Tutorial: PDF Digital Signature Validation
  • Intro
  • PDF Digital Signature Validation
  • Validation in Adobe Acrobat
  • Validation Web Application
  • Validation with API
  • Conclusion
  • Useful Links
Powered by GitBook
On this page

Validation in Adobe Acrobat

PreviousPDF Digital Signature ValidationNextValidation Web Application

Last updated 7 years ago

Throughout this tutorial, we'll be using the document you can find in the link below. Download it so you can follow and repeat all steps on your own:

As you can see, on opening the document Adobe tells us the signature is valid:

But let's take a closer look. If we click on Signature Panel, we can find more detailed information on the signature itself:

The first thing we notice is that the document has been signed twice, once by me:

and once by a Time Stamping Authority (TSA):

Both signatures have a Source of Trust, defined automatically by the digital certificate used. In our example, since we used a digital certificate from a Belgian Identity Card, the listed Source of Trust is the European Union Trusted Lists (EUTL), a document issued by the EU which contains information about which certificates we can safely trust from each EU Member State.

When we take a closer look at the first signature by clicking on certificate details:

You can see that the certificate used to sign this document is part of a chain of certificates; the personal citizen certificate was signed by the Citizen CA certificate, which in turn was signed by the Belgium Root CA3 certificate.

How do we know we can trust the Belgium Root CA3 certificate, you may ask? If you guessed "Thanks to the EUTL", you'd be right.

The second signature, by the Time Stamping Authority (TSA), is also part of a certificate chain leading back to a certificate trusted by the EUTL, in this case the Belgium Root CA4 certificate.

As you may have noticed, the TSA signature is marked as LTV enabled, while the citizen signature is not. What does this mean?

It means that while the citizen signature is valid, it does not contain the (CRLs) or (OCSP) information that was in effect at the moment the signature was created. If we try to validate my signed document in 50 years, this information may no longer be available online. When Adobe tells us that the signature is LTV enabled(short for Long Term Validation), it means that all of the necessary information to verify the signature in the future is included in the signature itself. Isn't that neat?

Certificate Revocation List
Certificate status
Trust1Team.pdf
Signature is valid
Signature Panel
Subject Signature
TSA Signature
Subject certificate details
TSA certificate details