Using Digital Signatures with PDF

Run that past me one more time … You want me to take pen in hand and scrawl a squiggly line on a thin slice of dead tree as a form of unique identification? Please! I’d rather use a wax seal from

No more originals by snail mail

With my less-paper office , I’m tired of being sent a perfectly good PDF file and told to print it out, manually sign it, and fax it back. It’s just not a scalable e-business practice. In my opinion, those who continue to use non-scalable solutions will find fewer and fewer people prepared to do business with them. I also worry about sending confidential e-mail messages around the globe. Having a dozen system administrators en route with the ability to read through my sensitive business correspondence doesn’t leave me with a feeling of well-being and security.

"Please! I’d rather use a wax seal from than pick up a pen."

Karl De Abrew, CEO, Planet PDF

Surely there have to be simple methods that we can use to make our business more efficient and secure. The office of the California Secretary of State also thinks so; it suggests that with digital signatures, we can virtually throw away our ‘original to follow by mail’ stamps and conduct instantaneous communications and commerce around the world.

Begin Using Digital Signatures

In the next couple of columns, I’ll discuss ways you can quickly get up and running with basic digital signatures in both Adobe? Acrobat? and your e-mail client. We’ll concentrate on Acrobat this month. Next time I’ll look at e-mail, focusing on Microsoft Outlook 2000, although the principles are applicable to most modern e-mail clients. These are solutions that you can put to work in your organizations today. If you’re unfamiliar with digital signatures, check out the ‘Sign on the dotted screen’ feature here in the ePaper Center.

Basically, digital signatures have two roles to play:

Authentication. That is, proving who you are to a third party. This allows you to be relatively sure that a document you have received has been unchanged in transit, and that it did originate from the person who signed it. If this concept is still unclear, RSA, which created the cryptography system used for most digital signature schemes, offers some good examples on its Web site.

Non-repudiation. When signatures are placed on agreements they prevent the signer from denying responsibility at a later stage. More simply put, they are the legal ‘seal of approval’ showing that the signer agreed to the terms and conditions within a contract or document.

First, You Need a Certificate

Before we continue, if you want to try digital signatures for yourself, then you should get a personal digital certificate from VeriSign. It takes just a few minutes and you can use it for free for 60 days (it costs US$14.95 if you decide to keep it).

I’m recommending VeriSign as the certificate authority (CA) because it has a solution that works in both Adobe Acrobat and Microsoft Outlook. You’ll also find the certificate will work in many other e-mail clients, such as Netscape Navigator, Outlook Express, and Eudora. If you’re interested only in securing your e-mail, I recommend you examine the personal certificate from Thawte. It costs nothing and is just as effective.

Using Digital Signatures in Acrobat

Now that you’ve got your certificate, let’s look at how you can make use of digital signatures within Acrobat. Acrobat 4.0 provides a default plug-in for supporting digital signatures. Unfortunately, this Self-Sign plug-in uses a ‘self-trust’ digital signature model. So while you can use this to prove that a document has not been altered, you cannot be certain of the identity of the author. Therefore, this scheme is not really suitable for sending documents out of your organization.

An example of a scheme that would be suitable for external routing is one that uses a third-party certificate authority system. More advanced systems include biometric methods, such as human thumbprints or retina scans, as part of their verification.

Luckily, solutions from several of Adobe’s digital signature partners are available on the Acrobat 4.0 CD-ROM. Find the folder called Security, which includes offerings from companies such as Baltimore Technologies, Communication Intelligence Corporation (CIC), Coastek, Entrust Technologies, PenOp, Silanis Technology and VeriSign..

Because we’re using a VeriSign certificate, we’ll go with the VeriSign plug-in. Install this via the installer in the VeriSign folder. You’ll then need to select ‘VeriSign Digital Signature’ as the default signature handler under File Preferences Digital Signatures.

Load a document you want to sign and select the Digital Signature tool from the toolbar. Click, drag, and release to create a rectangle for your signature’s appearance. A dialog box will appear; select your VeriSign certificate, a reason for signing, and an optional city name. You’ll be asked to save the document, and that’s it. You can now safely send your document off to your intended recipient knowing that it’s relatively safe from alteration.

alt=’valid digital signature from Verisign’ width=400 height=379>

Remember, your document is signed, not encrypted. To protect your document in transit, you’ll need to make use of a password-protected PDF or use an encrypted e-mail message. I’ll discuss e-mail encryption in next month’s column.

Note that for recipients of your documents to validate your signature, they will need to have also installed the VeriSign plug-in. Hopefully this, or something similar, will be included by default as part of future Acrobat releases.

Signing Off for Now

You’re now on your way to running a more secure e-business. Remember, as always with security, that nothing is unbreakable. However, we can be relatively certain that when we digitally sign our documents, people will be able to verify both the origin and the contents are as they should be.

You May Also Like

About the Author: Karl De Abrew

Leave a Reply