All About Digital Signatures, and their Certificates in PDFpen

All About Digital Signatures, and their Certificates in PDFpen

PDFpen and PDFpenPro have the ability sign a document with a digital signature and validate digitally signed documents, starting in version 8.

How is this “digital signature” different from the signatures supported in earlier versions of PDFpen, you ask? PDFpen and PDFpenPro already allowed you to sign documents, either by drawing a freehand signature with the scribble tool, or by placing a picture of your signature in the document. Because you are using an electronic device to sign, those types of signatures are sometimes mislabeled as “digital signatures” or “electronic signatures.”

An actual digital signature allows the document’s recipient to verify the identity of the person who signed it, and verify that nothing has changed in the document since it was signed. This means applying a digital certificate to the document. The previous methods of signing, which amount to having a picture of your signature on a document, don’t allow for a way to prove who signed the document.

We learned a lot about digital certificates in the course of making this release. One big takeaway is, they are all about “trust”. To get a bit technical, the certificate is the way to ensure the integrity and authenticity of the document once signed.

Integrity
Proves the document has not been altered. Nothing has been added, changed, or removed since the document was signed. Authenticity
Proves the document originated from a specific individual or organization.

Trusting a signature (a.k.a Validating a document)

When you open a digitally signed document, PDFpen or PDFpenPro, runs it through a series of tests to verify if the certificate is good, and shows a badge in the upper right corner from which you can understand the signing state, in other words, the level of trust you should have that the document was signed as it appears to be.

Signature Trusted
Screen Shot 2016-04-27 at 3.59.44 PM

The badge will either be green, indicating the document is digitally signed and the certificate it was signed with is fully trusted: Or yellow, meaning the document is digitally signed but the certificate is not automatically trusted:

Hover over the badge to see more information. Click the badge to see the signing certificate. From here you can choose to trust it if you want. When you trust a certificate, any new document you receive signed with the same certificate will also show as trusted. You can think of it as saying “This came from Joe, I’m sure of it, I trust him.”

If you also work with any of Adobe’s PDF apps, you should know they only trust certificates which are from the Adobe Approved Trust List (AATL). If you don’t have your own AATL certificate, then PDFpen let’s you make your own self-signing certificate to use instead. Someone receiving a self-signed document will see the document as signed but untrusted, which is what the yellow badge represents in PDFpen.

We’ll follow up with a blog post on how to get your own AATL certificate for a Mac if you’d like to get one… It’s a bit of an adventure and comes on a USB token you guard with your life, like a pen you don’t let others write with.

If you are interested on finding out more about how to sign documents in PDFpen, or more on digital signatures in PDFpen, check out the section in our Help: Signing Documents.

PDFpen and PDFpenPro users can apply a digital signature from the interactive signature field. If you want to make your own documents that can be digitally signed, as opposed to signing a preexisting one, you’ll need PDFpenPro to add this signature field.

Apply Signature