The goal of a digital signature is to provide a way for the document's recipient to verify the identity of the one who signed it, and that nothing has changed since it was signed. To accomplish this, digitally signing a document means applying a digital certificate to the document. This certificate is the way to ensure the integrity and authenticity of the document once signed.
Integrity
Proves the document has not been altered. Nothing has been added, changed, or removed since the document was signed.
Authenticity
Proves the document originated from a specific individual or organization.
When you open a document that was digitally signed, Kofax Power PDF for Mac will validate the digital certificate it was signed with and inform you whether the certificate is from a trusted source.
In order for you to digitally sign a document, you need to obtain a digital certificate from a certificate provider, such as those on the Adobe Approved Trust List (AATL). This may involve purchasing a certificate and may involve installing software from the provider.
A digital certificate is a piece of data, typically stored in files or on an external device, such as a secure USB dongle, which contains:
Along with your digital certificate, you create a private key. Unlike the public key which helps make up the certificate, the private key is typically stored on your system keychain where other secure items, like passwords, are stored. Documents are signed using this private key. Your digital certificate, containing your public key, along with your identity information and the digital signature, is embedded in any documents you sign. It's safe to give your public key to others. You must keep your private key secure.
Digital certificates have a "chain of trust", which begins with a root certificate, may include intermediary certificates, and ends with the certificate of a person or company. Adobe's applications only trust signatures with root certificates from the Adobe Approved Trust List (AATL).
Just because a certificate is verified as trusted does not mean it always must be so. For example, if you lose your laptop or your secure USB dongle someone else could gain access to your private key, which means the integrity of the certificate has been compromised. In an event such as this it's possible to revoke the digital certificate.
Issuers of digital certificates maintain systems to check whether a digital certificate has been revoked or remains valid. One system is called the Online Certificate Status Protocol (OSCP), and the other is Certificate Revocation Lists (CRLs). Kofax Power PDF for Mac is capable of checking both, as necessary.
When you open a PDF with a digital signature using Kofax Power PDF for Mac, the following steps occur to validate the signature:
When you view a signed document in Kofax Power PDF for Mac the document will display one of three states:
Pass
You see a green badge in the upper right corner of the document. The document passed all of the above tests.
Conditional Pass
You see a yellow badge in the upper right corner of the document. The document passed all of the above tests, but the root certificate is not trusted.
Fail
You see a red badge in the upper right corner of the document. The document failed one or more of the above tests.
Hover your cursor over the validation icon badge for information about the validation. Click on it to see the certificate details.
Please note that only digital certificates from Adobe Approved Trust List (AATL) issuers are trusted by the Adobe applications.
Testing as of February 2016, suggests that only DigiCert and GlobalSign offer digital certificates compatible with use on macOS. Each requires special driver software from the certificate issuer.
It's possible to create your own digital certificate, rather than obtaining one from an issuer. This is called a self-signed certificate. Self-signed certificates do not have a chain of trust and cannot be revoked. Therefore, they are not suitable for establishing the authenticity of a document. They're only suitable for verifying document integrity.