Security issue here - if I send a document for E-signing it is encrypted and the transaction history and ID is issued. Anyone can then click on the signature panel and it will open up a URL where you can enter the documents Transaction ID and it will verify. So far so good. I note, however, if I save the so-called signed document to say MS Word change some of the text and then save it again as a PDF it all looks the same and if you click on the signature it all works the same and if you enter Transaction ID it is valid. This is not so good as the document is not what was signed but you will still get a valid result. If you the resign the Word converted PDF with a digital signature (using the certificates tool) you end up with a digitally signed document with a valid Trans ID except that it was not what was signed. If I then send the document on to someone how do they know its not valid? Any comments here?
AdChoices