What type of 'risk' are you thinking of?
Can a digital ID be faked? Yes - if it's self-signed and you're daft enough to trust it without checking.
Can a commercially-issued ID be forged? Not easily, as the issuer will normally require identity documents to be sent.
Can it be stolen from inside the signed document? No.
Can you tell if the file's been changed after signing? Yes.
I am new to this kind of thing so didnt have any sort of risk in mind, I was hoping for some examples to enlighten me. Aside from risk then, are there any general best practices for setting up a digital certificate process for PDF's that require a high degree of integrity. The PDF's will only ever be "shared" internally.
I am guessing if we procured a corporate certificate from verisign that self signed is not a concern?
If you procure and use commercially-issued credentials (not self-signed), digital signatures are much safer than any other signatures.
1. They tell you whether the signed document has been altered. The document's author may specify which alterations (like form fill or signing) are acceptable. A digital signature tells you what kind of alterations in the document occurred after signing. In Acrobat you can always get the signed version before any alterations occurred.
2. The digital signature tells you who the signer is (not only from the appearance but from the signing credential which is present in the signatures).
3. The signing credential of a digital signature can be verified on-line that it has not been revoked and is still good. Acrobat has a feature to embed revocation information in the document, so that you can get verification that the signing credential was good at the signing time even if you do not have Internet access.
4. In Acrobat the last signer can lock the signature, so that no other modifications of the document are allowed.
So, there are many advantages to using digital signatures. The only risk that you have is that a signing credential can be stolen if someone has an access to the computer or token where the credential is stored AND gets hold of the credential's password. Each credential is password protected, so you guard this password as you guard any other password. If you suspect that someone got hold of your credential and password you can always ask the credential's issuer to revoke this credential and to issue you a new one. In this case the only time span when someone may use your credential is the time lag between the time the credential was stolen and the time the issuer revoked it.
If you're only ever going to be handling documents internally then you can implement your own management policy of self-signed IDs (created in Acrobat or Adobe Reader) and avoid the need to purchase commercial IDs (which are issued per-person, not per-company, so they're not trivial to manage).
A self-signed ID by default is not trusted by other installations of the Acrobat Family and will show a warning message, but you can collect self-signed IDs from your workers (via a reliable route so you know they're genuine) and add them to the trust list on your other computers. Someone else creating a self-signed 'fake' ID with the same email address would be detectable as that ID won't be trusted. If you're managing deployments of the Acrobat Family you can pre-arrange the trust options to stop people messing about with them.
The disadvantage with self-signed IDs is that they won't be trusted outside your company, but that doesn't seem to matter in your case.
Can I ask what prevents another user applying their collegues digital signature to a document?
Are passwords used to prove intent of applying the signature, if so who applies the password, last thing you would want is if all employees have the same password for the signature.
How would you be able to see if a digitally signed PDF had then been tampered with? How does it appear?
Yes, when you create a self-signed ID you are prompted for the password, and you must re-enter it whenever you sign something. In addition, the key's private file must be available on the computer used to sign (so simply guessing the password doesn't get you very far).
If a document has been signed and subsequently altered, information on the status and what was changed is shown in the Signatures panel:
Is it possible to integrate a digital signature with the users active directory username/password, i.e. when it comes to signing a PDF, you are prompted again for your active directory username/password, or worse still once authenticated onto the domain removes the need to re-enter a password when signing a PDF?
These are commercially procured certificates from verisign not self-signed.