Self-signed digital certificate - authenticity issue

Question

Greetings to the community

I created a self-signed digital certificate, and made a few tests to see how things worked. I dont see any mechanism preventing anyone from creating a digital signature with my own name which on their face will look legit

Inclusion of the originating IP in the signed document mitigates a bit this risk - a feature which exists within Adobobe Sign's audit report but not when signing outside Sign - for example from Adobe Acrobat DC and then emailing the digitally signed document to another party

Am I missing something or is the IP of the signing party recorded / visible somewhere?

Thanks

(Ps: I am aware of the fact digital certificates issued by third parties after verifying one's identity address the particular issue)

SimonESATS · Answer

i assume you are referring to creating a self sign cert within Acrobat.

Self cert issue are pretty useless to establish trust for the reason you mention.

Creating a cer is one side of the story though. Indeed anyone can create a self-sign cert with any name. However this cert will only valdate correctly on the machine it was created. If you send me a pdf signed with that self signd cert, Acrobat will not be able to validate that signature and informs me the identity of the signer is unknown.

If it was you and your singature and I know you, I'd reach out to you and ask for your public cert and add this to my Acrobat. Then when validating the pdf again it will be ok as I decided to trust your cert by adding it to my trusted cert list.

And if you say it wasn't you I would not do that and delete the pdf.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded