Homepage » Conversion Solutions » Additional Services » Digital Signature
Our expert Debra Garls is happy to answer your questions about conversion and publishing solutions.
Business Development Manager firstname.lastname@example.org
Providing verification of the author and the integrity of the document with a signature
With a digital signature, a person sending a message or a person signing a document is able to prove their identity. This means it is also possible to prove that the original contents of a document that has been sent or a message has not been changed. The digital signature of the user, their certificate, is inseparably linked with a unique fingerprint of the document and, in the case of modern formats like PDF, the file itself. This means that you always have everything you need to check the authenticity of the document and the author.
The application of digital signatures to documents, and a qualified digital signature where appropriate, is often subject to legal stipulations. It is also possible to integrate signature workflows into your tried and trusted document distribution processes which allow you to fulfil these stipulations.
These may include:
The encryption and decryption can also be carried out with different keys – i.e. with asymmetrical key pairs. In this case, it is imperative that the keys of a pair belong together and are irreplaceable. These are known as a private key and a public key. Let us assume that the sender of a piece of information is only interested in the correct recipient receiving a certain piece of information. The sender starts by requesting the recipient to send their public key to them. The actual information is then encrypted with the public key that belongs to the recipient and is then sent. Decryption is only possible with the recipient’s private key.
Yes! Modern asymmetrical key technology also enables the clear identification of authors. Certificates can be used to answer the question of whether the person who sends the key for an asymmetrical system is really the person you suspect to hold it. The ownership of a public key by a certain person can be verified and certified by certification authorities (organisations, government agencies). There are also agencies (TrustStores) that can affirm the validity of a certificate online. The components of a certificate are: Information on the owner, information on the issuer, the validity period, the public key, information on the scope and coverage of the key and the certificate. The certificate as a whole is then protected with a signature once more.
A digital signature does not necessarily mean that the signed content is encrypted. The signature only serves to securely determine the author or the organisation that has issued the document. In this case, the private key and the public key are used in the opposite way as compared with the data encryption: A checksum that has been generated from the document which describes this document is encoded with the private key of the signing party. The public key is attached to the certificate. If the decryption with the attached public key is successful, this proves that the certificate is true and one receives the checksum. If the checksum correlates with the file, then the signature is valid. Now I can have the issuer of the certificate verified by an independent agency. If the entire process of signature application and the use of trust centres for key distribution and administration are also confirmed by an independent audit, then the signature also fulfils the requirements of a qualified digital signature.
The use of encryption methods and certificates is regulated by numerous standards and laws. In this context, an electronic signature is frequently mentioned, which places emphasis on the legal aspects rather than the technical ones. Here, the simple electronic signature which uses digitally processed manual signatures (writing scanned in) is included as the simplest form.
In contrast to many other data formats, PDF offers the advantage that it offers space for an integrated signature, in contrast to a so-called detached signature. It makes transporting the signature with the signed file easier and safer. The distinct correlation of the signature and file is verified by an encrypted checksum. In this case, changes ex-post are no longer signed, and can only be added to the file using incremental changes. However, it is still possible to sign these changes later using multiple signatures.
As known, PDF/A stipulates that a standard-compliant file may not be encrypted or protected against access in any other way. How then, can I as the proprietor of a PDF/A file now protect my know-how that it contains? In such cases, digital signatures can do a good job. Signatures that have been verified as valid prove that the pertinent file has not been changed since it was signed. PDF/A – 2 has also improved another important function: it is now possible to update a certificate after it has expired without having to change the PDF/A file itself. The inclusion of the latest signature technology in the standard has made this possible.
Signatures use encryption technology. The actual content of a PDF/A file, however, remains unchanged. This is why this technology is permissible for PDF/A and widely standardised. An encryption of all the data is not allowed for PDF/A, however. However, when a file is sent via unsecured channels, it may be sent using encrypted methods: Via secure email-based methods or packaged in a PDF container which is also encrypted.
*No newsletter, no forwarding, contact by e-mail only for the purpose mentioned.
Complete assemblies printed with just one click! Perfect!