PDF Signing certificates
A PDF Signing certificate offers a digital alternative to sealing and signing a non-digital document. Examples of this are documents requiring a valid signature, or documents containing sensitive information. Use of digital signatures is often the last step in a complete digitization of the paper flow within an organization and results in significant savings in cost and time. Signing the PDF (or Office) document garantuees the sender and the contents of the document.
Automatically trusted by Adobe AATL
PDF Signing Certificates are digital signatures which are automatically trusted by Adobe Reader (the most widely used program for reading PDF-files) through the Adobe AATL program. Ensured and GlobalSign are members of this program. Placing a digital signature requires software specifically created for this purpose. Recipients do not need extra software to check the signature; nor do recipients have to perform extra actions. Adobe Reader validates the signature immediately after the document is opened. The digital signature is displayed in the document as a green check, or a blue rosette. In this manner recipients are given a guarantee that you were, in fact, the sender of the document. Besides the authenticity of the sender, the signature also guarantees that the contents of the document have not been tampered with by a third party. Besides automatic validation, this type of certificate offers another major advantage, namely long-term validation. This can be achieved by including the Certificate Revocation List and a timestamp when the document is signed digitally. Because of this, the signature is verifiable and valid over a long period of time. Even after the certificate has expired or if the CRL is no longer available.
It's also possible to sign a PDF document with a digital signature that is not automatically trusted by Adobe Reader. In this case the recipients, as long as they don't alter the Adobe settings, will receive a warming that the signature is not trusted: The validity of the document certification is UNKNOWN. The author could not be verified
- PDF files can be sent in a manner which ensures the identity of the sender and the integrity of the contents of those files;
- recipient can easily check the sender;
- the recipient does not need additional plug-ins or software apart from Adobe Reader, nor does he/she need to change any settings within the program;
- legally speakng you place an advanced electronic signature;
- long-term validity and verifiability of the signature through inclusion of CRL and timestamping.
Types of Signature
Signatures for Individual
By using a personal PDF certificate a PDF document is signed on behalf of a person or an organization. The certificate is uniquely linked to the signatory and is issued on a safe means (USB-token). Consequentially, signatures generated by this certificate are regarded as personal advanced electronic signatures. Xolphin issues this type of certificate from GlobalSign and Ensured (as Ensured e-Sign).
- identifies a person as an employee within your organization;
- enables signing of PDF documents with a personal title;
- issued on a secure USB-token, the certificate is automatically trusted from Adobe Reader version 9.0 onwards.
- Use on a Windows computer or a Maco OS with Windows installed;
- signing documents or forms using a personal title;
- desktop-based document flows.
Signature for Organization
With a PDF Signing Certificate in business, you can sign PDF-documents on behalf of an organization and department. Depending on the number of documents to be signed annually, the certificate is supplied on either a USB token or HSM. Certificates supplied on USB tokens are suited for use on a desktop computer. Using this set-up, each document is signed individually. HSM units are ideal for high volume signing; the signing process is done at high speed through a server. Xolphin issues this type of certificate from GlobalSign and Ensured (as Ensured e-Seal).
- signing documents or forms on behalf of an organization and department;
- desktop- or server based;
- certificate on USB token provides a safe and easy solution for low volume signing;
- certificate on HSM provides a stable environment for high speed signing of large volumes.
- organizations wanting to sign their PDF documents digitally on behalf of the organization and department;
- large volumes of PDF documents such as bank statements and financial reports;
- documents where signing on behalf of an individual is not appropriate.
Information in the Certificate
The following information is included in the certificate:
- Division (optional)
- Name (individual or department name)
- E-mail (optional)
- Country Code (for example: GB)
Signing PDF documents
With a PDF Signing Certificate, you have a digital signature. This signature is placed on PDF documents using signing software. An example of this is the Adobe program Adobe Acrobat, which has an integrated signing function. A wide range of signing software exists in different price ranges. We can assist you in finding the right solution for your specific situation. There are several different ways to sign a PDF document.
How does it work?
Signing a digital document using a digital signature involves two steps. Firstly, the file containing the document is 'hashed', meaning a unique code is generated based upon the contents of the message and the identity of the sender. The resulting 'hash value' is encrypted using the private key LINK of the sender. The result of this procedure is the digital signature, which is sent to the recipient along with the document. The recipient checks the validity of the document by decrypting the digital signature using the public key LINK of the certificate.
Visual Version of the Signature
Most signing software offers a choice between a visible and an invisible signature. Neither of the two choices has legal or technical consequences. An invisible signature is not visible in the actual document. After being opened in Adobe Reader, the signature is displayed in the status bar. By double-clicking the status bar, the user is presented with information on the certificate that was used. A visible signature is visible in the status bar, and in the document itself. The person signing the document chooses the location of the signature in the document. This could, for example, be on each page or at the bottom of the last page. After deciding on its location, the contents of the signature are determined, for example: name of the person signing the document, location and date. It is also possible to add a company logo or scanned version of a written signature. By using a visible digital signature, the concept of a digital signature is made more tangible and understandable for the recipient.
Method of signing
By using a PDF Signing Certificate it becomes possible to certify a document. Most signing software offers this possibility. By digitally certifying a document, it is provided with an electronic seal. The person signing the document indicates which changes in the document are permissible. The certification of the document is made visible in Adobe Reader by displaying a blue rosette in the status bar. Any unauthorized changes made in the document, will result in a warning shown in the status bar. Any changes made to the document are displayed in the signature window. A document can only be certified by the person who originally signed it, which is usually the author of the document.
A PDF document can be provided with one or multiple signatures of approval. Approving by signature is possible for both certified and non-certified documents. The same document can be signed by one or several persons in this manner. Signatures for approval indicate which persons or departments have approved the document(s) the signatures were placed in. Signatures for approval are displayed as a green check in the status bar by Adobe Reader.
Signed and all signatures are valid.
Please notice the following points which apply for both the signature to certify and the signature to approve:
- signatures can be placed in a way which is visible or invisible;
- both use a Certificate Revocation List (CRL) to correctly validate the certificate;
- both are suitable for timestamping.
Certification by (certificaat) is invalid.