PDF is everywhere and so is it’s signing!
The use of Electronic documents is on the rise and so does the need to protect them. In 2020 we see a number of data breaches and are continuously increasing (top breaches in 2020). As millions of PDF documents are already in use by governments, defence and financial institutions, protecting PDF content from malicious hackers, competitors or insiders is important. Whether its a company policy for employees, citizens filling PDF form online for account opening or computers generating PDF invoices or receipts, businesses want integrity and identity to remain a top priority. PDF is now everywhere and the ability to view and sign PDFs is available freely on your desktop, cloud or mobile. If you are still not convinced about the massive proliferation of PDF, see some of the stats below as per Duff Johnson Executive Director of the PDF Association:
- 2.2 billion PDF files on the (public) web (Google)
- 20 billion PDF files in Dropbox
- Airbus, Boeing and the US Dept. of Justice each have over 1 billion PDFs
- 2 billion PDFs opened every year in Outlook.com
- 73 million new PDF files saved every day in Google Drive & Mail
- 1 in 20 static html pages is a PDF!
Percentage of PDF used in 2018
See more interesting facts here.
Transformation from Paper to PDF
Paper is scarce, costly and cutting wood is not environment friendly. Industry studies show that it costs companies $20 on average to file a paper document. Other than the cost, the overall time to file, store and search inside paper documents may take hours. For businesses finding a paper in millions of filed paper documents could take weeks. With PDF, users can fill forms and submit with a breeze using the platform of their choice while searching text inside PDF allows quick results. For businesses converting existing paper to PDF is also quick. Searching for your birth certificate in millions of records now takes not more than a few seconds. PDF has undoubtedly helped companies across the globe to switch to a secure and stable electronic document format in a very short time.
Portable Document Format is PDF
Sounds like a simple definition. Well PDF, developed by Adobe Acrobat in 1993 (27 years ago!). OK, we already saw many competing formats of PDF like HTML, Images, Docx, XML etc. so what’s new in PDF. PDF document format allows platform independent construction and rendering of content be it text, images, videos and audio. So far none of the existing formats has been able to match PDF’s strengths. Note that PDF format is now an ISO standard. Adobe holds the patent of PDF format but gives royalty free license to any one developing PDF processing software. The strength of PDF lies in following aspects.
- Renders documents likewise on any operating system or device
- The format is self sufficient. Can embed fonts, images ensuring documents are archived and renders the same for long term
- Allows content to be encrypted or digitally signed to protect its integrity and authenticity
- Avoid macros and similar dynamic content hence is more secure from viruses
PDF format allows a quick and easy way of recording business documents be it invoice, receipts, health records, government documents and more. PDF format is popular in the printing industry as well ensuring what you see is what is printed. With the launch of the free Adobe Acrobat reader, PDF documents are freely viewed and printed.
PDF Signing under the hood
As with any data, ensuring integrity and authenticity of PDF documents is important for it to be trusted. PDF format supports digital signatures from the very early stage since PDF 1.3 and improves it each year. PDF supports the following signature related features:
Visible and invisible digital signatures
Visible PDF digital signatures have a visible appearance and are a great way to quickly identify who signed the document along with any miscellaneous information shown in its appearance. Visible signatures are also shown in prints. Visible PDF digital signatures may show information like signer name, location, reason, contact information, company logo or hand signatures. Invisible digital signature helps where PDFs integrity needs to be verified programmatically only hence there no need of visible signature appearance.
For visible signatures, PDF format allows following options for users based on their business needs:
- Sign with text only
- Sign with text + images
- Sign with hand signature image
- Sign with company logo image
Detecting PDF forgery
There can be multiple reasons signatures are not accepted:
- Signatures are tampered
- Signature are not tampered but signed by an entity which you don’t trust
- Signatures are not tampered, you know the entity but the digital certificate used to sign is revoked
- Signatures are not tampered but contents were updated after PDF signing
- Signatures are not tampered, you know the entity but the software fails to check revocation
Adobe Acrobat suite of software provides users with a clear indication of the problem with the PDF’s digital signature and lets the user decide.
Ability to add long-term digital signatures (ISO 32000-1 and PAdES)
The ability to ensure PDF live for long term is important hence ensuring trustworthiness. The digital certificate used to sign PDF can expire making the signature invalid. To ensure signatures remain verifiable in the long-term signing (hence avoiding re-signing) certificate revocation information and a cryptographic timestamp (denoting the time digital signature is produced) is stored beside the created digital signature. With both added, now PDF signature verifiers just need to verify the timestamp signing certificate at current time while the signature and associated digital certificate is verified at timestamp time.
Although ISO 32000-1 provided a neat way of ensuring longevity of PDF signature, PAdES standard further enhanced it by allowing adding Document Security Store and Document Timestamp. Document Security Store allows adding revocation information (OCSP, CRL) in a central location inside PDF hence existing signed PDF can also be enhanced without tampering the signature. Document Timestamp allows adding a cryptographic timestamp prior to expiry of the previous timestamp therefore extending the longevity of the signed PDF documents. The last document timestamp is verified at current time while all the inner ones at the next upper document timestamp time.
In Europe, the EIDAS regulation has further accelerated companies to provide online services to citizens and businesses and PDF is providing a pivotal role in storing B2B and B2C documents. ETSI has also defined standards on how to ensure the integrity and authenticity of PDF by providing Qualified timestamps, Qualified signatures (person-related) local and remote signatures, Qualified seals (organization-related).
The EU now recognizes PAdES as an eIDAS compliant implementation of advanced electronic signatures. A qualified electronic signature on a PDF will now have the equivalent legal effect of a handwritten signature and will be acceptable across all EU member states.
Reviewer and Certified PDF digital signature
PDF format allows two types of signatures; reviewer and certified (also called as author signature). There can be only one certified signature in PDF. Certified signature is also the first signature in a PDF document hence called author signature. Certified signature allows recipients to easily trust the signed document before filling forms or further signing the document. Certified signature is shown with an eye-catching blue ribbon. Certified signatures also adds more restrictions on the document such as:
- Lock the document (no further changes are allowed)
- Allows form filling, signing existing signature fields and adding comments
- Allows form filling and signing existing signature fields
AATL based PDF Digital Signatures
When you sign a PDF and verify digital signature, most likely it will not be verified unless you trust the Root CA Certificate. Adobe Acrobat Reader by default uses an internal Trusted Certificate store to establish this trust also called as AATL (Adobe Approved Trust List). Digital signatures created with a certificate issued by an AATL provider is shown distinctly inside the signature properties (within Adobe Acrobat).
An AATL based digital certificate (can only resides on a USB based crypto token or HSM) digital signatures are automatically trusted and are long-term; timestamped and revocation added (LTV; long term validated). Members of AATL are vetted by Adobe ensuring that their operations are as per AATL technical requirements. You can see the list of trusted CAs inside Adobe Acrobat Reader as well (Ctrl + K, Signature > Identity and Trusted Certificates):
Adding information at signing time
At PDF signing time, meta information about the signer can be added which can help reviewers understand the context of signing the PDF assisting in trusting the signed document:
- Signer’s signing Location e.g. locality, city, country
- Signer’s signing reason e.g. I approve this document
- Signer’s signing time e.g. can be local or server time
- Signer’s contact information e.g. can be phone number or email address
Adobe Acrobat reader DC allows additional user information and intent which will be made part of the digital signature. The additional information is also shown in the signature verification panel and (optionally) in the appearance as well.
How PDF is digitally signed
PDF is a complex format allowing text, images, video, audio to be embedded. The overall process of signing a PDF can be summarized as:
Pre-process PDF document
PDF signatures are embedded inside the PDF document hence an area is allocated to later embed the signature. This process identifies the exact bytes which needs to be hashed and encrypted. This may also involve adding the signature appearance information i.e. signature location e.g. page 1, 2 etc, X,Y coordinates, contents to be shown inside e.g. images, text etc. In case of invisible digital signature this is not required.
