top | item 45381777

(no title)

bonyt | 5 months ago

The PDF format supports this, at least Adobe Reader can validate a signed PDF if it's signed in a certain way[1]. I know DocuSign does this - and Reader even has a little button to view the signed version (embedded in the PDF, I think)[2]. [1]: https://helpx.adobe.com/acrobat/desktop/e-sign-documents/man... [2]: Example in Adobe Reader: https://i.moveything.com/1cf1e4ea5619 (redacted partly by me)

discuss

jeroenhd|5 months ago

Signing PDFs digitally is kind of a pain, though. There are several different standards, compatible with different readers, and you need to pay up to get a trusted certificate or Adobe will stick a huge "THIS DOCUMENT WAS SIGNED BY AN UNKNOWN PARTY" banner across the screen when you open it. And then you need to opt into the services of a timestamp server to validate your signature or your document might be marked untrusted when your certificate expires.

It's a better technical solution but unfortunately it's not as simple as you'd hope it to be.

buccal|5 months ago

Yes it is not perfect. At least in Lithuania you can use government issued personal ID to sign PDFs that pass Adobe/Foxit checks of signature authenticity. Trusted timestamp is part of a valid signature as it allows to check validity of signee certificate at the time of signing.

Adobe says: Source of Trust obtained from European Union Trusted Lists (EUTL). This is a Qualified Electronic Signature according to EU Regulation 910/2014.

Foxit says: Source of Trust obtained from European Union Trusted Lists (EUTL). This is a Qualified Electronic Signature according to EU Regulation 910/2014.

Muromec|5 months ago

I remember a case in a different jurisdiction where a judge dismissed a digitally signed document with an argument they aren't a party of PKI system and don't have a key, so they can't do anything. This stuff is weird.