1 2 Previous Next 63 Replies Latest reply: Jul 31, 2014 8:34 AM by joebsobe RSS

    Multiple digital signatures

    Community Member
      I am trying to create a document that can be certified as ready for review and signing and then circulated for multiple signatures .

      The document( a standard operating procedure ) must reviewed and signed by 5 or 6 people and I have to be able to prove it has not been changed other than being signed but I can't figure out how to make signing the form fields as an allowable action.

      Here is what I'm doing now

      create document in word and convert it to a pdf in adobe acrobat 8 pro on windows xp
      in the form menu click create new form
      click through and use the current document to create form
      In Live Cycle designer I :
      Add the digital signature fields
      then I'm lost

      This seem the closest to what i want to do but this seems to complicated
      http://www.adobe.com/devnet/livecycle/articles/multiple_sigs_tip.html

      I don't think I need a policy server but I'm not sure.

      I just need to invalidate signatures if someone uses acrobat to edit the document text and images after it has been certified and/or certified and signed.

      Thanks

      John
        • 1. Re: Multiple digital signatures
          Philip Levy Adobe Employee
          Assuming there are no other form fields needed except for the signature fields, the following should work:

          1. Create the PDF from Word.
          2. Open in Acrobat. Add the signature fields using the Forms > Add or Edit Fields (Acrobat 9) or equivalent in earlier versions. No need to go into Designer for a simple workflow like this one.
          3. You can then save the document and start it around for signing, but I would suggest one additional step:
          4. In the first signature field, certify the document (right click Certify with visible signature). In the certify Document dialog that comes up, under "Permitted Actions after Certifying", select "Form fill-in and digital signatures".

          5. Then each signer adds a signature and sends the document to the next person.

          Any changes to the document other than additional signatures will invalidate the signatures.
          • 2. Re: Multiple digital signatures
            Community Member
            Thanks Phillip

            The upgrade to 9 made the process a lot easier. Now I just haveto figure out my signature pad working.

            If you don't mind me asking what is the advantage of certify the document befor e circulating it?

            Thanks again
            • 3. Re: Multiple digital signatures
              Community Member
              Certifying the document lets you allow subsequent signers to apply their digital signatures without Acrobat seeing the signatures as changes and invalidating your signature.

              Philip -- thanks for the quick directions.

              - Andy McGavin
              • 4. Re: Multiple digital signatures
                Kok-Yong Tan Community Member

                Does this technique of creating multiple signature boxes using the Digital Signature Tool, then certifying the document in the first signature box to be signed and then signing the rest work in Acrobat Professional 8?  I must be missing something because I can't seem to make it work.  I've even tried using the "Place Signature" command but that immediately insists that I sign the signature box immediately.

                • 5. Re: Multiple digital signatures
                  MichaelKazlow ACP/MVPs

                  You cannot use multiple digital signatures, since later signatures will invalidate the previous signatures.

                  • 6. Re: Multiple digital signatures
                    Kok-Yong Tan Community Member

                    Then why does Phillip Levy indicate that it can be done and Andy Gavin indicate that he's done it?  I'm confused.

                     

                    In fact, I'm even more confused when I see a similar method outlined in the book "Adobe Acrobat 8 in the Office" by Donna L. Baker published by the Adobe Press where she creates a PDF Package with lots of combined digitally signed PDF documents with a cover page which has *TWO* signatures on it by a CFO (Ms. Mittal) and a CEO (Mr. Baker), one signing after the other before returning the doubly-signed (even if you ignore the two separately signed PDFs in the PDF Package from the two branch managers in the example) to the PDF Package maker.

                     

                    It doesn't make sense for a document to disallow multiple signings because in practical applications, documents get signed multiple times before they are formally accepted (e.g., first by the preparer to certify the document and its authorship, then by a reviewer, then by approvers up the chain of command, etc.)

                    • 7. Re: Multiple digital signatures
                      Steven.Madwin Adobe Employee

                      Hi Michael,

                       

                      I’m not sure what you are trying to convey, but you can most certainly add multiple digital signatures to a PDF document without invalidating the previous signature. If the document is not certified, then in Acrobat 8 and earlier, a subsequent signature causes the previous signature to be valid with changes. In Acrobat 9, subsequent signatures alone will not display as changes. In all cases, if the document is certified, and the certifying signature allows for subsequent signatures, then the approval (regular) signatures do not display as changes to the document.

                       

                      Steve

                      • 8. Re: Multiple digital signatures
                        Kok-Yong Tan Community Member

                        Do subsequent signatures after the certification signature get invalidated in Acrobat 8 even if the certification signature permits comments and form fields (a signature being a form field) to continue to be entered?

                        • 9. Re: Multiple digital signatures
                          Steven.Madwin Adobe Employee

                          All of the signatures will be valid in Acrobat\Reader 8.x.  I've attached a demo file you you can see for yourself.

                           

                          Steve

                          • 10. Re: Multiple digital signatures
                            Kok-Yong Tan Community Member

                            Yes, but you created the doc in Acrobat 9 from what the properties tell me.  Can I do the same in Acrobat 8 Pro?  I seem to be trying and failing with a "There is no PDDoc associated with this CosDoc" error during the validate phase when I re-open the document in Acrobat 8 Professional (which perplexes me no end).  Googling that string returns only two hits with no relevance.  And googling for PDDoc or CosDoc gives me lots of entries in the developer area (which doesn't help me, a user, one whit).  Any clues where I went wrong in the following procedure in Acrobat 8 Professional:

                             

                            1.  Use the Digital Signature Tool to create multiple signature form fields.

                             

                            2.  Select the first one and then certify (instead of signing) it, specifying that comments and signatures are to be allowed.  (This seems to work fine and I get the blue ribbon icon showing up.)

                             

                            3.  Select the next one and try to sign it (since it is no longer possible to "certify" it as it has already been certified in step 2).  As soon as I try to sign it, the blue ribbon icon of the certification becomes a question mark even though the signature gets a checkmark.  All subsequent signatures then invalidate the prior signatures.

                             

                            I'm wondering if I the upgrade from Acrobat Professional 7 to Acrobat Professional 8 screwed something up because I vaguely remember it working fine in Acrobat Professional 7 (I recall just installing CS3 over CS2 to get Acrobat Pro 8).

                            • 11. Re: Multiple digital signatures
                              Steven.Madwin Adobe Employee

                              Hi Kok-Yong,

                               

                              The short answer is the document you are trying to sign is corrupt. The fact you are seeing the problem when trying to sign is not related to the signing process, but rather it comes up there because the relationship between the signature fields (which are just a special type of form field) and the underlying document structure has been broken. Although there are multiple ways to break the document structure, an example of what might cause this is the computer crashing right as the file is being saved.

                               

                              If you reply to this message and attach the file I can take a look and try to see where the corruption lies, or see if it can be fixed.

                               

                              Steve

                              • 12. Re: Multiple digital signatures
                                Bobby Hollowell Community Member

                                I have a similar issue with a PDF that is NOT corrupt.  I can duplicate the issue by creating new documents for testing.  I created a two page document in Adobe 9 Pro that has a total of 4 digital signature fields. I selected the "Extend Features in Adobe Reader" option and saved the form.  I then sent the form to a user who has Adobe Reader 8.1.  They were able to open the PDF, use the Topaz signature pad to create the signature but there is not an option for certifying the signatures.  I can only select this option if I use the Acrobat Standard or Pro...I do not have this option when using Adobe Reader to sign the document.

                                • 13. Re: Multiple digital signatures
                                  Steven.Madwin Adobe Employee

                                  Hi Bobby,

                                   

                                  The ability to add a certifying signature is limited to Acrobat, it is not an enabled feature in Reader. The purpose of the certifying signature is for the document author to attest to the integrity of what they created and to allow the author to control what can be done to the document (e.g. whether or not you can add a comment). Since you cannot author a document in Reader there is no reason for Reader to be able to apply a certifying signature.

                                   

                                  Steve

                                  • 14. Re: Multiple digital signatures
                                    Bobby Hollowell Community Member

                                    That makes sense...I wish I had the option so that the signatures weren’t showing as invalid...Adobe should really allow you to hard code that option into the signature field.

                                     

                                    Since you answered that question, maybe you can help with another...same form, created a button at the bottom to "Submit" the form in an email.  The button works but all it does is create the email with a simple subject line and I'd like to be able to specify the subject line based on the contents of one of the fields in the form.  Example:  The form has a field for the users last name, I'd like either the form to be renamed when it is sent and call on the contents of that field to supply the name, or for the subject to be pulled from that field.

                                     

                                    I have seen a forum post on here about that but there was no resolution for it...any guidance would be appreciated.  The forum I have seen so far is http://forums.adobe.com/thread/336558

                                    • 15. Re: Multiple digital signatures
                                      Steven.Madwin Adobe Employee

                                      Hi Bobby,

                                       

                                      I’ve attached a file to this post with an example of what you are looking to do. Whatever data gets entered into the text field will show up in the subject line of the mail message when you click the submit button.

                                       

                                      The mail issue aside, what I’m really concerned about is the notion that adding a digital signature will invalidate the previous signature. An invalid signature is displayed with a red X, either on the signature field (Acrobat 8.x and earlier), or in the document message bar and on the signature panel (Acrobat 9 and later). Is this what you are seeing?

                                       

                                      Thanks,

                                      Steve

                                      • 16. Re: Multiple digital signatures
                                        Kok-Yong Tan Community Member

                                        Hi Steve,

                                         

                                        Sorry for the delay:  I got inundated at work.

                                         

                                        I generate the PDF file afresh each time from a word processing program (Pages from the iWork '08 package) on my Mac (OS X 10.4.11) and there has been no system crash, nor a crash while saving the document.  I use the PDF generation drivers that are built into the operating system itself.   Then, to the generated PDF, I add  another PDF into it (all this before I even add signature blocks, etc.) and that other PDF is fully readable and this combining of documents doesn't results in any errors either.

                                         

                                        Unfortunately, since the document itself is a company confidential document, I can't release it for inspection.  I'll see if I can duplicate the situation with a test document.

                                         

                                        Kok-Yong

                                        • 17. Re: Multiple digital signatures
                                          Bobby Hollowell Community Member

                                          The Attachement isn't available...

                                           

                                          Attachments:
                                          • mailtoExample.pdf (47.1 K) QUEUED
                                          • 18. Re: Multiple digital signatures
                                            Steven.Madwin Adobe Employee

                                            Hi Bobby,

                                             

                                            The forum software is weird that way. I can see the file is queued up, but I don't know when it will get posted. I don't have any control over when it becomes available for download. Hopefully in the not too distant future, but it will become accessible at some point.

                                             

                                            Steve

                                            • 19. Re: Multiple digital signatures
                                              Bobby Hollowell Community Member

                                              Thanks Steve, this works like a champ but the only portion this java script doesn't do is attach the completed form to the email and I can't figure out the proper syntax for including 2 fields in the Subject.  So if I have 2 fields, one for "Applicant Last Name" and one for "Applicant First Name", the synax for getting both fileds in the subject so the subject says "Access Request Form for Doe, John".  Your assistance is TREMENDOUSLY helpful!!!

                                              • 20. Re: Multiple digital signatures
                                                Steven.Madwin Adobe Employee

                                                Hi Bobby,

                                                I’d suggest looking at http://livedocs.adobe.com/acrobat_sdk/9/Acrobat9_HTMLHelp/wwhelp/wwhimpl/js/html/wwhelp.ht m?href=JS_API_AcroJS.88.1.html#1515776&accessible=true for help with JavaScript. When you get there, if you don’t see the Navigation tree in the left panel, be sure to click the Show Navigation button in the upper left corner of the web page. From the Navigation Panel click on the JavaScript API link and you can see all of the main topics. Alternately, you could click on the Search button, search on "mail", and find examples of what you are trying to do.

                                                Were you able to see the JavaScript I assigned to the button? If not, select the View > Toolbars menu item and then select Advanced Editing from the fly-out menu. Click on the Select Object toolbar button and then right mouse click on the button and select Properties from the pop-up menu. Select the Actions tab from the Button Properties dialog and then click on (highlight) Run a JavaScript. That will enable the Edit button which you need to click on. That’s where you can see the example and make your changes.

                                                 

                                                Steve

                                                • 21. Re: Multiple digital signatures
                                                  Bobby Hollowell Community Member

                                                  Yes, I was able to see the code and this link is full of good information but I don't have the requsite knowledge of Java for any of this to make much sense.

                                                   

                                                  /*var myFieldData = this.getField ("APPLICANT LAST NAME");

                                                  var mySubjectName = (myFieldData.valueAsString);

                                                  app.mailMsg(false, TEST@TESTEMAIL.COM, "", "", "Access Request for"+mySubjectName, "Please process the attached form for acess.");

                                                   

                                                  This is the code you sent that I altered, the "APPLICANT LAST NAME" field is one of the 2 I'd like to pull so that the Subject appears as "Access Request for Doe, John".  The code doesn't allow for the PDF to be sent with the email.  In looking at the information at the link you refernced, it seems the "mailDoc" command is what I need but this command specifies a the To: field as well as the Subject. 

                                                   

                                                  Ideally I don't want the users to interact with the mail window, once they click the submit form button, I'd like to have the the two fields refernced above to be pulled from the form, added to the subject, the form attached to the email and it just get's sent. 

                                                   

                                                  It seems I'm very close to gettingt hs to work but I'm not sure if the syntax of each of these bits of code work together or not or how to put them together to make it work.

                                                  topmostSubform.Page1.Submit_Button::mouseUp - (JavaScript, client)

                                                  • 22. Re: Multiple digital signatures
                                                    Steven.Madwin Adobe Employee

                                                    Hi Bobby,

                                                     

                                                    Replace the line app.maiMsg with the following code:

                                                     

                                                    this.mailDoc({

                                                     

                                                            bUI: false,

                                                     

                                                            cTo: "foo@example.com",

                                                     

                                                            cSubject: "Form submitted by "+mySubjectName,

                                                     

                                                            cMsg: "The completed PDF form is attached."

                                                     

                                                        });

                                                     

                                                    Obviously, you will need to change the cTo string and modify the subject and message as you see fit.

                                                     

                                                    Steve

                                                    • 23. Re: Multiple digital signatures
                                                      tyson_clark Community Member

                                                      Steve,

                                                       

                                                      In post #9 you provided a file (certMultiSigs.pdf) that shows multiple signatures on the same document without invalidating one another.When I look at the document properties it says signing is allowed, but when I pull up the Sign & Certify actions under the Tools menu the Sign Document option is greyed out. Why is this and how to overcome it? (I'm having a similar problem on a document I'm generating.)

                                                       

                                                      BTW, I'm using Adobe Acrobat X Pro.

                                                       

                                                      Thanks,

                                                       

                                                      Tyson

                                                      • 24. Re: Multiple digital signatures
                                                        Steven.Madwin Adobe Employee

                                                        Hi Tyson,

                                                         

                                                        Regarding the file I previously posted, there are no empty signature fields left to sign. If you were to go into the Signature Panel, expand Rev. 2 or Rev. 3, and then select "Click to view this version" you would end up rolling the document back to before the last signature was added. You could then Save that copy, open the newly saved copy and you would be able to sign it.

                                                         

                                                        My guess is your next question will be why doesn't Place Signature work? It's because the very first signature was a Certifying signature and one of the features of using certifying signatures is it allows the document author to prevent changes to the PDF file, thus preserving the documents visual integrity. When I certified the file it blocked adding any other form fields to the file and the Place Signature function requires the user to be able to add a signature field (and a signature field is just a special purpose form field) where ever they choose.

                                                         

                                                        As far as the file you are creating, I'm not sure why you can't sign it. If you are creating the file in LiveCycle Designer, you cannot add fields on the fly to XFA documents. If you could give me the steps you follow to generate the doc i might have an idea as to why you cannot sign, or better yet, add the file as an attachment to your reply and I can take a look.

                                                         

                                                        Steve

                                                        • 25. Re: Multiple digital signatures
                                                          cunninj76 Community Member

                                                          Steve,

                                                           

                                                          I'm having a similar problem with multiple digital signatures.  See my problem below:

                                                           

                                                          We are using Adobe Acrobat 8. We want to use the encrypted digital signatures feature.

                                                           

                                                          We need two approvers to digitally sign a document without invalidating the document. I looked at this topic information on the Adobe support website and followed their instructions on multiple signatures and apparently you must certify the document first and permit digital signatures during this process, see print screen below. Here's the steps we took and where we got hung up:

                                                          • I saved a .pdf file to a shared directory folder. (the approval document)
                                                          • I certified the document as accurate using Adobe and saved/closed the document
                                                          • I asked the 1st approver to access the certified document in the directory I saved it and digitally sign the document.
                                                          • When the 1st approver opened and tried to digitally sign the document, the signature option was grayed out and not possible.

                                                          Are there some settings that should be adjusted to make this possible? Any help would be appreciated.

                                                           

                                                          Thanks,

                                                          • 26. Re: Multiple digital signatures
                                                            Steven.Madwin Adobe Employee

                                                            Hi cunninj76,

                                                             

                                                            My guess is the the 1st approver is using Adobe Reader and you did not Reader enable the file. Open the certified file in Acrobat 8 and then select the Advanced > Enable Usage Rights in Adobe Reader  menu item. Click the Save Now button and save the file back to the shared directory and ask the 1st approver to try again.

                                                             

                                                            Steve

                                                            • 27. Re: Multiple digital signatures
                                                              cunninj76 Community Member

                                                              Thanks Steve,

                                                               

                                                              But I don't seem to have "Enable Usage Rights in Adobe Reader" in the

                                                              Advanced menu options.  Also, the 1st Approver has Adobe 8 Standard.

                                                               

                                                               

                                                               

                                                              From:

                                                              "Steven.Madwin" <forums@adobe.com>

                                                              To:

                                                              cunninj76 <jamie.cunningham@basf.com>

                                                              Date:

                                                              10/03/2011 01:11 PM

                                                              Subject:

                                                              Multiple digital signatures

                                                               

                                                               

                                                               

                                                              Re: Multiple digital signatures

                                                              created by Steven.Madwin in Acrobat Windows - View the full discussion

                                                              Hi cunninj76,

                                                               

                                                              My guess is the the 1st approver is using Adobe Reader and you did not

                                                              Reader enable the file. Open the certified file in Acrobat 8 and then

                                                              select the Advanced > Enable Usage Rights in Adobe Reader  menu item.

                                                              Click the Save Now button and save the file back to the shared directory

                                                              and ask the 1st approver to try again.

                                                               

                                                              Steve

                                                              Replies to this message go to everyone subscribed to this thread, not

                                                              directly to the person who posted the message. To post a reply, either

                                                              reply to this email or visit the message page: [

                                                              http://forums.adobe.com/message/3951435#3951435]

                                                              To unsubscribe from this thread, please visit the message page at [

                                                              http://forums.adobe.com/message/3951435#3951435]. In the Actions box on

                                                              the right, click the Stop Email Notifications link.

                                                              Start a new discussion in Acrobat Windows by email or at Adobe Forums

                                                              For more information about maintaining your forum email notifications

                                                              please go to http://forums.adobe.com/message/2936746#2936746.

                                                              • 28. Re: Multiple digital signatures
                                                                Steven.Madwin Adobe Employee

                                                                Hi Jamie,

                                                                 

                                                                So much for my guess. One thing, you need Acrobat Pro to add Reader Usage Rights, you can't do it in Acrobat Standard. That explains why you didn't see the menu item.

                                                                 

                                                                What it doesn't explain is why the first approver can't sign. Are you sure that the file isn't marked as read only when viewd on the common directory? What if the person trying to sign as the 1st approver copies the file to their local machine and trises to sign?

                                                                 

                                                                Steve

                                                                • 29. Re: Multiple digital signatures
                                                                  cunninj76 Community Member

                                                                  Hi Steve,

                                                                   

                                                                  This didn't work either... do you want me to send you some print screens

                                                                  or any other references?

                                                                   

                                                                  Thanks,

                                                                   

                                                                  Jamie M. Cunningham

                                                                  Engineering Support Specialist II

                                                                  Phone: 409-960-5205, Fax: 409-960-5333, E-Mail: jamie.cunningham@basf.com

                                                                  Postal Address: PO Box 2506, Port Arthur, TX, 77643

                                                                   

                                                                   

                                                                   

                                                                  From:

                                                                  "Steven.Madwin" <forums@adobe.com>

                                                                  To:

                                                                  cunninj76 <jamie.cunningham@basf.com>

                                                                  Date:

                                                                  10/03/2011 02:16 PM

                                                                  Subject:

                                                                  Multiple digital signatures

                                                                   

                                                                   

                                                                   

                                                                  Re: Multiple digital signatures

                                                                  created by Steven.Madwin in Acrobat Windows - View the full discussion

                                                                  Hi Jamie,

                                                                   

                                                                  So much for my guess. One thing, you need Acrobat Pro to add Reader Usage

                                                                  Rights, you can't do it in Acrobat Standard. That explains why you didn't

                                                                  see the menu item.

                                                                   

                                                                  What it doesn't explain is why the first approver can't sign. Are you sure

                                                                  that the file isn't marked as read only when viewd on the common

                                                                  directory? What if the person trying to sign as the 1st approver copies

                                                                  the file to their local machine and trises to sign?

                                                                   

                                                                  Steve

                                                                  Replies to this message go to everyone subscribed to this thread, not

                                                                  directly to the person who posted the message. To post a reply, either

                                                                  reply to this email or visit the message page: [

                                                                  http://forums.adobe.com/message/3951543#3951543]

                                                                  To unsubscribe from this thread, please visit the message page at [

                                                                  http://forums.adobe.com/message/3951543#3951543]. In the Actions box on

                                                                  the right, click the Stop Email Notifications link.

                                                                  Start a new discussion in Acrobat Windows by email or at Adobe Forums

                                                                  For more information about maintaining your forum email notifications

                                                                  please go to http://forums.adobe.com/message/2936746#2936746.

                                                                  • 30. Re: Multiple digital signatures
                                                                    Steven.Madwin Adobe Employee

                                                                    Hi Jamie,

                                                                     

                                                                    Thanks for the file. Before I get into what is going on in your case here's a bit of background.

                                                                     

                                                                    With a regular approval signature you get two thing. One is you assert who actually signed the document (known as non-repudiation because the person can't deny their signature). The other thing is proof of document integrity, that is, if the document has been modified it will invalidate the signature.

                                                                     

                                                                    With a certifying signature you add in protection to prevent the document from being modified. This is to help sustain the integrity and fidelity of the document. When you certify a PDF file you have one of three options to protect the document. The first is no changes allowed. With that option no one (not even the author) can modify the document at all. The next option is form fill-in and signing. As an aside a signature field is just a special purpose form field so signing a document is just another type of filling in of a form field. The third option is to allow commenting along with form fill-in and signing. Regardless of which option you select you cannot modify the underlying structure of the file, and adding a form field would do just that. With the place signature option the signer gets to add a form field (in this case a signature form field) anywhere on the document they like, and because adding form fields to a certified file is verboten the option is disabled in the menus and tools.

                                                                     

                                                                    As the document author what you need to do is add the signature fields to the document before you certify the file. Adding the certifying signature should be the last operation you do before posting the file to the shared drive. Then the other approvers will be able to sign.

                                                                     

                                                                    On another note, when an approver goes to sign the document they will get an alert if the certifying signature isn't trusted. Because you are using a self-signed digital ID to add the certifying signature ever one else that is going to sign will need to add a copy of your public-key certificate into their Manage Trusted Identities list with the trust setting set to both "Use this certificate as a trusted root" and "Certified documents" if they don't want to see the alert.

                                                                     

                                                                    Steve

                                                                    • 31. Re: Multiple digital signatures
                                                                      cunninj76 Community Member

                                                                      Hi Steve,

                                                                       

                                                                      Thanks for the information. I had two approvers stamp the document before

                                                                      I certified it. Since I was one of the approvers, I added the 2nd approver

                                                                      to my Trusted Identities list.  The signatures still had a checkmark and

                                                                      warning on them and when the warning details were view it read " Signature

                                                                      is valid, but there were subsequent changes to the document"; however,

                                                                      when I added a third signature it had no warnings.  I then tried to

                                                                      certify the document at the end but the option was grayed out.

                                                                       

                                                                      We don't necessarily need the document certified and the signatures with

                                                                      the warnings may be ok for our purposes, since the document will be a PDF

                                                                      and approvers can't alter it except with the mark-up tools anyway.

                                                                       

                                                                      I really appreciate your help, if you have more insight on the above

                                                                      please send it my way.

                                                                       

                                                                      Thanks,

                                                                       

                                                                      Jamie M. Cunningham

                                                                      Engineering Support Specialist II

                                                                      Phone: 409-960-5205, Fax: 409-960-5333, E-Mail: jamie.cunningham@basf.com

                                                                      Postal Address: PO Box 2506, Port Arthur, TX, 77643

                                                                       

                                                                       

                                                                       

                                                                      From:

                                                                      "Steven.Madwin" <forums@adobe.com>

                                                                      To:

                                                                      cunninj76 <jamie.cunningham@basf.com>

                                                                      Date:

                                                                      10/04/2011 01:03 PM

                                                                      Subject:

                                                                      Multiple digital signatures

                                                                       

                                                                       

                                                                       

                                                                      Re: Multiple digital signatures

                                                                      created by Steven.Madwin in Acrobat Windows - View the full discussion

                                                                      Hi Jamie,

                                                                       

                                                                      Thanks for the file. Before I get into what is going on in your case

                                                                      here's a bit of background.

                                                                       

                                                                      With a regular approval signature you get two thing. One is you assert who

                                                                      actually signed the document (known as non-repudiation because the person

                                                                      can't deny their signature). The other thing is proof of document

                                                                      integrity, that is, if the document has been modified it will invalidate

                                                                      the signature.

                                                                       

                                                                      With a certifying signature you add in protection to prevent the document

                                                                      from being modified. This is to help sustain the integrity and fidelity of

                                                                      the document. When you certify a PDF file you have one of three options to

                                                                      protect the document. The first is no changes allowed. With that option no

                                                                      one (not even the author) can modify the document at all. The next option

                                                                      is form fill-in and signing. As an aside a signature field is just a

                                                                      special purpose form field so signing a document is just another type of

                                                                      filling in of a form field. The third option is to allow commenting along

                                                                      with form fill-in and signing. Regardless of which option you select you

                                                                      cannot modify the underlying structure of the file, and adding a form

                                                                      field would do just that. With the place signature option the signer gets

                                                                      to add a form field (in this case a signature form field) anywhere on the

                                                                      document they like, and because adding form fields to a certified file is

                                                                      verboten the option is disabled in the menus and tools.

                                                                       

                                                                      As the document author what you need to do is add the signature fields to

                                                                      the document before you certify the file. Adding the certifying signature

                                                                      should be the last operation you do before posting the file to the shared

                                                                      drive. Then the other approvers will be able to sign.

                                                                       

                                                                      On another note, when an approver goes to sign the document they will get

                                                                      an alert if the certifying signature isn't trusted. Because you are using

                                                                      a self-signed digital ID to add the certifying signature ever one else

                                                                      that is going to sign will need to add a copy of your public-key

                                                                      certificate into their Manage Trusted Identities list with the trust

                                                                      setting set to both "Use this certificate as a trusted root" and

                                                                      "Certified documents" if they don't want to see the alert.

                                                                       

                                                                      Steve

                                                                      Replies to this message go to everyone subscribed to this thread, not

                                                                      directly to the person who posted the message. To post a reply, either

                                                                      reply to this email or visit the message page: [

                                                                      http://forums.adobe.com/message/3953483#3953483]

                                                                      To unsubscribe from this thread, please visit the message page at [

                                                                      http://forums.adobe.com/message/3953483#3953483]. In the Actions box on

                                                                      the right, click the Stop Email Notifications link.

                                                                      Start a new discussion in Acrobat Windows by email or at Adobe Forums

                                                                      For more information about maintaining your forum email notifications

                                                                      please go to http://forums.adobe.com/message/2936746#2936746.

                                                                      • 32. Re: Multiple digital signatures
                                                                        Steven.Madwin Adobe Employee

                                                                        Hi Jamie,

                                                                         

                                                                        A certifying signature has to be the first signature applied to the document. You can add approval signatures post certification, but not the other way around.

                                                                         

                                                                        Beginning with version 9, if the only change to an uncertified document is a subsequent signature you won't see the warning that changes have been made to the document, but because you are using version 8 that still occurs. However, if the document is certified and the only changes are subsequent approval signatures you don't get the warning, even in version 8.

                                                                         

                                                                        All of this is predicated on using digital signatures. If the approvers are using stamps, that is not really a digital signature, but rather an annotation. Annotations are anything that sits on top of the actual PDF layer such as comments (sticky notes), stamps, drawings or mark-ups. Because they are not digital signatures (even if the stamp is a representation of a wet ink signature it's still not a digital signature) you can certify the file after it's been stamped.

                                                                         

                                                                        Steve

                                                                        • 33. Re: Multiple digital signatures
                                                                          CFW III Community Member

                                                                          We are having a similiar issue. In my office, we are using Adobe Acrobat X Pro to combine PDF's into one document. After combing all the docs, we are adding digital signature blocks where necessary. There is no requirement for us to sign the document. We then distribute the docs for signatures using the DISTRIBUTE option, utilitzing the "work flow" that Adobe X has. The issue is that when we send out a doc with digital signature blocks, we can't have more than one person sign the doc using the digital signature blocks we have created. Ideally, if we have 10 signatures required, one person will sign 9 while another person will sign only one. Can anyone advise us on how we may accomplish this?

                                                                          • 34. Re: Multiple digital signatures
                                                                            enrico68 Community Member

                                                                            I have a similar but not identical problem, always belonging to multiple signatures. I have a form with multiple signature fields with javascript that, when the user signs, populate a Date field. In addition this javascript shows the other signatures in a sort of "signature workflow".

                                                                            The form was created with Acrobat 9 and now we have moved to Acrobat X.

                                                                            The javascript caused a warning, with the old Acrobat version, but the signatures were valid and modifications were shown. Now the signatures are considered invalid. What changed? How can be managed?

                                                                            Thank You in advance

                                                                            • 35. Re: Multiple digital signatures
                                                                              kerakatera Community Member

                                                                              Does anyone know whether one can sign a pdf with Adobe X Pro and then forward it to the next person for signing without saving the document on your pc? An end user would prefer that the documents not have to be stored on each person's computer after signing for security reasons.

                                                                              • 36. Re: Multiple digital signatures
                                                                                Steven.Madwin Adobe Employee

                                                                                The file has to be saved somewhere. You could save it to a shared network drive, but the signing process requires the the file be saved to disk before the signature is computed. When digital signatures were first introduced into Acrobat signing did take place in memory, but that became a security risk so we had to err on the side of safety and require that signatures be created to files written to disk. The problem with signing out of memory is it is too easy for someone (in this case the bad guy) to introduce a command to change the file in the middle of the signing process in memory. For instance a piece of text that says "I agree to pay $100" gets changed to "I agree to pay $1000". The signer doesn't see the change until it is too late. By forcing the file to be written to disk it eliminates the memory highjacking problem and provides a more secure signing environment. If there were no bad guys we could have left the signing process the way it was, but alas...

                                                                                 

                                                                                Steve

                                                                                • 37. Re: Multiple digital signatures
                                                                                  kerakatera Community Member

                                                                                  Thanks so much for your reply. I thought that it was something like that. My users insist that when they open a pdf in their web browser (Internet Explorer) they can sign a document without saivng it. They did show me that they can do this, but I can't duplicate it as I don't have rights to access the particular files that they are using. In this case it would be saved to the temporary Internet file. In the browser is the signature still handled by Adobe Acrobat? If so is there a different mechanism that is used?

                                                                                  • 38. Re: Multiple digital signatures
                                                                                    Steven.Madwin Adobe Employee

                                                                                    Hi,

                                                                                     

                                                                                    It looks like the file isn't being saved, but it is, only to a temp file. Initially, when you view the file in the browser the file is loaded into memory. If the option "optimize for fast web view" was selected when the file was created, when you open the PDF in the browser just the first page is downloaded and displayed, then the rest of the file is downloaded, but everything is in memory. When you start the signing operation the file is written to disk, it just that the signer doesn't see that action. After the signature is created if the signer wants to send the file they are still required to do a save operation and give the file a name, but what they are really doing is making a copy of the signed temp file.

                                                                                     

                                                                                    Steve

                                                                                    • 39. Re: Multiple digital signatures
                                                                                      kerakatera Community Member

                                                                                      That is great. Thanks so much for the information. So I guess my solution is to figure out an uncomplicated way for them to open it in their web browser. They may like that option.

                                                                                      1 2 Previous Next