Digitally Sign Uploaded PDF

The user "has" a token and "knows" a PIN for the application of a digital signature using a PDF document

References

For more in-depth details on the technical flow for PIN validation, check out: #flow-diagram

Introduction

A user can digitally sign a document using ReadMyCards

At the bottom of the page, there are 3 use cases available:

• authenticate user with browser OR operating system pin dialo

• upload a PDF document as a prerequisite to the process of performing a digital signature

• digitally sign a PDF document

Upload, authenticate and digitally sign

Pin Dialog

The Trust1Connector ask the user for a PIN when performing an authentication or a digital signature. When a user enters the PIN in a browser dialog, the Trust1Connector has the necessary functions in the SDK to encrypt the PIN sent from the browser towards the Trust1Connector instance. The reasoning behind this approach is:

• the Trust1Connector does NOT rust a local browser: the browser can be corrupted with a 'dirty' plugin for example; no pin code will be visible in the 'debug console' of the browser

• applications are not trusted, except when presenting a valid token, and when performing a key exchang prior to the use of the connector

Browser PIN dialog

When enabling the toggle 'Use operating system pin dialog', you ask to ignore entering the PIN in the browser by delegating the PIN entry to the operating system. When this option has been enabled, the Trust1Connector will ask the underlying operating system to deal with the PIN entry. This means that the PIN entry is COMPLETELY separated from the web application or browser.

Operating system (MacOS in this example) PIN dialog

This topic has different motiviations depending on the use case and security policies applied in an organizatoion. The Trust1Connector want to guarantee a safe implementation for both use cases mentioned

When the use case completes succesfully, in the top right, the following message will appear for a short amount of time:

Succesful PIN validation

Digital Signature

The ReadMyCard application allows a user to sign a PDF document using baseline PAdES-LTV Profile (Long Term). It’s the long-lived signature format. This profile allows you to extend the validity of signatures in PDF format indefinitely. It can be used in conjunction with other PAdEs profiles. This profile is used to ensure validation many years after the completion of the signature. That is, it guarantees long-term validation.

Start uploading a PDF document, this can be done by selecting the 'file-drop'-zone or drag-and-drop a file to the 'file-drop'-zone.

Upload PDF Document

Once a file has been uploaded, the filename will appear in the drop-zone.

Uploaded PDF Document

Start the signature flow using the 'Sign uploaded document':

Enter PIN for digital signature

When the flow completes succesfully, the following pop-up will be shown:

Succesfully applied digital signature

From the pop-up you can:

• download the signed PDF document (using the download link)

• close the pop-up and go back to previous screen

Opening the document in Adobe Acrobat Reader, will demonstrate the application of the digital signature

PDF validation using Adobe Acrobat Reader

Opening the signature details, the signature properties can be verified:

Digital Signature Details

There are no guarantees for the documented properites using the ReadMyCards application. As the application can be altered for demo purpose, some details can or may change over time