Deconstructing PDF Digital Signatures

Deconstructing PDF Digital Signatures

Sample of the Week:

Joel GeraciThe ability to digitally sign a PDF file was introduced back in 1999 with the introduction of Adobe Acrobat 4 and the short-lived “Business Tools.” Signing a paper document is simple and intuitive, but even after sixteen years, there’s still a lot of confusion around how to perform this act on a PDF file… and what it means when you do.

In those early days, “signing” a PDF file meant using a digital signature; the kind of signature that involves a lot of math and can be used to detect even subtle changes to the bytes in a document. However, in newer versions of Acrobat and other PDF tools, “signing” can mean that you’ve simply placed an image on the page that resembles your signature… or used EchoSign… or any of the plethora of other signing services available on the market. These technologies, while less sophisticated, are no less valid because the validity of a “signature” is about intent, not bits. If the intention of placing the mark on the document is to indicate that you agree to the terms outlined in the document, then it’s signed. What that signature looks like… and how similar it is to your written signature is, pretty much, irrelevant.

Setting the legality issue aside, there are many advantages to using real, certificate-based, digital signatures in PDF. In my opinion, the most important one is the fact that with digital signatures, you get the best of both worlds. You get the advantages that public-key cryptography offers but you also you get something that’s pretty to look at and satisfies our human intuitions about what a signed document is.

The syntax for digital signatures in PDF has two primary parts; the signature dictionary and the appearance. The signature dictionary is where the really meaningful part of the signature is stored and includes the signed hash of the file, the signer’s certificate, the time of signing, and a lot of other metadata that can be used later for validation. The signature appearance is the part that makes us feel secure that the document has been signed. It’s the graphic representation of the signing event that is displayed to the user. Signature appearances are not required for a digital signature to be valid… but based on my experience, some sort of artifact on the page is critical to the acceptance and use of digital signatures.

Adobe Acrobat and Reader provide a user interface to create a digital signature appearance. In addition to the background color of the digital signature field itself, the signature appearance can have three major parts; a graphic, a logo and a variety of text fields derived signature dictionary. In the “Configure Signature Appearance” dialog, you can add a graphic of your handwritten signature or some other image that indicates who you are. You can also hide or show your name, location, date and several other text fields with or without their respective labels. Finally, you can hide or show the “Logo”. In Adobe viewers, the Acrobat logo appears as a watermark behind the other two parts. Custom signature handler plug-ins can add as many layers and graphics as they like as long as they conform to the underlying architecture when they store the signature in the PDF file.

Signature Appearance Dialog
Signature Appearance Dialog

Adobe Acrobat and Reader give the user a lot of flexibility in creating a signature appearance that meets their needs and makes the recipients of the documents that they’ve signed feel secure. The only way this works because there is a consistent user experience when creating or encountering a signed PDF.

A consistent, predictable, user experience is critical to building trust.

For this reason, the SignatureAppearanceOptions class in the Datalogics PDF Java Toolkit allows developers to control the behavior of the appearance that is generated when signing or certifying a signature field precisely mimicking an appearance that’s generated by Adobe Acrobat.
Code Snippet:


The setGraphicImage() method sets the graphic image to be used in the signature’s generated appearance. The “graphic image” is a foreground image that is displayed next to the signature’s descriptive information. It can be used to display meaningful pictorial information such as a photo of the signer, a scanned physical signature, etc. The contents of the PDFPage are used to supply the graphic’s “image data.” The setLogo() method sets the logo to be used in the signature’s generated appearance. The “logo” is the background image that lies beneath the signature description and graphic; generally you’d want this to reflect something about the certificate authority used to stay consistent with Acrobat. The contents of the PDFPage referenced are used to supply the logo’s “image data.” The setDisplayItems() method sets that metadata items, name, date, reason for signing, etc.) will be displayed in the signature’s appearance if they are available in the signature dictionary. Finally, the setDirectionality() method sets the directionality for Signature appearance. The directionality corresponds to the Text Properties in the Acrobat Configure Signature Appearance” dialog.

You can see the SignatureAppearanceOptions class in action in the Datalogics PDF Java Toolkit sample called SignDocumentWithCustomAppearance.

View and download the SignDocumentWithCustomAppearance sample or get all the samples and documentation by requesting an evaluation of the Datalogics PDF Java Toolkit.

Leave a Reply

Your email address will not be published.