Skip to main content
S
Stefan5F8F
Participant
July 8, 2021
Answered

Acrobat DC - Digital Signature - Difference Sign vs Certify

  • July 8, 2021
  • 1 reply
  • 3020 views

Dear Community,

 

i am reaching out to you trying to get some clarifiction and technical backgrounds about the following:

 

Having created a pdf with signature fields, the first one signing could either

- sign document

- certify with visbible signature (all additional signess can only sign)

 

in both cases, the last one signing can "lock" the document.

 

What is the difference between both approaches. What does the locking do for both options ?

Is there a white paper or technical background available to understand which level of protection and data integrity is given for each of the options ? 

 

thanks and best regards

Stefan

    Correct answer MikelKlink

    A certification signature (aka author signature) sets a starting set of allowed manipulations of the certified document. There can be only one and it must be the first one (whether document timestamps are allowed before, is a bit unclear).

    Each approval signature thereafter can lock a selection of form fields and restrict the set of allowed manipulations further, up to no-changes-allowed.

    For the originally possible sets of  allowed manipulations see this stack overflow answer. Also see the PDF specification ISO 32000.

    1 reply

    MikelKlink
    MikelKlinkCorrect answer
    Participating Frequently
    July 8, 2021

    A certification signature (aka author signature) sets a starting set of allowed manipulations of the certified document. There can be only one and it must be the first one (whether document timestamps are allowed before, is a bit unclear).

    Each approval signature thereafter can lock a selection of form fields and restrict the set of allowed manipulations further, up to no-changes-allowed.

    For the originally possible sets of  allowed manipulations see this stack overflow answer. Also see the PDF specification ISO 32000.

      S
      Stefan5F8FAuthor
      Participant
      July 9, 2021

      thanks a lot MikelKlink,

       

      your link opened the door to lot of further, detailed information around the signature topic.

       

      such as

      Digital Signatures User Guide for the Acrobat Family of Products: A guide for IT and enterprise users (adobe.com)

      and

      Wayback Machine (archive.org)

       

      in short - in case anyone has the same question that i had:

       

      the certification signature allows to define and limit the allowed changes to the document from

      "none" up to "annotations, form fill-in, and digital signatures, allowed"

       

      Using only the sign option (instead of certify) will allway result in "annotations, form fill-in, and digital signatures, allowed" and will also allow adding of further signature fields.

      MikelKlink
      MikelKlink
      Participating Frequently
      July 9, 2021

      Please be aware, even though there is the setting "no-changes-allowed", this setting according to current specifications still allows for certain additions to the document, in particular validation related information and document time stamps. So please don't expect such a document to remain completely unchanged.

      Furthermore, whether the creation of new signature fields is allowed or not, changed a bit over time. Originally a certified document already had to contain all necessary signature fields, depending on the level they could be filled in (signed) or not. Meanwhile Adobe Acrobat also allows adding new signature fields if signing is allowed.

      Thus, don't count on the meaning of these levels to be constant over time.

        Terms & ConditionsAccessibility statement
        Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices