The whole point of digital signatures is that you can't share it "pre validated". That would be just like adding a sticky note to a paper document saying "Trust me - this is a genuine document - no need to look at the signatures on it". In these days where anyone can fake an email from anyone, that doesn't cut it.
So, trust on digital signatures is built on two foundations:
1. The public key from the certificate needs to be shared. (Not the private certificate, as that would let anyone fake your signature).
2. The sharing of public keys needs to be by a separate TRUSTED route. For example, there is no point sending a PDF and with it sending the certificate; both could be faked. So you need to share certificates by a separate route where you have care to make sure things are real ("due diligence"). For example, you might see a person in real life and say "I'm sending you a certificate tomorrow". Large companies often set up a trusted library of signatures, where they have done the due diligence already, and all the staff can instantly validate any PDF from another staff member.
1
Reply
AdChoices