PDF doc with eSign and protected is after sending over email again not protected

New Here ,
Apr 28, 2022 Apr 28, 2022

Copy link to clipboard

Copied

Dears,

 

i am new to this, but i have successfully created and signed PDF document in macOS and Adobe Acrobat PRO. I have even added my digital eSignature (based on official paid certificate).

 

However i have some real issues with it:

- first, when i view the PDF document throught ADOBE Acrobat PRO, it shows that its "signed and all signatures are valid." But when opened via standard macOS preview app, then there is no information about signature and i can even delete the signature object

- second, when i sent the PDF (signed and protected) over an email to my self again and open it up, the protection is removed and signature shows just as picture object without saying its esignature.

 

Any ideas?

 

here is PDF security preference before

Screenshot 2022-04-28 at 9.33.20.png

 

 

and here is picture of PDF security preference after sending it over an email to myself again

Screenshot 2022-04-28 at 9.36.45.png

 

 

 

Also  i ticked the checkbox that i want to lock the document during eSigning. But i tried even to protect the PDF against changes after eSigning, but Adobe wont let it happen because the document is eSigned..

 

Any idea?

 

I followed the solution guides how to setup the certificates but i can not make it secure. I have even downloaded the Adobe Acrobat PRO (paid one), no luck

 

Kind Regards,

Martin

TOPICS
Create PDFs , General troubleshooting , Security digital signatures and esignatures

Views

126

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 28, 2022 Apr 28, 2022

Copy link to clipboard

Copied

Update:

 

Uff, it solved it self regarding that the signature is not visible after sending it over an email.

 

However the point about macOS "preview" app is still valid. It displays/show the PDF but no sign that the PDF is eSigned and you can delete the picture object of signature.. 😕

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Apr 28, 2022 Apr 28, 2022

Copy link to clipboard

Copied

quote

- second, when i sent the PDF (signed and protected) over an email to my self again and open it up, the protection is removed and signature shows just as picture object without saying its esignature.

 

Can you share a copy of the document both before sending and after retrieving?

Your description sounds like during transmission the signature form field had been flattened (and so all functionality except the appearance the was gone).

 

quote

- first, when i view the PDF document throught ADOBE Acrobat PRO, it shows that its "signed and all signatures are valid." But when opened via standard macOS preview app, then there is no information about signature and i can even delete the signature object

 

Please don't see the signature as a means to prevent changes. It is not. It is a means to detect changes.

 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 28, 2022 Apr 28, 2022

Copy link to clipboard

Copied

Dear Mike,

 

i think i solved the first point, but in your answer you mean that Apple`s preview app can rewrite (change) the PDF? I thought that PDF is secured against changes...

 

I sent you PM with link

 

Thank you

 

BR,

Martin

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Apr 28, 2022 Apr 28, 2022

Copy link to clipboard

Copied

quote

i think i solved the first point,

Just after answering I saw your message that you had solved your first issue. I merely was too lazy then to edit my answer. 😉

quote

in your answer you mean that Apple`s preview app can rewrite (change) the PDF? I thought that PDF is secured against changes...

A PDF signature does not prevent changes to be applied to a document. It merely allows to detect them.

 

A PDF signature contains the information which byte ranges of the PDF file are signed and (implicitly or explicitly) a hash value of the bytes in those byte ranges. (Commonly only byte ranges are accepted covering the whole PDF revision created by the signer except the signature value itself.) These information are cryptographically secured using the private key of the signer which can be checked using the associated public key.

 

Nothing in this structure prevents a program to change the PDF.

But a recipient expecting the signed PDF can test

  • whether the expected signature is there; otherwise, someone has removed it;
  • whether the signature is from the expected signer by inspecting the cryptographic properties of the signature; otherwise someone manipulated the document and replaced the signature;
  • whether the hash value in the signature matches the actual hash value of the signed byte ranges; otherwise someone has manipulated the signed byte ranges;
  • whether the signed byte ranges cover the whole signed revision except the signature value; otherwise someone might have manipulated unsigned parts;
  • whether there are no additions added after the signed revision with newer revisions; otherwise someone has added content.

