Copy link to clipboard
Copied
Dears,
i am new to this, but i have successfully created and signed PDF document in macOS and Adobe Acrobat PRO. I have even added my digital eSignature (based on official paid certificate).
However i have some real issues with it:
- first, when i view the PDF document throught ADOBE Acrobat PRO, it shows that its "signed and all signatures are valid." But when opened via standard macOS preview app, then there is no information about signature and i can even delete the signature object
- second, when i sent the PDF (signed and protected) over an email to my self again and open it up, the protection is removed and signature shows just as picture object without saying its esignature.
Any ideas?
here is PDF security preference before
and here is picture of PDF security preference after sending it over an email to myself again
Also i ticked the checkbox that i want to lock the document during eSigning. But i tried even to protect the PDF against changes after eSigning, but Adobe wont let it happen because the document is eSigned..
Any idea?
I followed the solution guides how to setup the certificates but i can not make it secure. I have even downloaded the Adobe Acrobat PRO (paid one), no luck
Kind Regards,
Martin
Copy link to clipboard
Copied
Update:
Uff, it solved it self regarding that the signature is not visible after sending it over an email.
However the point about macOS "preview" app is still valid. It displays/show the PDF but no sign that the PDF is eSigned and you can delete the picture object of signature.. 😕
Copy link to clipboard
Copied
- second, when i sent the PDF (signed and protected) over an email to my self again and open it up, the protection is removed and signature shows just as picture object without saying its esignature.
Can you share a copy of the document both before sending and after retrieving?
Your description sounds like during transmission the signature form field had been flattened (and so all functionality except the appearance the was gone).
- first, when i view the PDF document throught ADOBE Acrobat PRO, it shows that its "signed and all signatures are valid." But when opened via standard macOS preview app, then there is no information about signature and i can even delete the signature object
Please don't see the signature as a means to prevent changes. It is not. It is a means to detect changes.
Copy link to clipboard
Copied
Dear Mike,
i think i solved the first point, but in your answer you mean that Apple`s preview app can rewrite (change) the PDF? I thought that PDF is secured against changes...
I sent you PM with link
Thank you
BR,
Martin
Copy link to clipboard
Copied
i think i solved the first point,
Just after answering I saw your message that you had solved your first issue. I merely was too lazy then to edit my answer. 😉
in your answer you mean that Apple`s preview app can rewrite (change) the PDF? I thought that PDF is secured against changes...
A PDF signature does not prevent changes to be applied to a document. It merely allows to detect them.
A PDF signature contains the information which byte ranges of the PDF file are signed and (implicitly or explicitly) a hash value of the bytes in those byte ranges. (Commonly only byte ranges are accepted covering the whole PDF revision created by the signer except the signature value itself.) These information are cryptographically secured using the private key of the signer which can be checked using the associated public key.
Nothing in this structure prevents a program to change the PDF.
But a recipient expecting the signed PDF can test
(Depending on the kind of signatures applied, specific added content in newer revisions may be considered allowed; this is used for e.g. for forms to allow fill-ins and additional signatures after the first signature.)
Adobe Acrobat executes these checks on signed PDFs. Many previewers don't. On the other hand there are web services for checking PDF signatures, e.g. the European Commission DSS Demonstration WebApp .
Copy link to clipboard
Copied
Hi Mike,
not sure if you were explaining me the overall theory about PDF eSignature what it does OR you have explained it regarding the test example i have sent you 🙂
I love technicalities but right now i iam trying to figure out , if my file is 100% correctly signed because the URL above you provided and after my very quick check there are sseveral yellow lines
e.g.:
Qualification Details :
AdES Validation Details :
however there is also nice green light, Indication: TOTAL_PASSED
Of course i have no idea what are the yellow warning all about in real life and how to fix them (if it concerns my certificate settings etc.)
Copy link to clipboard
Copied
not sure if you were explaining me the overall theory about PDF eSignature what it does OR you have explained it regarding the test example i have sent you
The explanation there was quite generic, a very short description of what a validator does when validating a PDF signature.
I love technicalities but right now i iam trying to figure out , if my file is 100% correctly signed
Well, here it already starts to get complicated. To know whether it is 100% correctly signed, one has to decide what way of signing is 100% correct.
For example, if you want to be sure that your PDF signature is recognised by public sector bodies in the EU, it should follow the requirements for PAdES BASELINE signatures. If you need it to be recognized in the US health sector, the technical requirements may differ substantially, using PAdES signatures may be a hindrance there.
The signature in your file is a regular PDF signature as commonly created by Adobe Acrobat. It is not a PAdES BASELINE signature, though. What kind of signatures you need, depends strongly on your signing use cases.
If you want to create PAdES BASELINE signatures in Adobe Acrobat, you can start by going into the Preferences (Category Signatures, Creation and Appearance Preferences, Default Signing Format) and select "CAdES-Equivalent". This should allow you to create PAdES BASELINE-B signatures. If you additionally configure a time stamp server, creating PAdES BASELINE-T signatrues should also be trivial. For BASELINE-LT and BASELINE-LTA, you'd need additional steps.
after my very quick check there are sseveral yellow lines
Well, the Qualification Details warnings both refer to your X.509 certificate, not the specific PAdES signature, the certificate apparently does not indicate that the associated private key is on a Qualified Signature Creation Device (like a smart card). Depending on what you sign and who will be the recipient of the signed document, that might be required, though.
The AdES Validation Details warning refers to a requirement for PAdES signatures.
The referenced web service is configured to not insist on PAdES BASELINE but to also accept the Adobe Acrobat default signatures. The recognized format is PKCS7-B: Not PAdES BASELINE, but similar to PAdES BASELINE-B if one ignores two or three characteristics making the difference between PAdES and non-PAdES.
Essentially you first need to find out what kind of signatures your recipient requires, then you can make dedicated checks.
Copy link to clipboard
Copied
Preview (aka. "the PDF killer") is a dangerous software because it allows you to modify a signed PDF without any prior warning, which invalidates the signature.
In France, some legal documents are delivered as signed PDFs. Some people have modified them voluntarily or not with Preview and therefore their documents are worthless (some cost more than 350€).
Preview only supports the PDF 1.4 format, released in 1999, but not completely.