Jump to content
Dave Novo

Is there a component that allows me to include proper digital signatures

Recommended Posts

Hello,

When signing a PDF, you can use a proper digital signature.  Note in the attached screenshot, you can use a certificate from the System or from a file. You can even create new certificates etc.  Are there any third party components that handle the details of this, i.e. reading/validating the certificates. I want my users to be able to sign the documents that my application makes. We have a basic digital signature system already, but not one that supports certificates etc.

 

esig.png

Edited by Dave Novo

Share this post


Link to post
3 hours ago, Dave Novo said:

Hello,

When signing a PDF, you can use a proper digital signature.  Note in the attached screenshot, you can use a certificate from the System or from a file. You can even create new certificates etc.  Are there any third party components that handle the details of this, i.e. reading/validating the certificates. I want my users to be able to sign the documents that my application makes. We have a basic digital signature system already, but not one that supports certificates etc.

esig.png

What is Acrobat doing there? Is it a certificate is the security sense, or is it just an image? 

 

Now that we have your signature in the image in this post, can't we sign things and pretend to be you? If I steal your cheque book, can't I sign them now as you? 

Edited by David Heffernan

Share this post


Link to post

In as much as if you saw my signature on any piece of paper, like credit card receipt, then stole my checkbook, then scanned both together and issued forged checks, you could try to do so I guess.

 

This  somehow embeds a real certificate of some sort into your document.  Here is a bit of an overview of what they are doing, but it is light on technical details

https://helpx.adobe.com/acrobat/11/using/digital-ids.html

I think there is an open standard that governs these kinds of digital signatures.

Share this post


Link to post
1 hour ago, Dave Novo said:

In as much as if you saw my signature on any piece of paper, like credit card receipt, then stole my checkbook, then scanned both together and issued forged checks, you could try to do so I guess.

But you usually don't post credit card receipts on a sign post at a busy place. You just posted a picture of your signature on the internet ...

Share this post


Link to post
1 hour ago, dummzeuch said:

But you usually don't post credit card receipts on a sign post at a busy place. You just posted a picture of your signature on the internet ...

Yeah, seriously you should remove this. 

 

As far as the question, I guess you need to decide on exactly what you want to implement. Security concerns are seldom as easy as "just add a signature". You see a lot of people who want to implement security without a solid understanding and it usually ends badly. 

Share this post


Link to post

I want to implement the same standard (ideally) that Adobe PDF implements.

It seems there are a few standards

https://en.wikipedia.org/wiki/PAdES

 

https://www.cloudsignatureconsortium.org/

 

Seems like there are already "trusted" companies that can generate the signing certificates in the proper way, and also you can create your own certificates somehow. I dont know all the technical details of how this works though, I was hoping that someone already implemented it.

Share this post


Link to post

HI Emil,

 

I do not want to sign a PDF however. I want to be able to implement signing on my own custom documents.  But still using a "industry standard" signing mechanism.

Share this post


Link to post
On 2/5/2019 at 3:58 AM, Dave Novo said:

I do not want to sign a PDF however. I want to be able to implement signing on my own custom documents.  But still using a "industry standard" signing mechanism.

You can follow the steps on signing a PDF described in the PDF spec or the spec on signing an XML document. I don't have the links handy, but if you can't find it, let me know here and I'll pull it out.

Edited by Girish Patil

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×