Highlighted

How safe Adobe Signatures are

New Here ,
Sep 30, 2020

Copy link to clipboard

Copied

Hi,

 

I'm wondering how safe Adobe digital signatures are. I can create a digital signature in my Adobe Acrobat, but anyone may do the same using my name. In my country, there is a public key infrastructure (PKI) for digital certificates. Approved entities can issue certificates after the proper client identification (in most cases, in-person). The certificate has a password to be used when signing every time. I can use it with Adobe, no problem. But my question is how Adobe signatures are safe considering that no one checks my identity. Thanks!

TOPICS
General troubleshooting

Views

146

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

How safe Adobe Signatures are

New Here ,
Sep 30, 2020

Copy link to clipboard

Copied

Hi,

 

I'm wondering how safe Adobe digital signatures are. I can create a digital signature in my Adobe Acrobat, but anyone may do the same using my name. In my country, there is a public key infrastructure (PKI) for digital certificates. Approved entities can issue certificates after the proper client identification (in most cases, in-person). The certificate has a password to be used when signing every time. I can use it with Adobe, no problem. But my question is how Adobe signatures are safe considering that no one checks my identity. Thanks!

TOPICS
General troubleshooting

Views

147

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Sep 30, 2020 0
Adobe Community Professional ,
Sep 30, 2020

Copy link to clipboard

Copied

The trust model for digital signatures that use self-signed certificates are intended to use a direct trust model. You get to decide whether the source of a signed document is worthy of your trust, and you can then add it to your list of trusted certificates. More info on the subject: https://mxcsoft.com/Cryp_Trust%20Model.htm

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 30, 2020 0
Participant ,
Sep 30, 2020

Copy link to clipboard

Copied

>no one checks my identity

 

This is not true, here when you get a signature to use in Taxes organ (like USA IRS), for example, it is verified by you passport data, now it has a signature from intermidiate key and that key is root key signed, root key can have a variation that is signed by root servers of the country or crossigned with RSA/ECC American variant of keys.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 30, 2020 0
New Here ,
Oct 01, 2020

Copy link to clipboard

Copied

Of course it is. I created a certificate using my Adobe Acrobat and I didn't have my ID checked by no one. For instance, what prevents me of making an certificate with your name?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2020 0
New Here ,
Oct 01, 2020

Copy link to clipboard

Copied

I'm not talking about Texas of course. I'm talking in general. When I receive a document with a digital signature I don't know who has signed it for real

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2020 0
Adobe Employee ,
Sep 30, 2020

Copy link to clipboard

Copied

Hi Leonardo

 

++ Adding to the discussion

 

A digital ID is like an electronic driver’s license or passport that proves your identity. A digital ID usually contains your name and email address, the name of the organization that issued it, a serial number, and an expiration date. Digital IDs are used for certificate security and digital signatures.

 

For more information please look at the help page https://helpx.adobe.com/in/acrobat/using/digital-ids.html#about_digital_ids

 

Hope this information will help

 

Regards

Amal

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 30, 2020 0
New Here ,
Oct 01, 2020

Copy link to clipboard

Copied

Ok, but who checks the information included in the certificate? Email, organization...

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2020 0
Participant ,
Oct 01, 2020

Copy link to clipboard

Copied

Here in Moscow you need to get an account in Gosuslugi with your passport data (it is checked for 48 hours by state department) and then either sign up in a government controlled bank account or go to post office and show your passport, then and only then you get a fully verified account.

 

After that you need to sign up into IRS account and then ask for electronic signature either on your PC or in IRS system on harware modules. Now to get a full signature (you can even sell your appartments with that), you need to got to Rosreestr and it is a long process, and you will actually have to pay money for that. Crazy, I know.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2020 0
Participant ,
Oct 01, 2020

Copy link to clipboard

Copied

Ah, yes, signing up in IRS account is done by using Gosuslugi account.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2020 0
New Here ,
Oct 01, 2020

Copy link to clipboard

Copied

In Brazil it is similar. You go to an approved issuing who collects the national ID copy and scan our biometry and photo. But this is for our own public key infrastructure. Ok, I can use it with Acrobat, but my question is about the digital signatures that we create with Acrobat itself.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2020 0
Most Valuable Participant ,
Oct 01, 2020

Copy link to clipboard

Copied

The first link you provided is broken, and your reply doesn't really answer the question Leonardo asked.

Their question is a valid one: Who verifies that the person who signed the field is who they claim to be? The answer is no one, because that's not what this kind of signature is meant to prove. It doesn't prove identity, only validity. In other words, you can ask whoever signed it to provide you with the public key in order to validate that they are the ones who signed it, but that doesn't mean they are who they claim to be. In order to do that a third-party must be involved to make sure that the ID of the person is valid and then attach it to their profile and control its validation.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2020 0
New Here ,
Oct 01, 2020

Copy link to clipboard

Copied

Excellent! So people trust in documents signed with these digital ids with the wrong idea of safety. I heard from an Australian that the Brazilian way is too complicated and bureaucratic, because he uses the simple Adobe digital id created with Acrobat. Since that day I was wondering what kind of reliability that id has... In fact, there is no guarantee about the subscribers 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2020 0
Participant ,
Oct 01, 2020

Copy link to clipboard

Copied

You can just sign that certificate with your government certificate. Everyone who has that public key will be able to build a chain of trust to your ID'ed government cert.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2020 0
Most Valuable Participant ,
Oct 01, 2020

Copy link to clipboard

Copied

Correct. Unless it's a profile issued by a third-party (like a government or a company that can be trusted), it means absolutely nothing when it comes to identity. Nothing's stopping me from creating a digital profile under the name Bill Gates with the email address billg at microsoft.com and sign a bunch of contracts with it, for example. This does not mean the real Bill Gates signed them...

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2020 1
Participant ,
Oct 01, 2020

Copy link to clipboard

Copied

Bill Gates uses just bill@microsoft.com at least for github.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2020 0
New Here ,
Oct 01, 2020

Copy link to clipboard

Copied

Yes, but one single letter may trick many people. Actually, when I created my Adobe id, I could use any email and I didn't have to validate it to prove that the email is mine.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2020 0