by: Jim Frame

I just now realized that when I posted the original test file I hadn't locked it when signed.  I'm posting another that I locked.  Anyone care to repeat the test?

Since this is the first time (apparently) that I've opened a signed, locked document, I was first presented with this:

Image 2018 01 12 at 9.19.35 AM

I have Adobe Creative Cloud, so I opened the document in Acrobat Pro, and it said there is a problem with the signature, so I opened up the Signatures panel:

Image 2018 01 12 at 9.24.25 AM

I then viewed the signature:

Image 2018 01 12 at 9.26.21 AM

Then I attempted to edit the document:

Image 2018 01 12 at 9.30.15 AM

Then I tried to Save As...

Image 2018 01 12 at 9.31.28 AM

Then as a last ditch attempt to thwart your document, I viewed the Properties and found that the Change Settings button was grayed out:

Image 2018 01 12 at 9.32.28 AM

Your website is a valuable business asset. Why not treat it like one?
Harness Media provides responsive WordPress Website Design and Website Care services.
We also have great reviews from our clients!


ReplyQuote
tfdoubleyou
(@tfdoubleyou)
20+ posts Member
Joined:2 years  ago
Posts: 29
January 12, 2018 9:43 am  

I was able to open and edit without issue in Bluebeam. However, upon re-opening and examining the signature, it does indicate that the document has been modified since being signed. I don't see any evidence of that when opened with Adobe Reader, only Bluebeam tells me there's been a modification.


ReplyQuote
JBStahl
(@jbstahl)
1,000+ posts Member
Joined:8 years  ago
Posts: 1305
January 12, 2018 10:13 am  

Jim,

The first file you posted says it was "signed by Jim Frame" while the second file says it's bee "certified by Jim Frame."  Using the "signed" file, I can do anything I want to the file, even adding my own signature and save it.  The real test is when I open the file and click on the signature box, I can select the "view signed version" box and it opens another version which reverts to your original signed status.  That way, I can distinguish between the original "signed" version and the edited version. 

The "certified" version does the same thing when you tell it to "view signed version" 

I can print either version to a pdf file and make the active signature go away, yet still appear with my edits.  The only real protection you have to protect yourself when using a digital signature is to keep your own copy of the original with your signature.  That way you can always prove that the file has been manipulated from your original.   

*** May your boundaries fall in pleasant places *** Ps. 16:6
http://www.cplsinc.com/id1.html


Peter Ehlert liked
ReplyQuote
Dallas Morlan
(@dallas-morlan)
500+ posts Member
Joined:7 years  ago
Posts: 691
January 12, 2018 11:11 am  
Posted by: Jim Frame

What I don't understand is the practical difference between using a certificate like that and one generated by me.  Is a recipient really going to reject one of my documents because the certification authority isn't a third party?  Since I'm responsible for the document contents by virtue of my signature and seal, the assumption is that if they can verify the signature certificate they can rely on the document.  And if they need to verify the signature certificate, they can call me and I'll be happy to say, "Yeah, I signed that."

 

Government agencies are beginning to catch up with technology.  By 2009 most states had adopted laws and administrative rules that made submission of documents using digital signatures and certification legal, and in some cases mandatory, for public works projects.  These changes were needed to comply with federal laws (U.S. Code › Title 15 › Chapter 96 - ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE) and regulations.

We will never put an end to alteration of certified documents, hard copy or electronic,  by others.  The purpose of active digital signatures/certifications is simply a way to verify that the original document has not been altered. Some business software, word processors, spreadsheets and CADD (Computer Aided Drafting and Design) supports visually voiding the signature on any printed hard copy made after an alteration.  However, creating a CADD overlay with the original as a reference (XREF) and printing a hard copy can result in an appearance similar to the original test here.

EDIT: Some government agencies have requirements that electronic files be the primary document and hard copies are either not required or only viewed as supporting documents.  Ohio Administrative Code for Architects, Landscape Architects, Professional Engineers and Professional Surveyors have specific requirements requiring the presence and ability to verify digital signatures.

 

Dallas P. Morlan, P.S. (Retired), OH, WV


ReplyQuote
Jim Frame
(@jim-frame)
5,000+ posts Member
Joined:8 years  ago
Posts: 5589
January 12, 2018 11:17 am  

Most probably won't but you will want to make sure it passes the muster of your applicable state. I know in ID this would be against state code if you are signing the document as a PLS.

In CA I can do self-certified, but -- as I just learned -- if the recipient is a public agency the certificate authority has to be on a state-approved list.  Since I have a number of public agency clients, I applied for a certificate with Identitrust, as suggested above.

I shopped around some, and found the offerings really confusing.  Most firms on the list seem to want to sell SSL certificates or web-based document signing and storage.  I did find a couple that offer locally-hosted PDF signature certificates, but they were considerably more expensive than Identitrust.

 

Jim Frame
Frame Surveying & Mapping
609 A Street
Davis, CA 95616


ReplyQuote

Precision Geosystems, Where Precision Meets Value.

Page 2 / 2 Prev
PPI Curated Bundles -- Everything you need to pass
Yes No
  
Working

Please Login or Register