Original PDF
%PDF . . . (PDF content) %%EOF
After pre-processing
%PDF . . . (PDF content) signature dictionary /ByteRange {...} /Contents . Certificate . Signed hash value . Timestamp (Optional) . Revocation information (Optional) %%EOF
Create PDF Digital Signature
The complete contents of the PDF excluding the PDF Signature Dictionary > Byte range is read and a signature is created. The signature can be based on PKCS#1 but CMS/PKCS#7 is preferred as this allows further security information to be added. PKCS#1 format is also not supported in PAdES standard. The CMS/PKCS#7 may optionally contain revocation information as well (OCSP or CRL). Revocation information helps in quick digital signature verification as the PDF verification software doesn’t need to look externally to find revocation information.
To ensure that the time of signing is also trusted, a cryptographic timestamp (based on RFC 3161) may be added as well. Timestamps allow users to base all their signature verification at the time when the PDF was digitally signed rather than the current time. Note that digital certificates expire after some time hence eventually signed PDF will not be trusted so adding timestamp helps avoiding re-signing of PDF documents.
Update PDF with Signature
Once signature is prepared, it is placed back inside the Signature Dictionary > Contents area.
Incremental Updates to PDF
For multiple signatures the above simply process repeats. All content updates made after signing produces an incremental change in the PDF hence doesn’t break the original signature prior changes. This also allows a user to see the actual contents which were signed. If changes are made to the original content OR the signature is forged then signature is termed as invalid.
PAdES based digital signatures
ETSI has come up with a set of signing profiles (ETSI TS 102 778) which helps businesses to standardized the way of signing and enhance interoperability among different pdf signing solution providers. PAdES (PDF Advanced Electronic Signatures) is a set of rules making PDF suitable for long-term advanced electronic signatures. These are defined as:
- Part 1: PAdES Overview – a framework document for PAdES
- Part 2: PAdES Basic – Profile based on ISO 32000-1
- Part 3: PAdES Enhanced – PAdES-Basic Electronic Signatures and PAdES-Explicit Policy Electronic Signatures Profiles
- Part 4: PAdES Long Term – PAdES-Long Term Validation Profile
- Part 5: PAdES for XML Content – Profiles for XAdES signatures of XML content in PDF files
- Part 6: Visual Representations of Electronic Signatures
Let’s sign some PDFs
The internals of PDF format is not for the weak-hearted and takes years to master. Nevertheless there are many free / open source software which allows business users to render, edit and secure by adding digital signatures. Some of these are:
Adobe Acrobat Reader DC
Pros
- Create multiple visible digital signatures
- Create Document timestamps
- Create signatures with revocation information
- Use signing keys from your windows keystore or USB tokens
Cons (Not supported, need Adobe Acrobat Pro)
Certified / author signature can’t be created Invisible digital signature can’t be created
JSignPDF
Pros
- Create multiple visible digital signatures
- Create signatures with revocation information
- Use signing keys from your windows keystore or USB tokens
- Create invisible digital signature
Cons (Not supported)
Certified / author signature can’t be created Document timestamps can’t be created
LibreOffice
Pros
- Create visible digital signatures
- Use signing keys from your windows keystore or USB tokens
Cons (Not supported)
Only create a single digital signature Revocation information is not added Certified / author signature can’t be created Document timestamps can’t be created
Future of PDF and PDF Signing
From PDF 1.3 to 2.0 PDF format has covered a lot of technical ground. We see the format supporting basic digital signature to more PAdES (PDF Advanced Electronic Signatures). PDF is here to stay as the dependencies of governments and business are growing every year. As PDF is an ISO standard, work is continuously done to improve the format in terms of usability and security. PDF Signing is increasing as the usage of PDF grows. In the security front PAdES has set the stage for long-term preservation of documents and the ETSI working group is continuously working on new improvements so stay tuned! Click here to know more about PDF 2.0.