Highlighted

Digital signature Adobe E-Sign

Explorer ,
Nov 23, 2017

Copy link to clipboard

Copied

Security issue here - if I send a document for E-signing it is encrypted and the transaction history and ID is issued. Anyone can then click on the signature panel and it will open up a URL where you can enter the documents Transaction ID and it will verify. So far so good. I note, however, if I save the so-called signed document to say MS Word change some of the text and then save it again as a PDF it all looks the same and if you click on the signature it all works the same and if you enter Transaction ID it is valid. This is not so good as the document is not what was signed but you will still get a valid result. If you the resign the Word converted PDF with a digital signature (using the certificates tool) you end up with a digitally signed document with a valid Trans ID except that it was not what was signed. If I then send the document on to someone how do they know its not valid? Any comments here?

Topics

Questions Need Help

Views

225

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Digital signature Adobe E-Sign

Explorer ,
Nov 23, 2017

Copy link to clipboard

Copied

Security issue here - if I send a document for E-signing it is encrypted and the transaction history and ID is issued. Anyone can then click on the signature panel and it will open up a URL where you can enter the documents Transaction ID and it will verify. So far so good. I note, however, if I save the so-called signed document to say MS Word change some of the text and then save it again as a PDF it all looks the same and if you click on the signature it all works the same and if you enter Transaction ID it is valid. This is not so good as the document is not what was signed but you will still get a valid result. If you the resign the Word converted PDF with a digital signature (using the certificates tool) you end up with a digitally signed document with a valid Trans ID except that it was not what was signed. If I then send the document on to someone how do they know its not valid? Any comments here?

Topics

Questions Need Help

Views

226

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Nov 23, 2017 0

Have something to add?

Join the conversation