Digital signature basics
Learn about digital signatures, differences between electronic and digital signatures, public key infrastructure, certificate authorities, and electronic signature laws and regulations.
Pdftools software that lets you manage digital signatures:
- The Conversion Service. Review Configure signature.
- The Pdftools SDK. Review Sign PDF documents.
The purpose of digital signatures
A digital signature can satisfy the legal requirements of a handwritten signature but also offers significant time and resource savings. When comparing digital signatures to handwritten signatures, we can mention the following benefits:
- Physical presence of the signatory is not required.
- Postage prices for signing many documents with signers in different locations can be high.
- There is no need to print documents only to sign them.
In some legal cases, the signature is not binding, and an additional physical signature on paper is required.
Applying an electronic signature is very similar to a handwritten signature: A person reads a document and signs it with its name.
A valid electronic signature is a section of data embedded in the document. You can use this signature to:
- Ensure the document's integrity and that it wasn't tampered with.
- Authenticate the signer of the document.
- Prove the file has existed before the date.
Difference between electronic signature and digital signature
You may have noticed that the terms electronic signature and digital signature are often used interchangeably. Still, these terms carry different meanings. Electronic signature is a general umbrella term for various types of signatures. Digital signature is a subtype of electronic signatures with specific technical improvements and agreed legal requirements they meet compared to electronic signatures. In short, all digital signatures are electronic signatures, but not all electronic signatures are digital signatures.
While all digital signatures are electronic signatures, not all electronic signatures are digital signatures.
Note that these terms can have country-specific differences in translation, interpretation, and legal acceptance.
Electronic signature
In general, an electronic signature is data in electronic form attached to other electronic data in a document.
In its simplest form, an electronic signature can be an image of your signature that you include in a document (for example, PDF, RTF, DOC, DOCX). Even your email signature is an electronic signature.
Digital signature
A digital signature is created by applying a cryptographic algorithm to the document, which provides additional security. This cryptographic algorithm requires personal information (your private key). This information relies on an advanced Public Key Infrastructure (PKI) method. Cryptographic signatures follow strict regulations such as the European Union eIDAS or Swiss ZertES, providing a trusted, secure, and auditable signature.
Public key infrastructure
Public key infrastructure is a framework for securing communication over the internet. It verifies the identity of parties involved in a transaction and encrypts or decrypts the data exchanged between them.
Two keys are necessary to verify, encrypt, and decrypt the data:
- Public key
- Private key
Both keys are explained in the following sections.
Public key
The public key is a large numerical value used to encrypt data and is part of your certificate.
Your certificate is a file with an extension such as .cer,
.pem
, or .crt
that stores information about the owner and contains the public key.
This file format cannot store private keys and can store only one certificate, X.509 (the standard defining the context and layout of public key certificates).
Your public key information is not sensitive; you can share it with others.
Private key
The private key is a large numerical value used in an encryption algorithm to decrypt data. It is part of your Digital ID, which could have different representations. You can store it in a physical smart card, an HSM device, or a file on your disk.
In the case of smart card authentication, your user credentials, which are your public and private keys and certificate, are stored on a smart card. You are authenticated when you insert a card into a card reader and then provide a PIN.
Smart card example
- Ryan has a smart card containing a private key. Ryan signs a document with the smart card and then sends the document to Julia.
The private key is kept secret and remains with Ryan because, as the smart card owner, only he can sign the document with that private key. - Along with the document, Ryan can create a certificate containing the public key they make available to Julia.
You can share the certificate safely with anyone, as it only contains the means to validate a signed document. - When Ryan publicly shares their certificate, Julia receives the document and can verify that Ryan, the private key owner, signed it.
Julia can be sure that nobody modified the document since Ryan signed it.
Digital ID
A digital ID is a file that proves your identity details, similar to a driver's license or a passport.
Digital ID contains two important sections
- Your private key to decrypt data.
- When you sign PDFs, you use the private key to apply your digital signature.
- Your certificate contains your public key to encrypt data.
- You can distribute the certificate to those who want to validate your signature or identity.
Your digital ID contains your private key, which others can use to sign in your name.
Digital ID files, also called PKCS#12 files, have the .pfx (Windows) or .p12 (macOS) extensions. They can be used interchangeably between operating systems. This archive file format stores many cryptographic objects in a single file.
Chain of trust (certification path)
The chain of trust refers to your certificate and its link to a trusted certificate authority (CA). Certificates (or signatures) can be verified based on other certificates. We can trace back the verification to the public keys of root authentication providers, showing that many people know and accept these keys.
