Acrobat Digital Signature Test
I just now realized that when I posted the original test file I hadn't locked it when signed. I'm posting another that I locked. Anyone care to repeat the test?
Since this is the first time (apparently) that I've opened a signed, locked document, I was first presented with this:
I have Adobe Creative Cloud, so I opened the document in Acrobat Pro, and it said there is a problem with the signature, so I opened up the Signatures panel:
I then viewed the signature:
Then I attempted to edit the document:
Then I tried to Save As...
Then as a last ditch attempt to thwart your document, I viewed the Properties and found that the Change Settings button was grayed out:
I was able to open and edit without issue in Bluebeam. However, upon re-opening and examining the signature, it does indicate that the document has been modified since being signed. I don't see any evidence of that when opened with Adobe Reader, only Bluebeam tells me there's been a modification.
The first file you posted says it was "signed by Jim Frame" while the second file says it's bee "certified by Jim Frame." Using the "signed" file, I can do anything I want to the file, even adding my own signature and save it. The real test is when I open the file and click on the signature box, I can select the "view signed version" box and it opens another version which reverts to your original signed status. That way, I can distinguish between the original "signed" version and the edited version.
The "certified" version does the same thing when you tell it to "view signed version"
I can print either version to a pdf file and make the active signature go away, yet still appear with my edits. The only real protection you have to protect yourself when using a digital signature is to keep your own copy of the original with your signature. That way you can always prove that the file has been manipulated from your original.
*** May your boundaries fall in pleasant places *** Ps. 16:6
What I don't understand is the practical difference between using a certificate like that and one generated by me. Is a recipient really going to reject one of my documents because the certification authority isn't a third party? Since I'm responsible for the document contents by virtue of my signature and seal, the assumption is that if they can verify the signature certificate they can rely on the document. And if they need to verify the signature certificate, they can call me and I'll be happy to say, "Yeah, I signed that."
Government agencies are beginning to catch up with technology. By 2009 most states had adopted laws and administrative rules that made submission of documents using digital signatures and certification legal, and in some cases mandatory, for public works projects. These changes were needed to comply with federal laws (U.S. Code › Title 15 › Chapter 96 - ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE) and regulations.
We will never put an end to alteration of certified documents, hard copy or electronic, by others. The purpose of active digital signatures/certifications is simply a way to verify that the original document has not been altered. Some business software, word processors, spreadsheets and CADD (Computer Aided Drafting and Design) supports visually voiding the signature on any printed hard copy made after an alteration. However, creating a CADD overlay with the original as a reference (XREF) and printing a hard copy can result in an appearance similar to the original test here.
EDIT: Some government agencies have requirements that electronic files be the primary document and hard copies are either not required or only viewed as supporting documents. Ohio Administrative Code for Architects, Landscape Architects, Professional Engineers and Professional Surveyors have specific requirements requiring the presence and ability to verify digital signatures.
Dallas P. Morlan, P.S. (Retired), OH, WV
Most probably won't but you will want to make sure it passes the muster of your applicable state. I know in ID this would be against state code if you are signing the document as a PLS.
In CA I can do self-certified, but -- as I just learned -- if the recipient is a public agency the certificate authority has to be on a state-approved list. Since I have a number of public agency clients, I applied for a certificate with Identitrust, as suggested above.
I shopped around some, and found the offerings really confusing. Most firms on the list seem to want to sell SSL certificates or web-based document signing and storage. I did find a couple that offer locally-hosted PDF signature certificates, but they were considerably more expensive than Identitrust.
Frame Surveying & Mapping
609 A Street
Davis, CA 95616