Verifying a document that is signed with Adobe Acrobat via Autenti
A document signed via the Autenti platform is converted to PDF format (created in accordance with the international ISO 32000 standard) and includes:
- the content of the signed document;
- a signature card with information about the signatures;
- Electronic signatures and seals in PAdES format – compliant with the European standard ETSI EN 319 142-1. The Viewer tool in Acrobat Reader viewer makes it possible to read the document content, signatures on the signature card, and verify electronic seals and signatures created in compliance with the PAdES format. The verification of signatures and seals in Acrobat Reader is carried out in accordance with the requirements of the European standard ETSI EN 319 102-1.
How to recognize a document that was signed via the Autenti platform?
A document signed via Autenti displays the following information when opened in the Acrobat viewer:
- Information appears in the top line, showing that the document contains signatures and can be shown in the signature panel:
- When automatic validation is enabled, it displays the status of the Acrobat signatures and the validation:
- The left side of the document shows the signature panel that contains all of the signatures, seals and time stamps created in PAdES format. The status and credibility of these signatures are automatically verified by the Acrobat viewer.
Below the signed document’s content is a Signature Card that was created by Autenti during the signing process, which contains a visual representation of all signatures and electronic seals created via the Autenti platform.
Verification of the authenticity of documents signed on the Autenti platform
All of the documents signed via the Autenti platform contain at least 2 Autenti electronic seals: an opening seal and a final seal. These seals are based on a qualified Autenti certificate and the Adobe Acrobat viewer displays them as verified and credible.
In the layer containing the visuals are the seals on the Signature Card are found in the layer containing the visuals – the opening seal first and then the final seal last.
The opening seal has information about the person (or entity) who sent the document for signature, as well as protects the integrity of the document before beginning the signing process. Additionally, the opening seal contains information about the date and time of when the document signing process began.
The final stamp confirms that all signatures were submitted on the Autenti platform and that the integrity of the document is secured. This seal confirms that the signing process was executed via the Autenti platform, as well as secures the authenticity and integrity of the document. Moreover, the final stamp contains information pertaining to the date and time that the document signing process on the Autenti platform was completed.
In the instance that the integrity of the document is compromised, e.g. by altering its content or removing one of the pages of the document, the Autenti seals will be verified by the Acrobat Reader will verify the Autenti seals as incorrect and a warning with a red symbol will be displayed (see below). This means that the integrity and authenticity of the document will not be confirmed.
Important: The final stamp is properly verified and is a necessary element for confirming that the document was created and signed electronically using the Autenti platform.
The Signature card is always positioned at the end of the signed document and contains a visual representation of all signatures and electronic seals that were collected when signing the document via the Autenti platform.
It is important to notice that the document signed via the Autenti platform contains the Signature card with all of its fields filled in, as well as the opening and final stamps. As the document is being signed on the Autenti platform, subsequent signatures and seals are being added as subsequent parties are submitting electronic signatures.
Before any signatures have been submitted, the Signature Card initially looks like the image below. The document sent for signature always contains the initial stamp.
The signature card in the following fields contains a visual of the submitted electronic signatures. The field contains information about:
- type of electronic signature submitted,
- the signer's name and surname,
- the signer's email address,
- the signer's telephone number (optional, in the case that an additional authentication method is used),
- data concerning the signer's organization and their functions (optional, in the case that the document is signed by a person representing the organization in question),
- type of electronic signature submitted,
- the authentication method used by the signer,
- reasons for signing,
- the IP address obtained from the signer’s device, the date and time of signing.
On the Signature Card, clicking each of the signature fields enables access to additional information about the signatures, in particular data related to the cryptographic verification and the validity status of a given signature.
How the Autenti electronic signature is presented on the signature card
The Autenti electronic signature contains information as shown in the layout in the 3 examples below.
Illustration 1 – A person who used an Autenti electronic signature and was authenticated via e-mail address without the indication of the signer’s organization. This is the type of signature that is most often used in a consumer relationship with the sender. This field contains the means by which the authentication was carried out, in other words, the signer’s name and surname as well as their e-mail address.
Illustration 2 – This is an Autenti electronic signature where the signer has been verified by both e-mail and SMS. This signature contains the signer’s e-mail address and telephone number, which the Autenti platform sent a one-time OTP (“one-time password”) to via SMS. This is used as an additional verification of the signer.