CAs operate on a hierarchical basis. At the top of this hierarchy are the Root Certificate Authorities (Root CAs), responsible for verifying and issuing certificates to subordinate certificate authorities. These Root CAs are trusted entities worldwide and form the foundation of the public key infrastructure.
The trust chain, which includes all issuer certificates and the root certificate, must be embedded in the digital signature. The trust chain ensures that the signature can be verified by any party that trusts the Root CA.
Embedding the trust chain in the signature requires all issuer certificates, including the root certificate.
Certificate authorities
A certification authority (CA) is an entity that stores, signs, and issues digital certificates (digital IDs) that certify the ownership of a public key. For more details, review the previous section Chain of trust (certification path).
A digital signature or digital ID is commonly known as a digital certificate.
It's important to distinguish between X.509 certificate files in .cer
or .crt
format and combined certificates that contain private keys in .p12
or .pfx
format.
Verify the signee
In X.509 certificates, the certificate path describes a third party, known as a certification authority, which verifies the validity of the information in the certificate connected to a specific person. Certification authorities are responsible for checking the identity of the person who requests a certificate. If a trusted CA issued a certificate, you can trust it also.
Trusted certificate authorities
There are two primary sources for verifying whether a trusted CA issued the certificate. If the Root certificate is trusted, you can trust the certificate.
The Adobe Approved Trust List (AATL)
You can trust that the listed CAs and Trust Service Providers (TSPs) comply with global legal and regulatory requirements, including the EU eIDAS regulation. You can also find Digital ID providers that are approved outside of the EU.
European Union Trusted Lists (EUTL)
The European Union Trust Lists are public lists containing more than 200 active and former trust service providers (TSPs) who, according to their accreditation, best meet the eIDAS electronic signature regulation requirements. Once you get your digital ID from one of the providers below, securely signing documents becomes easy.
Private certificate authorities
With a Windows Server, you can create a CA to manage issued and pending certificates through a web interface. This is a fine solution for internal usage. You can access your Certificate Services through Active Directory.
In the following picture, PDF Tools RootCA2 is the private CA, and PDF Tools Support is the certificate issued.
If you share your signed PDF with a third party that doesn't have the certificates installed on their local machine, they are prompted with warnings at the signature panel and the certificate properties.
If you trust this person, there are two ways to accept their certificate:
- Add the certificate through the Adobe Acrobat Reader interface.
- Add it manually to your Windows Certificate Store.
Self-signed certificate
A root CA is not always necessary. You can create a custom digital ID and sign documents with a self-signed certificate. The following sections, Create digital ID with Adobe Reader and Create digital ID with PowerShell explain two ways to create a self-signed certificate.
Create digital ID with Adobe Reader
You can follow the steps in Create a self-signed digital ID in Adobe documentation.
By the end of this process, you will create a .pfx
file.
This file contains the private key and the X.509 certificate (which includes the public key).
Create digital ID with PowerShell
- Create a certificate and install it on your local machine (Personal Certificate Store):
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname "TestCert"
- Secure your certificate:
$pwd = ConvertTo-SecureString -String "Password" -Force -AsPlainText
- Export the certificate with a password:
Export-PfxCertificate -cert cert:\localMachine\my\5663345E048BFD700866449B286F777DAB8D3C12 -FilePath root-authority.pfx -Password $pwd
- Replace the example thumbprint
5663345E048BFD700866449B286F777DAB8D3C12
with the one you generated.
- Replace the example thumbprint
In the Conversion Service, you can't use the .pfx
file directly, but you can install it to the Windows certificate store under the user who runs the application, which is the SYSTEM user.
Certificate revocation information
You can revoke your digital certificate when you lose it. As a result, anyone who finds or acquires your original certificate cannot use it to sign on your behalf illegally. In this case, it's getting invalidated before the expiry date. All the signatures you created before that time remain valid, but the ones you created later will be invalid. The signature ensures that the certificate was valid when the document was signed (due to the embedding of the OCSP/CRL response).
Online certificate status protocol (OCSP)
OCSP is a protocol for interactively checking the revocation of a single certificate. It can provide more timely revocation information than CRLs.
Certificate revocation list (CRL)
A CRL is a list of digital certificates the CA revoked before their scheduled expiration date. The CRL is an online service where you can check if a certificate is valid.
Electronic signature laws and regulations (EU)
The strength and reliability of the signature you want to use are tied to your requirements. CA's responsibility is to provide the desired level of strength and reliability.
Simple electronic signature
Simple electronic signatures have no legal significance. A simple electronic signature can be a cryptographic signature. A cryptographic signature is generated using a digital certificate, but the certificate is not from a trusted Certificate Authority. It can be a self-signed certificate, which means it doesn't have an issuer or can be created by some private CA like a company (for example Pdftools) that issues a new certificate. A simple electronic signature cannot verify the identity of the signer.
Using a simple electronic signature brings the following advantages:
- The signature ensures the integrity of the signed content.
- Subsequent changes in the data are detectable.
Advanced electronic signature (AdES)
Legally, the advanced electronic signature is similar to a company stamp. It's used for mass signature.
While legally binding in many contexts, AdES is not identical in its legal status or formal recognition to an official handwritten signature.
A trust service provider or CA (such as SwissSign) issues digital certificates for AdES e-signature type, typically after verifying an individual's identity. Certificates in this category meet the requirements of eIDAS, which means they are regulated by law and have strict processes.
To receive an advanced certificate, the owner must prove their identity, for example, by physically visiting the CA and presenting their passport. The owner can be a legal person or entity.
An advanced certificate contains the owner's name, the name of the CA, the period of validity, and other information.
The AdEs brings the following advantages over a simple electronic signature:
- Capable of identifying the signatory, who can be a legal person or an entity provided by a trusted CA.
- You can acquire Certificate revocation information from an online service. Embed the valid response (for example: valid, revoked) in the signature (OCSP, CLR).
- Protected private key storage.
OCSP and CRL
Embedding revocation information is optional but recommended when applying advanced (AES) or qualified electronic signatures (QES). The signing certificate includes the revocation information and all certificates of its trust chain. Therefore, the same message may present both OCSP responses and CRLs. However, embedding revocation information increases the file size (usually around 20 kB) and requires an external request to a validation service, which may delay the signing process.
Qualified electronic signature (QES)
The requirements for a qualified certificate and qualified signatures vary by country. You can't make mass signatures with them.
In many European Countries, a qualified electronic signature (QES) is equivalent to a handwritten signature.
Nobody can sign the document without the user's interaction. As a result, the QES is equal to a handwritten signature, meaning that you can apply only one signature at a time.
The QES is a signature created by a qualified electronic signature creation device (QESCD). For example, a physical smartcard held by the signer with an associated PIN code or hardware security module operated remotely by a qualified trust service provider (QTSP) in the cloud. You have to enter the PIN code manually. This signature can also be approved from a mobile phone.
A qualified electronic signature is similar to an advanced electronic signature but has higher requirements. The main differences are:
- The key storage must ensure that the user approves the signature manually when you sign the document.
- A time-stamp can be required to ensure the integrity of the signing time.
- Supports QES useful for legal processes.
Qualified certificate
Qualified certificates for electronic signatures issued by a Qualified Trust Service Provider (QTSP). A QES based on a qualified certificate issued in one EU Member State is recognized in all other EU Member States.
TSP and QTSP
Generally, there are two types of trust services:
- Trust Service Provider (TSP)
- Qualified Trust Service Provider (QTSP)
Only a QTSP can provide a qualified version of the services, which can be described as additional security.
Types of electronic signatures
There are different types of electronic signatures that Pdftools provides.
Document signature
The most usual type of signature is a document signature, also called an approval signature. You need a digital certificate to create this type of signature.
The main responsibilities are:
- Ensure the integrity of the document.
- Authenticate the signer's identity.
You can modify and save signed documents by incremental updates. The document's state can be recreated as it existed at the time of signing.
Optional responsibilities:
- Optional visual appearance in the document.
- Optional time-stamp provided by a time-stamp authority (TSA).
- Optional long-term validation (OCSP, CRL).
- You can add multiple signatures.
Multiple signatures in archived documents
Many types of documents that require digital signatures also require archiving. PDF/A conformance is often necessary for archiving to ensure the file is not corrupt and its visual appearance is well-defined and reproducible.
However, during the conversion process from PDF to PDF/A, signatures could be removed from the file before it is converted to PDF/A for archival. Even if your PDF is archived, the signature can be removed if it doesn't conform to the best possible conformance level. Before any digital signatures are applied, archive the files in PDF/A format.
When you archive files in the Conversion Service using the Archive PDF/A workflow, the service first removes the previously applied digital signatures before archiving a file.
Signature workflow lets you add additional signatures to your archived PDF, even if it doesn't conform to the best possible conformance level.
Document certification signature
You can't add this type of signature to your document with the Conversion Service. However, leverage the document certification signature with the Pdftools SDK.
It's also called the Modification Detection and Prevention signature (MDP). A document can contain only one MDP signature, which must be the first. Other signature types can be present.
The document certification signature is similar to the document signature, but the author can define what changes they allow and which modifications they prevent. The main differences are:
- Document certification signature detects changes.
- Displayed differently in Adobe Reader.
- You can add only one MDP signature.
- It's to contain a signature visual appearance, time-stamp, or long-term validation.
Document time-stamp signature
A time-stamp signature proves that the document existed at a specific time and protects its integrity. You can apply one or more Document Time-stamp signatures. A signed document can be modified and saved incrementally.
You can use time-stamp signatures separately, but including a time-stamp signature in document signatures is common.
Main responsibilities:
- It's a simple signature that ensures the integrity of the document. In Adobe Reader, it's displayed as a watch symbol.
- It's a Proof of Existence (PoE).
Time-stamp authorities
A time-stamp authority (TSA) provides trusted, cryptographically secure time-stamp information. This time-stamp information can be used to apply a digital time-stamp to a document, which verifies that the document existed at a point in time and that its content wasn't changed.
A time-stamp signature does not require a local signing certificate. Instead, the time-stamp signature requested from the time-stamp authority is embedded into the document. However, a cryptographic provider that supports time-stamp signatures is required.
Unsigned signature field
You can't add this type of signature to your document with the Conversion Service, but you can leverage it with the Pdftools SDK.
You can set a position where you expect to have a signature.
PaDES Standard - PDF Advanced Electronic Signatures
PAdES is a technical standard for PDF documents and refers specifically to restrictions and extensions of electronic signatures. With PAdES, you can provide a unique electronic signature.
The 'advanced' part of the name refers to the upgraded security and validation methods it provides for electronic document signatures. Don't confuse the 'advanced' with the 'advanced' part in the AdES signatures.
History of PaDES
- Before this standard, signatures varied and were incompatible across different software.
- The European Telecommunications Standards Institute (ETSI) published the PaDES technical standard in 2009, which makes signatures interoperable between different software.
- The PaDES was updated in 2011 and later in 2015 to the European norm ETSI EN 319 142. The update provided an improved specification that is still widely accepted.
Signatures that you can create with the Conversion Service provide compatible standards.
The following table informs about the historical evolution of the names of these standards. The first column is the latest standard defined in the ETSI EN 319 142 norm with four baseline signature levels recommended by the PAdES European standard. The second, third, and fourth columns display previously defined standards. Although the names differ based on the standards, they have similar meanings but also some slight differences:
ETSI EN 319 142 | ETSI TS 102 778 | ETSI TS 103 172 | ISO 14533-3 |
---|---|---|---|
PAdES B-B | PAdES-BES | PAdES B-Level | - |
PAdES B-T | PAdES-BES | PAdES T-Level | PAdES-T |
PAdES B-LT | PAdES-BES | PAdES LT-Level | PAdES-A |
PAdES B-LTA | PAdES-LTV | PAdES LTA-Level | PAdES-A |
PAdES B-B
PAdES B-B is a basic digital signature that contains information about the document's integrity and the signee's authenticity.
PAdES B-T
PAdES B-T is a digital signature with a time-stamp token.
PAdES B-LT
PAdES B-LT is a digital signature with a time-stamp token and long-term validation data.
Advantages of long-term signature
Every signature expires. The period after which signatures expire is usually five years. You cannot see if the certificate was revoked when a signature validity period expired. To solve the problem, you can embed validation data that you can get from your online service. If someone looks at the document after the signature has expired, they can see the validation data to check the certificate was not revoked when the signature was created. If your signature is not long-term, you can only see if it was revoked until it is valid.
You can configure the Conversion Service to embed long-term validation (LTV) information into a document during the signing. This setting attempts to embed revocation information such as OCSP and CRL. A validation service provides the revocation information at the time of signing and acts as proof the certificate was valid at the time of signing.
PAdES B-LTA
PAdES B-LTA is similar to PAdES B-LT but adds a document time-stamp at the end of the document
The time-stamp improves the data protection. The original algorithm can become obsolete, and attackers (such as hackers) may abuse your signature. Included time-stamp can ensure that a specific algorithm needs to be updated.
Signature validation
Validate signatures using sources such as certificates, Online Certificate Status Protocol results, and Certificate Revocation List results. These sources can be embedded in the PDF file, stored on the local machine, or downloaded from the issuer.
Three items need to be validated:
- Trust chain
- Revocation information (optional)
- time-stamp (optional)