Skip to main content
L
Leonardo5E4C
Participating Frequently
September 30, 2020
Question

How safe Adobe Signatures are

  • September 30, 2020
  • 3 replies
  • 2197 views

Hi,

 

I'm wondering how safe Adobe digital signatures are. I can create a digital signature in my Adobe Acrobat, but anyone may do the same using my name. In my country, there is a public key infrastructure (PKI) for digital certificates. Approved entities can issue certificates after the proper client identification (in most cases, in-person). The certificate has a password to be used when signing every time. I can use it with Adobe, no problem. But my question is how Adobe signatures are safe considering that no one checks my identity. Thanks!

This topic has been closed for replies.

3 replies

Amal.
Amal.
Legend
October 1, 2020

Hi Leonardo

 

++ Adding to the discussion

 

A digital ID is like an electronic driver’s license or passport that proves your identity. A digital ID usually contains your name and email address, the name of the organization that issued it, a serial number, and an expiration date. Digital IDs are used for certificate security and digital signatures.

 

For more information please look at the help page https://helpx.adobe.com/in/acrobat/using/digital-ids.html#about_digital_ids

 

Hope this information will help

 

Regards

Amal

L
Leonardo5E4CAuthor
Participating Frequently
October 1, 2020

Ok, but who checks the information included in the certificate? Email, organization...

Z
ZBalling
Inspiring
October 1, 2020

Here in Moscow you need to get an account in Gosuslugi with your passport data (it is checked for 48 hours by state department) and then either sign up in a government controlled bank account or go to post office and show your passport, then and only then you get a fully verified account.

 

After that you need to sign up into IRS account and then ask for electronic signature either on your PC or in IRS system on harware modules. Now to get a full signature (you can even sell your appartments with that), you need to got to Rosreestr and it is a long process, and you will actually have to pay money for that. Crazy, I know.

Z
ZBalling
Inspiring
October 1, 2020

>no one checks my identity

 

This is not true, here when you get a signature to use in Taxes organ (like USA IRS), for example, it is verified by you passport data, now it has a signature from intermidiate key and that key is root key signed, root key can have a variation that is signed by root servers of the country or crossigned with RSA/ECC American variant of keys.

L
Leonardo5E4CAuthor
Participating Frequently
October 1, 2020

Of course it is. I created a certificate using my Adobe Acrobat and I didn't have my ID checked by no one. For instance, what prevents me of making an certificate with your name?

L
Leonardo5E4CAuthor
Participating Frequently
October 1, 2020

I'm not talking about Texas of course. I'm talking in general. When I receive a document with a digital signature I don't know who has signed it for real

G
George_Johnson
Inspiring
October 1, 2020

The trust model for digital signatures that use self-signed certificates are intended to use a direct trust model. You get to decide whether the source of a signed document is worthy of your trust, and you can then add it to your list of trusted certificates. More info on the subject: https://mxcsoft.com/Cryp_Trust%20Model.htm

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices