Digital Signatures, Digital Certificates, and PDF Authentication

For centuries people used a wax seal on letters to prove to the recipient that the letter was from a trusted source and had not been tampered with.  Did you know there is a way to do this digitally with your PDF file?

We recently added a feature that allows you to apply a digital certificate to a PDF file when it is created by Win2PDF. The certificate — which can be created by you, or purchased from a certificate authority — allows the recipient to verify that the file was ‘signed’ from the sender and that it hasn’t been altered or modified.

Before we get into the specifics of this feature, we should probably do a little explanation of terms surrounding digital signatures and what is commonly known as “digitally signing” documents, because it can be a confusing topic.

There are several ways of doing this that largely break down into 2 categories.

  1. Electronic Signatures (or e-signatures):  This method of signing a PDF allows the user to apply a simple image representing a person’s handwritten signature.  It is simple and easy to implement, and is legally permissible for many types of documents, but also not very sophisticated.  For example, it would be easy for someone to scan a signature of someone else, and then use it to apply to PDF files without the signature owner ever even knowing about it.  Aside from the representation of the signature, there isn’t a formal way of authenticating the creator is who they say they are.
  1. Digital Signatures: This method of signing is more sophisticated and preferred by companies that require a greater level of source authentication.  With this type of digital signature, an encrypted certificate is embedded within the PDF file.  The recipient of the file can view the certificate and verify exactly “who” created it.  For example, if I create a trusted certificate as John Doe from Win2PDF Sales and applied it to a PDF file, the receiver of that file would be able to verify that “John Doe” really was the creator of the file and that the document hasn’t been modified since it was signed.  There are also different types of certificates that can be used, from simple digital IDs that you can create yourself in Adobe Reader, to more advanced ones that can be purchased and verified by an approved certificate authority (CA).

The new Win2PDF feature utilizes this second method — digital signature, or digitally signing documents using certificates.  It requires a valid Win2PDF Pro software license (request a trial version if you want to try this), and it assumes that you have already either created or obtained your own digital certificate.  Adobe’s web site provides documentation on how to create your own Digital ID in Adobe Reader.

Here is an overview of the steps needed to apply a digital certificate to a PDF file using Win2PDF:

  1. Download and install Win2PDF Pro 10.0.108 or later software. [Note: This links to the Win2PDF Pro Service Pack for the latest version.]
  1. Download and install the PDFSignWithCertificate Plug-In.
  1. Once these 2 components are installed, you will see a new checkbox on the Win2PDF file save window.  If this box is checked, you will get a pop-up to select a certificate when the PDF file is saved.

  1. When the PDF file is saved, choose your Digital Certificate.  If you used Adobe Reader to create your digital ID certificate, for example, the file would have a .pfx file extension and be located on your hard drive folder named:

C:\Users\[your username]\AppData\Roaming\Adobe\Acrobat\DC\Security

  1. When the Digital Signature file is applied, it will require you to enter in a password to complete the certificate application to the PDF file.  This password is something you set up when creating your Digital ID or obtained from a certificate authority.

  1. Lastly, when you open the PDF file in Adobe Reader, Adobe recognizes the PDF file as being signed with a valid digital certificate.  You can see how this is displayed in Adobe below.
  1. If you examine the certificate in the Adobe Reader software, it will show the details that were used. Here, the recipient could verify that the file was signed by John Doe from Win2PDF Sales. 

For advanced users, Win2PDF Pro also supports a command line to sign PDF files with a digital certificate.

This has just been an overview of the new Digital Signature feature in Win2PDF Pro.  If you have any questions please let us know and we’ll be glad to provide more assistance.

Signed, Sealed, Delivered – Digital Signatures vs. Electronic Signatures

We frequently get questions about our product (Win2PDF) and its support of digital signatures.  While we have investigated adding this as a feature, there are many variations in implementation and some general misunderstandings of what “digital signatures” really are that makes it difficult to provide a universal solution to this problem.

Generally, when people speak of ‘signing a document’ they mean to apply some form of electronic signature to the PDF, and this can be done either simply (typically called an electronic signature), or in a way that is more advanced (typically called a digital signature).  A brief explanation of both:

  • An electronic signature is a general method of signing an electronic document, and it typically works by associating a marker (such as a .JPG representation of a person’s hand-written signature) to a PDF file. An electronic signature is easy to implement, but also offers fewer protections and can be easier to forge.
  • digital signature is a more sophisticated implementation of electronic signatures that associates an encrypted “fingerprint” on a PDF file. This “fingerprint” is unique to both the document and the signer and ensures the authenticity of the signer. If the PDF is changed after it is signed, it invalidates the signature.  Generally, it is a more secure method of protecting the integrity of a signed PDF file.

If you’re interested, more details can be found at this FAQ about digital signatures.

There are several different approaches to signing PDF files, and different organizations may require different levels of sophistication in their files.  A legal document sent by a lawyer, for example, may have a more stringent requirement for authentication than, say, a document that just needs an ‘sign-off’ by a manager for a particular internal process.

So, which version will you need?  That will require some more investigation on the type of solution that best fits your business needs.  One interesting recent development is that the latest version of Adobe Reader has announced some native support for “electronic signatures”.  While this isn’t an advanced digital signature solution it may suffice for many users.  And because the basic signing capability is included with Adobe Reader the implementation is easy.

Adobe acquired Echosign (a company specializing in signature technology) in July of 2011, and earlier this month they announced that the native Echosign functionality was included in the latest Adobe Reader application.  This integration will allow users to electronically sign any document in Adobe Reader (with a new “Sign” button) and then send the document out for others to sign through the Echosign web site.  Here’s a screen shot of the new Adobe Reader interface.

Adobe digital signature screen shot
Adobe Digital Signature

There are some free capabilities for a single user, but to effectively use this electronic signature capability within an organization requires a subscription to Echosign.

This is an interesting development for many users, but it still may not be the right solution for all companies.  Other companies offering digital signature solutions include IdentrustAppligent, Arx, and DocuSign.

Back to the discussion of incorporating the digital signature feature into Win2PDF?  Well, because of the variety of solutions available, and the different requirements for different organizations, we’ve found it best to provide a method to integrate with other solutions instead of trying to create a solution that will fit every user’s needs.  We do this by providing a mechanism to a launch an external application after creating the PDF file with Win2PDF.

Actually, if you are interested in this Win2PDF mechanism, send an e-mail to [email protected] and ask for more details.  We have a Win2PDF Admin Utility that can make this a little easier, but we don’t have it fully documented…  yet.

Signing off…