Today, it is common for businesses to rely on paperless workflows by leveraging electronic documents, most of which have some mechanism for representing a signature from a human. There are two terms that are used to talk about this technology: electronic signatures and digital signatures. There are important differences between the two, and depending on where you are in the world, when working with PDF you need to know which type of signature is authorized by law.
Electronic signatures vs digital signatures
Electronic signatures are simply a representation of a human’s handwritten signature. In the United States, this is similar to using a credit card terminal and a stylus to provide a signature for a transaction. The Electronic Signatures in Global and National Commerce Act, enacted by the United States Congress on June 30, 2000, does not require the use of electronic signatures, however, it does outline what constitutes an electronic signature and makes an electronic signature equivalent to that of a signature on paper. Digital signatures, specifically in PDF, go one step further by relying on a public/private key pair (digital certificate) that contains information about the signer, when and where the signing took place, as well information that can be used to revoke the signature. One of the unfortunate things about digital signatures, though, is that most end user applications create appearances for these that don’t match users expectations. Users see something like the following:
If you sent a PDF to someone to sign and you got something like this back, you might look at it funny and wonder why it doesn’t look like the handwritten signature you would see if the workflow was paper based. It seems to be a little-known fact that the ISO specification for PDF allows digital signatures to have an appearance that matches the definition of an electronic signature laid out by the Electronic Signatures in Global and National Commerce Act.
With Datalogics PDF Java Toolkit, you can create both types of signatures in PDFs!
As part of our effort to provide a set of best practice samples for working with PDFs and our PDF Java Toolkit, there is a sample named SignDocument that demonstrates how to create a digital signature. The initial version of this sample created a digital signature with an appearance similar to the one earlier in this article. We recently updated this sample based on feedback we received from customers so that the appearance of the signature created looks like a handwritten (also referred to as “wet ink”) signature. The updated SignDocument sample now produces a digitally signed PDF with a signature that looks like the following:
The code required to add an appearance to a digital signature with PDF Java Toolkit is pretty straightforward. Here is the outline of the steps it takes to create the appearance.
- Create a new instance of SignatureAppearanceOptions.
- Create a new instance of SignatureAppearanceDisplayItemsSet and set it up so that no items are displayed.
- Import an image (in our sample we use a JPEG) and turn it into a PDFPage object.
- Set the newly created PDFPage object to be used as the graphic image to be used for the signature.
- Sign the PDF using the SignatureManager.
These steps sign a PDF using a public/private key pair and create an appearance for the signature that matches expectations of humans who view the PDF. When you open the output from this sample in Adobe Acrobat, you see the handwritten signature and you can inspect the validity of the signature in the signature panel. Here is what that looks like in Adobe Acrobat DC:
For our samples, we use a self-signed certificate rather than one we have purchased through a certificate authority. This was done so that we don’t accidentally send out public/private key pairs that could let others impersonate Datalogics. This is often why Adobe Acrobat says that there is a problem with the signature. When signing documents, you will want to ensure that you use a certificate that can be validated by Adobe Acrobat or other PDF viewing applications.
Know the laws!
It is always important to understand the laws that govern what constitutes a legal signature for electronic documents. Datalogics PDF Java Toolkit provides the flexibility to meet or exceed the requirements of these law while also meeting the expectations of humans who view the signed PDFs. Don’t jeopardize your users by creating electronic signatures, go the extra mile and create digital signatures that are more secure and meet the appearance expectations!