Signing the PDF document with a certificate
What is a digital certificate
A digital certificate is an electronic document that verifies the identity of a user and prevents forgery of the document content. Simply put, the certificate makes sure the author of a document is who he claims to be and the content of the document was indeed written by this author.
A digital certificate is issued by a Certificate Authority (CA, the issuer) – an entity that verifies the identity of the applicant. CA signs the public key of the applicant with its own digital signature – trusted and publicly available. This allows any software to identify this public key as valid and trusted and use it to encrypt or sign documents.
To get a digital certificate, you must submit an inquiry to a Certificate Authority that will issue a digital certificate. Common sources of digital certificates are:
- VeriSign;
- Thawte;
- DigiCert;
- GlobalSign;
- DocuSign;
- Comodo.
Some Certificate Authorities offer digital certificates for free, others require payment.
You can also create a self-signed certificate yourself using free OpenSSL. Please refer to the Digital Certification Manager section to learn how you can do this.
NOTE: Master PDF Editor itself does not provide any digital certificates. You should acquire a certificate from a CA before using it to sign documents.
It is possible to sign PDF documents with a token. If using Linux you need first to install a token driver and set a driver path in the parameters: Settings, Certificate tab, PKCS#11 provider.
Then you can sign documents with a token by selecting a certificate from the Sign As drop-down in the Signature Properties window.
How to create and verify digital signature
Digital signature is an effective way to protect documents from changes and to identify the true sender.
A digital signature ensures that the signed document wasn’t changed by anyone other than its author. It is the most common way to assure the authenticity of the document content. PDF signature has a digital certificate issued by a trusted certificate center.
Master PDF Editor allows validating digital signatures, creating them and signing PDF documents with them.
Note: do not confuse digital signature with inserting initials. While digital signing allows for authentication, integrity and non-repudiation of a PDF document, initials are merely an “autograph” to inform readers about the authorship of the document.
Creating Signature and Sign a PDF document
To create a signature, you must own a digital certificate. The common source of certificates is various Certificate Authorities (VeriSign etc.) that act as a trusted third party ensuring the validity of the signature. Certificate Authorities issue and validate certificates as owned by a certain person or entity.
On Mac and Windows, the certificate must be previously copied to the system certificate storage. On Linux, you have to import the certificate into Certificate Manager beforehand.
To create a digital signature:
- Choose Forms → Signature in Main menu or click the Signature button on the toolbar. In the document, define a rectangle where the digital signature must be located.
Now you can sign the document, provided that you have a digital certificate.
- Select the signature rectangle in the document. You can do this using any of these ways:
- Click the Edit Document button on the toolbar, then double-click the signature rectangle
- Click the Hand Tool button on the toolbar, then click the signature rectangle once
- Right-click the signature rectangle and select Signature options.
The Signature Properties window pops up.
- Select the certificate you want to sign the document with in the Sign As field.
- Adjust the display of the signature.
When adjusting the display of the signature, the following options are available for changing.
- Lock document after signing. Prohibit changing the content of the form after signing the document.
- Signature Preview. Displaying the appearance of the signature.
- Appearance Settings. Set appearance preferences of the signature.
- Text.
- Show Text. Enable/disable the display of text in the signature. It is also possible to hide certain signature text: Name, E-mail, Date/Time, Signed By.
- Data format. Change the calendar date format.
- Custom. Use your signature text by entering it in the corresponding field.
- Text.
If you select the Custom option, you will be able to edit the signature text in the Text Editor pop-up window. Thus, you can change and format the text of the signature.
- Border.
- Show Border. Show/hide signature border.
- Rounded Border. Round the shape of the signature border corners.
- Color. Select the color of the signature borders.
- Image.
- Show image. Enable/disable the ability to add and display an image in the signature.
- Stretch Image. Stretch the image to the full width of the signature area.
- Specify a signing reason. Select one of the predefined reasons or specify your own.
- Click the Sign button to sign the document.
On macOS and Windows, you’ll have to permit the application to access the certificate storage. When signing, you’ll be prompted for a file name and location. Choose the file name to save the signed PDF document.
IMPORTANT: Signing should be done on the final version of the document, when you are done with the editing. If the document is modified after signing, these changes will corrupt the signature, making it invalid.
Validating Digital Signature
Validating digital signature allows you to verify, if the document is authentic and no changes were made into it by anyone else other than the author who signed it.
To validate digital signature:
- Open the PDF document in Master PDF Editor
- Select the signature in the document. You can do this using any of these ways:
- Click the Edit Document button on the toolbar, then double-click the signature
- Click the Hand Tool button on the toolbar, then click the signature once
- Right-click the signature and select Signature options.
This will bring up the Signature Properties window.
There you can see who signed the document and the signing reason as well as the validation summary: whether the signature is valid or invalid, or if validity is unknown.
- UNKNOWN. The signing certificate is not trusted or the parent certificate of the issuing authority (the organization that issued the signing certificate) is not trusted. However, the document was not altered after signing. The following message is displayed in the Signature Properties window:
- VALID. The signing certificate is trusted, and its parent certificates are trusted. The document content was not altered after signing. If the digital signature is valid, you should see the following message in the Signature Properties window:
- INVALID. If the document was changed after signing.
Making a certificate trusted
For Windows and Mac OS X: You must add the certificate’s public key to the system certificate storage.
For Linux: You must add the certificate’s public key to the Certification Manager.
Viewing the signed version of the PDF document
The structure of the PDF format leaves a thin possibility that the original signed content of the document could be replaced by the altered content. And this altered content is then shown when the PDF document is opened. However, the signed version of the PDF document is still available in the file.
To view the version of the document that was actually signed, do the following:
- Open the PDF document
- Switch to the Signatures tab on the left panel.
- Click the Click to view this version link.
This displays the original version of the document that was signed by its author and hence prevents forging of the PDF document content.
IMPORTANT: Always view the signed version as described here when opening documents signed with a signature of unknown validity.
More like this:
Read more about Master PDF Editor