Well before COVID-19 gave cybercriminals a new angle for their scams, Adobe PDF documents have long been a key topic of cybersecurity conversations.
Adobe’s PDF format is the de-facto standard for providing content, so it’s no surprise to see emailed phishing attacks rely on PDF attachments. In a typical scenario, the PDF contains deceiving content, tricking the recipient into clicking a link to a malicious website or performing an action detrimental to their organization.
In this context, document signing certificates can help email recipients discern phishing attempts from legitimate requests by giving the reader extra guarantees about the content of a PDF document.
What is document signing
Document signing certificates are digital identity documents that can be leveraged for digital signatures. They contain verified identity information about the owner of the certificate and are used to sign files such as Microsoft Word documents, or Adobe PDF documents.
Signing a file is just like applying a digital seal. Just like on a printed document, the digitally signed document carries a visible mark indicating that a signature was applied, and a copy of the document signing certificate is embedded into the signature.
A signed PDF document
PDF signatures using document signing certificates are convenient in situations that require a higher level of trust. The signature is both a visual mark in the document, and a time stamped cryptographic operation on the document itself that uniquely ties the content to a specific person or organization.
As a result, document signing certificates provide such a high level of confidence about the owner of the signature and their consent to sign that they are considered legally binding and equivalent to wet-ink signatures in many countries. Document signing certificates are a great way to fight against phishing and impersonation, and the best way to authenticate documents and digitalize transactions.
Getting a document signing certificate
Document signing certificates trusted by Adobe software can only be obtained from approved Certification Authorities. Before the certificate is issued, the person or the organization requesting it must go through a verification process to prove their identity. The process includes video verification and identity checks against approved databases.
The digital document signing certificate is delivered on a USB token. This ensures that the certificate cannot be shared — every time a signature is performed on a PDF, the token must be physically plugged into the computer where the signature is performed.
Document signing can also be implemented at scale for large organizations, centralizing the token and leveraging hardware security modules (HSMs) to ensure identity and security across an enterprise.
Signing and verifying the digital signature of a PDF document
The signing process
Signing a PDF document is easy and it is possible to add more than one signature. Once the document signing certificate is installed on your computer and the USB token is plugged in, you can start signing PDFs using the tool of your choice. The example below shows Adobe Reader, which comes with an integrated signing tool.
How to verify a signature
When you open a signed PDF with Adobe Reader, any signatures will be checked automatically. If a signature was performed with a certificate that was not issued by a trusted Certification Authority, a banner will display an error message:
If the document was modified after the signature, the banner will also indicate the signature is no longer valid:
Not all electronic signatures are digital signature
Most PDF readers also will offer signature tools that do not require a certificate. These signatures can be displayed in various ways, such as printed initials, names or manually drawn signatures.
While these signatures have legitimate use-cases, they cannot offer the same level of trust as a digital signature with a document signing certificate issued by a trusted Certification Authority.
To learn more about document signing certificates, you can consult our dedicated page here: https://www.entrust.com/digital-security/certificate-solutions/products/digital-signing/document-signing-certificates, or contact us here: https://www.entrust.com/contact.