(Depending on the kind of signatures applied, specific added content in newer revisions may be considered allowed; this is used for e.g. for forms to allow fill-ins and additional signatures after the first signature.)

 

Adobe Acrobat executes these checks on signed PDFs. Many previewers don't. On the other hand there are web services for checking PDF signatures, e.g. the European Commission DSS Demonstration WebApp .

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 28, 2022 Apr 28, 2022

Copy link to clipboard

Copied

Hi Mike,

 

not sure if you were explaining me the overall theory about PDF eSignature what it does OR you have explained it regarding the test example i have sent you 🙂

 

I love technicalities but right now i iam trying to figure out , if my file is 100% correctly signed because the URL above you provided and after my very quick check there are sseveral yellow lines

e.g.:

Qualification Details :

  • The private key does not reside in a QSCD at (best) signing time!
  • The private key does not reside in a QSCD at issuance time!

AdES Validation Details :

  • The signed attribute: 'signing-certificate' is absent!

 

however there is also nice green light, Indication: TOTAL_PASSED

 

Of course i have no idea what are the yellow warning all about in real life and how to fix them (if it concerns my certificate settings etc.)

 

 

 

 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Apr 29, 2022 Apr 29, 2022

Copy link to clipboard

Copied

MikelKlink_0-1651225070301.png

not sure if you were explaining me the overall theory about PDF eSignature what it does OR you have explained it regarding the test example i have sent you 

The explanation there was quite generic, a very short description of what a validator does when validating a PDF signature.

MikelKlink_1-1651225070302.png

I love technicalities but right now i iam trying to figure out , if my file is 100% correctly signed

Well, here it already starts to get complicated. To know whether it is 100% correctly signed, one has to decide what way of signing is 100% correct.

For example, if you want to be sure that your PDF signature is recognised by public sector bodies in the EU, it should follow the requirements for PAdES BASELINE signatures. If you need it to be recognized in the US health sector, the technical requirements may differ substantially, using PAdES signatures may be a hindrance there.

 

The signature in your file is a regular PDF signature as commonly created by Adobe Acrobat. It is not a PAdES BASELINE signature, though. What kind of signatures you need, depends strongly on your signing use cases.

 

If you want to create PAdES BASELINE signatures in Adobe Acrobat, you can start by going into the Preferences (Category Signatures, Creation and Appearance Preferences, Default Signing Format) and select "CAdES-Equivalent". This should allow you to create PAdES BASELINE-B signatures. If you additionally configure a time stamp server, creating PAdES BASELINE-T signatrues should also be trivial. For BASELINE-LT and BASELINE-LTA, you'd need additional steps.

quote

after my very quick check there are sseveral yellow lines

Well, the Qualification Details warnings both refer to your X.509 certificate, not the specific PAdES signature, the certificate apparently does not indicate that the associated private key is on a Qualified Signature Creation Device (like a smart card). Depending on what you sign and who will be the recipient of the signed document, that might be required, though.
The AdES Validation Details warning refers to a requirement for PAdES signatures. 

 

The referenced web service is configured to not insist on PAdES BASELINE but to also accept the Adobe Acrobat default signatures. The recognized format is PKCS7-B: Not PAdES BASELINE, but similar to PAdES BASELINE-B if one ignores two or three characteristics making the difference between PAdES and non-PAdES.

 

Essentially you first need to find out what kind of signatures your recipient requires, then you can make dedicated checks.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Apr 29, 2022 Apr 29, 2022

Copy link to clipboard

Copied

LATEST

Preview (aka. "the PDF killer") is a dangerous software because it allows you to modify a signed PDF without any prior warning, which invalidates the signature.

In France, some legal documents are delivered as signed PDFs. Some people have modified them voluntarily or not with Preview and therefore their documents are worthless (some cost more than 350€).

 

Preview only supports the PDF 1.4 format, released in 1999, but not completely.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines