cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

Adobe Reader Certificates tool...how do you verify who actually signed a pdf?

gschnettler
New Here ,
Feb 11, 2019 Feb 11, 2019

I work for a company and they recently had us switch to using Adobe Reader signatures instead of pen and paper signatures.  The procedure is to click on the Certificates tool, then Digitally Sign, then choose your signature file and place it in the pdf.  This all works fine.  When I do it, it adds my name and the current date and time and some text that says that it's digitally signed. 

However, as a test, I  tried it again and I clicked the "Configure New Digital ID" button and created a new Digital ID with a fake name.  That worked fine and allowed me to sign a pdf using this fake name.  So, by that reasoning, I could create a Digital ID using anyones name.  This seems like a problem to me.

I would like to make sure that signed documents are really signed by the people whose name is on the pdf.  How do you prove that?

I assume that somewhere within the pdf file itself is some secure crypto data.  Does that somehow link the pdf back to the true person who signed it?  If so, how do you go about checking it?

TOPICS
Security digital signatures and esignatures
2.8K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 5 Replies 5
latest latest Jump to latest reply
try67 Community Expert
Community Expert ,
Feb 11, 2019 Feb 11, 2019

The only way to do that is to ask the physical person to provide the key for validating the signature. As you saw, the name on the signature is meaningless. Anyone can create a signature profile with any name they want, but only the true author can provide the public key for that profile.

Alternatively, you would need a third-party to verify the identity of each person, manage the certificates, make sure the passwords are not shared between people, etc., which is much more complicated and will require a very substantial expense.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
gschnettler
New Here ,
Feb 11, 2019 Feb 11, 2019
In Response To try67

Ok.  So if I have a pdf that says it's signed by someone, I could go to that person, if they are still with the company, and ask them to provide their digital signature file which I assume contains their public key.  Once I have that file, how can I verify that it matches the key used to sign the pdf?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
try67 Community Expert
Community Expert ,
Feb 11, 2019 Feb 11, 2019
In Response To gschnettler

Correct. See: Validating digital signatures, Adobe Acrobat

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Test Screen Name
LEGEND ,
Feb 11, 2019 Feb 11, 2019
In Response To gschnettler

Companies which roll this out often set up a secure certificate repository, where all public keys are stored, past and present, to give a permanent way of checking IDs. In this model people don't make their own certificates at all. It needs to be tied in to local login security.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Test Screen Name
LEGEND ,
Feb 11, 2019 Feb 11, 2019
LATEST
In Response To Test Screen Name

Crucially, though, people must be trained and reminded NEVER to look at the signature on the page. It's worthless, and I wish it didn't put anything on the page, because the untrained and lazy trust it rather than checking...

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
About Adobe Acrobat
Adobe Acrobat Learn & Support
Open in a new window
Adobe Inc
Whats new in Acrobat DC
Open in a new window
Adobe Inc
Plan and Pricing
Open in a new window
Adobe Inc
Adobe Acrobat features and tools
Open in a new window
Adobe Inc
Adobe Acrobat Feature & Workflow
Edit PDFs
Open in a new window
Edit Scanned PDFs
Open in a new window
PDF Forms
Open in a new window
Sign a PDF
Open in a new window
FAQs
How to Edit Scanned or Secured document
Open in a new window
Rotate | move | delete and renumber PDF pages
Open in a new window
Acrobat download and installation help
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices