Skip to main content
C
Camille261172958un4
Participant
October 5, 2022
Question

Invalidated Digital Signatures when Annotations added

  • October 5, 2022
  • 1 reply
  • 1458 views

I prepared a form with Acrobat Pro that has multiple digital signatures, where each section gets a digital signature once filled (as a way to show a chain of custody). With that I have also locked the all fields within a particular section once the digital signature is applied. There are some sections of my form where users will need to add annotations from the comment toolbar, such as adding file attachments or dynamic stamps. The problem I am coming across is that anytime an annotation is added to my form, it invalidates the previous digital signature. How do I prevent this from happening? All digital signatures are trusted certificates.   

 

 

This topic has been closed for replies.

1 reply

MikelKlink
MikelKlink
Participating Frequently
October 5, 2022

Which certification level is used for the signature?
That being asked it is questionable whether adding file attachment annotations (with new file attachments) can be allowed at any certification level. The specification is very wishy-washy in that regard (the annotation may be allowed depending on the certification level, but the actual attachment...?), so any implementation may have a different oppinion there.

S_S
Community Manager
S_SCommunity Manager
Community Manager
October 5, 2022

Hi @Camille261172958un4,

 

Hope you are doing well. 

 

If you want to modify a signed pdf, the first signature must be a certification signature (it contains a DocMDP entry). Please refer to Chapter 6.3.11 for reference:  http://www.adobe.com/devnet-docs/acroba ... in_PDF.pdf

A document can contain only one signature field that includes a DocMDP transform method, and it must be the first signed field in the document. That signature is called a “certification” signature. This feature lets the author specify what changes are permitted and what modifications invalidate the author’s signature. However, most users will perceive the effect of DocMDP as defining what they can do to a document.

You cannot do better if you are not the first signer of the pdf.

 

I hope this clarifies things/ 

 

-Souvik.

    MikelKlink
    MikelKlink
    Participating Frequently
    October 5, 2022

    Souvik,

    quote

    If you want to modify a signed pdf, the first signature must be a certification signature

     

    Nope. The first signature can be a certification signature but it doesn't have to be.

     

    If the first signature is an approval signature instead, Adobe Acrobat assumes permissions similar to certification level 3. There used to be a small difference, see this stackoverflow answer, but I'm not sure that difference is there anymore.

     

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices