Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

How to ensure Digital Signatures are not faked?

Avatar

Level 4

We are currently using some fairly archaic processes, whereby dynamic forms are completed digitally, printed, signed by hand, and then rescanned as static PDFs back onto our shared server. We are considering ways of streamlining this process, and one consideration is to use Digital Signatures. The one worry I have however is in how simple it appears to me to fake a digital signature of someone else. For example, a shared folder on the network contains PDF forms that must be approved by being signed off on by the CEO. If I add a digital signature field on this form, what would keep anyone with access to that folder from being able to open the file, click the signature field, but instead of using their own digital ID, creating a NEW digital ID with the name of the CEO, thereby making it appear that the CEO signed the form? I tested it and there doesn't seem to be any safeguard to keep this from happening.

Jo

1 Reply

Avatar

Level 6

You won't be able to fully verify a digital signature unless you add a user's certificate to your list of trusted certificates. You would only do this if you are certain of the source. See this previous discussion for more info: http://forums.adobe.com/thread/1118748