Digitally Signing PDF Documents Using Adobe Acrobat 9*: An Introduction

Monday, November 16, 2009
One StarTwo StarsThree StarsFour StarsFive Stars (Rated: 3.25 out of 5)

Question for you: name one thing that can be found throughout your workplace, school or home? No, I am not thinking of dust and dirt (I really do need to get a house cleaner). It is paper forms that come to my mind. In this case, those that need to be signed with a pen. Yes, they are everywhere, and you may have already used Adobe Acrobat 9 Standard with your Fujitsu ScanSnap S1500 scanner to convert those paper forms to PDF versions that can be filled out and saved electronically. If you have, that was a smart move. Well done!

However, instead of reverting back to paper in order to sign the scanned form or document, you can use Acrobat 9 to apply one or more digital signatures to your documents and keep things…digital!

Digitally Signing PDF Documents Using Adobe Acrobat 9*: An Introduction_1

Digital signatures are certainly not new. Regulated industries such as pharmaceutical and financial services companies are required to use digital signatures to ensure that they follow strict rules on how documents are approved electronically. And more recently, federal and international laws and guidelines have been put in place to make digitally signed PDF documents submissible in court in the event of a lawsuit or as part of regulatory approvals. Examples include the US ESIGN (Electronic Signatures in Global and National Commerce) Act, SAFE-BioPharma Digital Identity and Signature Standard, and the recent European standard called PAdES (PDF Advanced Electronic Signatures).

So clearly digital signatures are important in electronic document workflows based on PDF. Generally, why is that?

  • Digital signatures identify you as the unique and true author or approver of the document, with you attesting to its contents.
  • Unlike handwritten signatures, digital signatures are very difficult to forge.
  • Digital signatures allow you to verify that the signer actually was who they said they were, and when they actually signed it (non-repudiation).
  • Digital signatures use encryption technology to either prevent changes to the document once it has been signed, or to help you to track and identify changes to the PDF file after it was signed in Acrobat 9.
  • Digital signature technology can be used to control who can access a PDF document, or who can sign or certify a PDF file, and take those rights away if need be (revocation).

So based on this, you may notice that you need some way to identify you or your group as a unique individual or entity before signing a document digitally. And you would be right about that. What identifies you is something called a Digital ID. A Digital ID is made up of two parts: a private key, which is used to sign a document and should only be accessible to you; and a public key (also called a certificate) that you share with others to validate the authenticity of your digital signature.

Where do those Digital ID’s come from? Many medium-to-large organizations implement a Public Key Infrastructure (PKI) to issue, authenticate and revoke Digital ID’s used for digitally signing documents. Acrobat 9 can work with those PKI systems; in some cases, right out-of-the-box. But the great thing about using Acrobat 9 for this kind of workflow is that anyone can get started with digitally signing PDF files by creating a Self-Signed Digital ID. Self-Signed essentially means “self-certifying”. There is no central Certificate Authority (CA) involved in this case to manage and issue those Digital ID’s. Examples of CA’s include VeriSign and GlobalSign.

If this is the first time you are digitally signing a PDF document, you will be asked to find or create your Digital ID. If you have a Digital ID file, you can access it locally, from a server, or from a secure hardware device. If you don’t have any of those (or you just said to yourself, “huh?”) then you can go ahead and create that Self-Signed Digital ID. Follow the steps in Acrobat 9 Standard presented to you when you sign or from the Advanced > Security Settings… command to create your Self-Signed Digital ID. Once that has been created, you can go ahead and sign your document.

Digitally Signing PDF Documents Using Adobe Acrobat 9*: An Introduction_2

To sign a PDF document that already has a digital signature field somewhere on a page, either click on the field directly, or choose “Sign Document” from the “Sign” task bar button. Otherwise, you can place a digital signature on your scanned pages or other PDF documents by choosing “Place signature” from that same “Sign” task bar button.

