Signing the PDF document with a certificate
What is a digital certificate
A digital certificate is an electronic document that verifies the identity of a user and prevents forgery of the document content. Simply put, the certificate makes sure the author of a document is who he claims to be and the content of the document was indeed written by the this author.
A digital certificate is issued by a Certificate Authority (CA, the issuer) – an entity that verifies the identity of the applicant. CA signs the public key of the applicant with its own digital signature – trusted and publicly available. This allows any software to identify this public key as valid and trusted and use it to encrypt or sign documents.
To get a digital certificate you must submit an inquiry to a Certificate Authority that will issue a digital certificate. Common sources of digital certificates are:
Some Certificate Authorities offer digital certificates for free, others require payment.
You can also create a self-signed certificate yourself using free OpenSSL. Please refer to the Digital Certification Manager section to learn how you can do this.
NOTE: Master PDF Editor itself does not provide any digital certificates. You should acquire a certificate from a CA before using it to sign documents.
How to create and verify digital signature
Digital signature is an effective way to protect documents from changes and to identify the true sender.
Digital signature ensures that the signed document wasn’t changed by anyone other than its author. It is the most common way to assure the authenticity of the document content. PDF signature has a digital certificate issued by a trusted certificate center.
Master PDF Editor allows validating digital signatures, creating them and signing PDF documents with them.
Note: do not confuse digital signature with inserting initials. While digital signing allows for authentication, integrity and non-repudiation of a PDF document, initials are merely an “autograph” to inform readers about the authorship of the document.
To create a signature, you must own a digital certificate. The common source of certificates is various Certificate Authorities (VeriSign etc.) that act as a trusted third party ensuring the validity of the signature. Certificate Authorities issue and validate certificates as owned by certain person or entity.
On Mac and Windows the certificate must be previously copied to the system certificate storage. On Linux you have to import the certificate into Certificate Manager beforehand.
To create a digital signature:
- Choose Forms > Signature in Main menu or click the Signature button on the toolbar. In the document, define a rectangle where the digital signature must be located.
Now you can sign the document, provided that you have a digital certificate.
- Select the signature rectangle in the document. You can do this using any of these ways:
- Click the Edit Document button on the toolbar then double-click the signature rectangle
- Click the Hand Tool button on the toolbar then click the signature rectangle once
- Right-click the signature rectangle and select Signature options.
The Signature Properties window pops up.
- Choose the certificate you want to sign the document with in the Sign As field.
- Adjust the display of the signature.
In the Signature Preview box you can preview how the signature looks. You can turn off display of the text by disabling the Show Text option, or use custom text and image of the signature using the corresponding fields below.
- Specify a signing reason. Select one of predefined reasons or specify your own.
- Click the Sign button to sign the document.
On macOS and Windows you’ll have to permit the application to access the certificate storage. When signing, you’ll be prompted for a file name and location. Choose the file name to save the signed PDF document.
IMPORTANT: Singing should be done on the final version of the document, when you are done with the editing. If the document is modified after signing, these changes will corrupt the signature making it invalid.
Validating digital signature allows you to verify, if the document is authentic and no changes were made into it by anyone else other than the author who signed it.
To validate digital signature:
- Open the PDF document in Master PDF Editor
- Select the signature in the document. You can do this using any of these ways:
- Click the Edit Document button on the toolbar then double-click the signature
- Click the Hand Tool button on the toolbar then click the signature once
- Right-click the signature and select Signature options.
This will bring up the Signature Properties window.
There you can see who signed the document and the signing reason as well as the validation summary: whether the signature is valid or invalid, or if validity is unknown.
- UNKNOWN – the signing certificate is not trusted or the parent certificate of the issuing authority (the organization that issued the signing certificate) is not trusted. However, the document was not altered after signing. The following message is displayed in the Signature Properties window:
- VALID – the signing certificate is trusted and its parent certificates are trusted. The document content was not altered after signing. If the digital signature is valid, you should see the following message in the Signature Properties window:
- INVALID – if the document was changed after signing.
Making a certificate trusted
For Windows and Mac OS X: You must add the certificate’s public key to the system certificate storage.
For Linux: Press the Information button, view certificate properties and then press the Add to Trusted Identities button.
Viewing the signed version of the PDF document
The structure of the PDF format leaves a thin possibility that the original signed content of the document could be replaced by the altered content. And this altered content is then shown when the PDF document is opened. However, the signed version of the PDF document is still available in the file.
To view the version of the document that was actually signed, do the following:
- Open the PDF document
- Switch to the Signatures tab on the left panel.
- Click the Click to view this version link.
This displays the original version of the document that was signed by its author and hence prevents forging of the PDF document content.
IMPORTANT: Always view the signed version as described here when opening documents signed with a signature of unknown validity.
More like this:
Read more about Master PDF Editor