Illustration 3 – An Autenti electronic signature where the signer has been verified by both e-mail and SMS. In this case, the signer also represents their organization and their information is disclosed in the signature. These are: company name, tax identification number and the role (function) of the signer in a given organization. Important: An organization’s data are declared data – they are not subject to verification by Autenti. The platform enables users to send documents to business representatives (most often contractors, business partners), without the need for any additional authentication using an SMS code, as long as the senders already know who the signers are. If the signing representation for the company consists of two or more people, each of them must be separately indicated on the platform and assigned to a company with the same data (name, tax identification number).
Clicking on any Autenti electronic signature field on the Signature Card allows for additional information to be collected about the validity of the electronic seal that has been secured. It also gives access to detailed information concerning the verification of the seal.
Every Autenti signature is secured using an electronic seal at the time of signing. This seal is then verified with a qualified certificate of the electronic seal.
How a qualified electronic signature is presented on the signature card
A qualified electronic signature contains: the signer’s information from the signer’s certificate; an indication that it is a qualified electronic signature and that a serial number is included in the signer's certificate, particularly a PESEL number, ID card number or passport number.
A qualified electronic signature contains the European Trust Mark, which can, in accordance with EU law, be used only in respect to qualified trust services.
Clicking on the qualified electronic signature field that is on the Signature Card enables the user to obtain additional information about its validity and detailed information from the verification of the signature.
In particular, a set of signature properties may be shown as below, including information about the signer's verification, the signer's information, and the confirmation of the status of a qualified electronic signature.
The verification of signatures and seals in the Signature Panel
The signature panel in Adobe Acrobat Reader shows all electronic signatures and seals contained in the framework of the PDF document. This lets the user see the verification status of each signature, the accompanying certificate, as well as additional information.
The image below shows an example of the browser in the Adobe Signature Panel. Each Autenti seal, signature and qualified electronic signature has a separate signature line. Qualified signatures show the signatory's information while each of the Autenti signatures are secured with an Autenti electronic seal.
The last line in the panel can contain a separate timestamp.
The signature panel enables a detailed examination of the signature content, date of signing, signature certificate or electronic seal and validation status.
In particular, the signature properties panel contains the following information:
- an unequivocal indication of the signer or person submitting the electronic seal,
- the time of signing or sealing that is admitted by the Autenti trust service,
- information that the source of trust on the certificate is the European Trusted List,
- reason for signing,
- information on upholding the integrity of the signature and document,
- confirmation of the validity of the signer's identification,
- information that the signature has been additionally affixed with a qualified time stamp (the solution used for most Autenti signatures, ensuring a secure signature date), date and time of the certificate’s verification in the qualified system trust service providers
Information about invalid signatures
If the Adobe Acrobat Reader viewer shows that the signature is invalid, as in the picture below, check the detailed information in the Signature Panel about the indicated signatures.
The signature panel contains information about the status of each of the electronic signatures and seals, as well as the reason for why the signature is being recogznied as invalid. The basis for recognizing a signature as defective is the information that the signed content was violated after it was signed. In particular, if all signatures and seals are shown to be invalid, it means that after signing, the content of the signed document had been tampered with, therefore making it impossible to confirm that the content and signatures are consistent. In the case that only some of the signatures are shown to be invalid, it is necessary to individually investigate the reason for this.
Unsuccessful signature verification – reasons for recognizing an invalid signature
In line with technical standards, the following reasons indicate why a signature is invalid:
- there is no possibility for cryptographic verification,
- there is no possibility to confirm the integrity of the document,
- incorrect cryptographic verification of the signature,
- the certificate is revoked at the time of signing,
- the certificate expires at the time of signing,
- the certificate is used before the validity period at the time of signing.
Undetermined signature validity
Sometimes signature verification can have an undetermined status. This status does not mean that the electronic signature is invalid, but the confirmation of its validity may require additional action.
In the example below, the qualified electronic signature certificate has expired. This does not affect the validity of the signature itself but instead the application was technically unable to confirm its validity.
Common reasons why the validity of a signature cannot be confirmed:
- incompatible with the signature verification conditions,
- not being able to build a chain of trust,
- the cryptographic algorithm is not trusted,
- the wrong sequence of time stamps,
- the certificate is revoked and there is no evidence that the signature was submitted during the validity period,
- At this time, it is not possible to access the data that confirms the validity,
- signed content is not found.
Other articles by the author