Table of Contents
Advertisement
265
USING ACROBAT X PRO
Digital signatures
More Help topics
"Signature
types" on page 257
"Securing documents with
certificates" on page 227
"Adobe Approved Trust List
(AATL)" on page 267
XML data signatures
Acrobat and Reader support XML data signatures that are used to sign data in XML Forms Architectures (XFA) forms.
The form author provides XML signing, validating, or clearing instructions for form events, such as button click, file
save, or submit.
XML data signatures conform to the W3C XML-Signature standard. Like PDF digital signatures, XML digital
signatures ensure integrity, authentication, and non-repudiation in documents.
However, PDF signatures have multiple data verification states. Some states are called when a user alters the PDF-
signed content. In contrast, XML signatures only have two data verification states, valid and invalid. The invalid state
is called when a user alters the XML-signed content.
Checking the validity of a signature
If the signature status is unknown or unverified, validate the signature manually to determine the problem and
possible solution. If the signature status is invalid, contact the signer about the problem.
For more information about signature warnings and valid and invalid signatures, see the Digital Signature Guide
(PDF) at www.adobe.com/go/learn_acr_security_en.
More Help topics
"Verify information on a
certificate" on page 231
"Get certificates from other
users" on page 229
Establish long-term signature validation
Long-term signature validation allows you to check the validity of a signature long after the document was signed. To
achieve long-term validation, all the required elements for signature validation must be embedded in the signed PDF.
Embedding these elements can occur when the document is signed, or after signature creation.
Without certain information added to the PDF, a signature can be validated for only a limited time. This limitation
occurs because certificates related to the signature eventually expire or are revoked. Once a certificate expires, the
issuing authority is no longer responsible for providing revocation status on that certificate. Without conforming
revocation status, the signature cannot be validated.
The required elements for establishing the validity of a signature include the signing certificate chain, certificate
revocation status, and possibly a timestamp. If the required elements are available and embedded during signing, the
signature can be validated requiring external resources for validation. Acrobat and Reader can embed the required
elements, if the elements are available. The PDF creator must enable usage rights for Reader users (File > Save As >
Reader extended Document).
Note: Embedding timestamp information requires an appropriately configured timestamp server. In addition, the
signature validation time must be set to Secure Time (Preferences > Security > Advanced Preferences > Verification tab).
CDS certificates can add verification information, such as revocation and timestamp into the document without
requiring any configuration from the signer. However, the signer must be online to fetch the appropriate information.
Last updated 10/11/2011
Advertisement
Table of Contents