Just before proceeding with signing the document, Acrobat 9 Standard may first switch into “signature preview mode”. This temporarily “locks down” the document and Acrobat 9 so that further changes cannot be made and you can see exactly what you are signing. This is especially important in regulated industries where a digital signature is legally binding throughout the entire document lifecycle. You don’t want to be accused of approving something that you never actually saw! Once you are done with that, click the “Sign Document” button.

The Acrobat 9 “Sign Document” dialog box is quite straightforward. You choose your Digital ID (yes, you can have more than one), and if needed, enter your password. Choose the appearance you would like for your signature (see below), then click “Sign”. Acrobat 9 will prompt you to save a copy of your signed document. This is important: that digital signature becomes part of the PDF file itself.

Digitally Signing PDF Documents Using Adobe Acrobat 9*: An Introduction_3

If you would like to have your actual signature be used, rather than just your name, for the digital signature that appears on the PDF and printed page, then go to the Acrobat Security Preferences (Edit > Preferences… or press Ctrl+K) and click “New” in the Appearance section. Under Configure Graphic choose “Import graphic“, then click “File” to choose an image of your signature on a piece of white paper as previously scanned with your Fujitsu ScanSnap S1500 scanner.

Digitally Signing PDF Documents Using Adobe Acrobat 9*: An Introduction_4

Once your PDF document has been digitally signed you will notice a few things. There’s the digital signature on the page itself, as you would expect, showing information as you had set up in your Appearance Preferences, such as the date and time. You can also see information about the digital signature from the “Signatures” navigation panel on the left-hand-side of the Acrobat 9 application window: click the “plus symbols” to expand out the signature details. You will also notice that many of the editing functions in Acrobat 9 are disabled too. Fear not – this is a good thing…

Changing the document by say, deleting pages, after it had been signed will invalidate the digital signature. It seems a bit drastic, but it has good intentions. Remember, digital signatures are legally binding, and in some cases part of regulated workflows. If the document had been changed in any way after signing, you would know from the Signatures panel (or by looking at the blue information at the top of the PDF document window). You can also find out what changed and view the original signed version by right-clicking on the digital signature field or from the Signatures navigation panel in Acrobat 9. That is a powerful security measure. (See? Acrobat 9 is here to save you from potential trouble later!)

Digitally Signing PDF Documents Using Adobe Acrobat 9*: An Introduction_5

I just mentioned that a digital signature would be “invalid” because the document had changed. Another way a digital signature would be invalid (potentially) is when you cannot verify the authenticity of the signer. Translation: you don’t have access to the public key (or certificate) for the signer, or you don’t have access to a trusted root certificate from the certificate authority that issues the Digital ID’s for signing. This is where that PKI system comes in to play to discover and verify the authenticity of signers.

Alternatively, you can request and store certificates from others by using Acrobat 9′s “Manage Trusted Identities” tool (under the Advanced menu). You can also send your certificate to others so that they can verify that it was you who digitally signed the PDF document, using the “Security Settings” tool, also under the Advanced menu in Acrobat 9. Acrobat 9 will usually verify (validate) digital signatures when the PDF document is opened, but you can also validate them at any time by right-clicking on the digital signature and choosing “Validate Signature“.

Now if all this is a bit much for you, and all you want to do is slap on an image of your signature to the PDF document, here’s a neat little trick: you can either copy that scanned image of your handwritten signature and Edit > Paste it right into Acrobat 9. Or you can take another visit to the Sign task button and choose “Apply Ink Signature“. This will turn your mouse pointer into a pen, so you can scribble your signature (my signature has been described as a scribble on many an occasion) directly on to the PDF page using your mouse or if you are lucky enough to have one, a pen input device.

I hope that this is enough information to get you started with digitally signing your PDF forms and documents; to help you on the road to learning more about this deep topic; to discover how Acrobat 9 can help you; and maybe make the case for your peers to start using them too. If you would like to find out more, take a look at the video tutorials (like this one on digitally signing PDF files) on the Acrobat User Community site. Scan-and-sign away!

Ali Hanyaloglu
Product Evangelist for Acrobat
Adobe Systems Incorporated

*Adobe Acrobat 9 Standard is included with the ScanSnap S1500 scanner

Filed: ,