Well before COVID-19 gave cybercriminals a new angle for their scams, Adobe PDF documents have long been a key topic of cybersecurity conversations.

Adobe’s PDF format is the de-facto standard for providing content, so it’s no surprise to see emailed phishing attacks rely on PDF attachments. In a typical scenario, the PDF contains deceiving content, tricking the recipient into clicking a link to a malicious website or performing an action detrimental to their organization.

In this context, document signing certificates can help email recipients discern phishing attempts from legitimate requests by giving the reader extra guarantees about the content of a PDF document.

What is document signing

Document signing certificates are digital identity documents that can be leveraged for digital signatures. They contain verified identity information about the owner of the certificate and are used to sign files such as Microsoft Word documents, or Adobe PDF documents.

Signing a file is just like applying a digital seal. Just like on a printed document, the digitally signed document carries a visible mark indicating that a signature was applied, and a copy of the document signing certificate is embedded into the signature.

digital certificate A signed PDF document

PDF signatures using document signing certificates are convenient in situations that require a higher level of trust. The signature is both a visual mark in the document, and a time stamped cryptographic operation on the document itself that uniquely ties the content to a specific person or organization.

As a result, document signing certificates provide such a high level of confidence about the owner of the signature and their consent to sign that they are considered legally binding and equivalent to wet-ink signatures in many countries. Document signing certificates are a great way to fight against phishing and impersonation, and the best way to authenticate documents and digitalize transactions.

Getting a document signing certificate

Document signing certificates trusted by Adobe software can only be obtained from approved Certification Authorities. Before the certificate is issued, the person or the organization requesting it must go through a verification process to prove their identity. The process includes video verification and identity checks against approved databases.

The digital document signing certificate is delivered on a USB token. This ensures that the certificate cannot be shared -- every time a signature is performed on a PDF, the token must be physically plugged into the computer where the signature is performed.

Document signing can also be implemented at scale for large organizations, centralizing the token and leveraging hardware security modules (HSMs) to ensure identity and security across an enterprise.

Signing and verifying the digital signature of a PDF document

The signing process

Signing a PDF document is easy and it is possible to add more than one signature. Once the document signing certificate is installed on your computer and the USB token is plugged in, you can start signing PDFs using the tool of your choice. The example below shows Adobe Reader, which comes with an integrated signing tool.

digital certificate

How to verify a signature

When you open a signed PDF with Adobe Reader, any signatures will be checked automatically. If a signature was performed with a certificate that was not issued by a trusted Certification Authority, a banner will display an error message:

digital certificate

If the document was modified after the signature, the banner will also indicate the signature is no longer valid:

digital certificate

Not all electronic signatures are digital signature

Most PDF readers also will offer signature tools that do not require a certificate. These signatures can be displayed in various ways, such as printed initials, names or manually drawn signatures.

digital certificate

While these signatures have legitimate use-cases, they cannot offer the same level of trust as a digital signature with a document signing certificate issued by a trusted Certification Authority.

To learn more about document signing certificates, you can consult our dedicated page here: https://www.entrustdatacard.com/products/digital-signing-certificates/document-signing, or contact us here: https://www.entrustdatacard.com/about/contact.

Jordi Buch Headshot

Jordi Buch

Jordi Buch is a Product Management Director of Document Signing solutions at Entrust Datacard. The document signing portfolio – which includes document signing certificates and automation solutions for document signatures – is built on decades of expertise in PKI and public trust management. Jordi is responsible for developing innovative and leading digital signature services to accompany organizations in their digital transformation.