Skip to main content
A
Anonymous
July 10, 2019
Beantwortet

Security feature to allow verification of tampering?

  • July 10, 2019
  • 3 Antworten
  • 2019 Ansichten

Given a pdf that is to be made available to the general public who will download them, fill them in and upload them to our server.  How can one be sure that this pdf when returned was created by the original publisher and remains unchanged apart from the fact that it's fields have been filled in?

Can certificates (fill & sign) be used to achieve this?  Access / Edit control is not required, anyone should be able to fill them in, but trustworthyness that the rest of the file remains unmodified is required.

Dieses Thema wurde für Antworten geschlossen.
Beste Antwort von Dave Merchant

You're talking about a certifying signature, which is part of the Security tools in Acrobat, not part of the fill & sign system. It protects the document, allowing only specific types of change - but to do it you need a digital ID, and if it's a document going out to the public then that ID should be recognized by Adobe's Trust List - which means buying a hardware-backed certificate from one of the official suppliers. It's not cheap.

See https://helpx.adobe.com/acrobat/using/certificate-based-signatures.html

3 Antworten

T
Test Screen Name
Legend
July 10, 2019

"I wonder how can you say "Receipt of a file looking like the original and claiming to be signed means nothing""

The essence of my point is that digital signing puts a mark on a page in the PDF. Time and again we hear from people obsessed with these marks, and clearly using them to verify signatures. Sometimes the people implementing the signatures don't understand the crucial difference, sometimes they understand clearly but the end users look at the page anyway. It requires training and consistent procedures to get people to actually check certificates using the Signature view.

I think it was a terrible mistake to have digital signatures associated with a mark on the page.

A
Anonymous
July 10, 2019

I agree that they ought not be associated with a mark on page.  Anyway sounds like the way to go

Tools > Certificates (cheers Bernd Alheit)

Bernd Alheit
Community Expert
Bernd AlheitCommunity Expert
Community Expert
July 10, 2019

Don't use Fill & Sign.

T
Test Screen Name
Legend
July 10, 2019

Signing can be used to verify that a file was not modified, and check against a certificate to see who signed it; that's what it is for.

Some kinds of signing allow form filling, I believe (but haven't tried, sorry). 

Your processes need to check, or your staff need to be trained to check the ACTUAL signature - not just to look at the page. Many people believe the signature is a mark on a page and leave themselves open to fraud. Receipt of a file looking like the original and claiming to be signed means nothing - I'm sure this is your concern too but training is needed to make others share the concern.

A
Anonymous
July 10, 2019

Verifying a signed pdf is not an issue, that's all good.  It's a matter of determining whether there's a way (as you say) to sign but allow form filling.  Signing is required in order to verify that nothing else but the form data has changed.

A
Anonymous
July 10, 2019

Bernd Alheit

Will that enable the required verification here?

Allgemeine NutzungsbedingungenAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices