2 Replies Latest reply on Sep 11, 2014 10:44 AM by IsakTen

    What is the certification authority, the third party that can confirm the digital signature?


      I created a nice electronic signature, that I now regularly use and add to every document. I was told that a signature needs to be issued by a verification authority, a third party that is able to verify the signature, certificate. I created a free certificate at CAcert.org and tried to combine it with the adobe signature certificate file, but it doesnt support .cer and .crt files. Is the Adobe the certification authority in this case since i created signature in the Adobe software? Its not a big deal, I just want everything to be correct since I use the signature in official documents now (instead of scanning a signed document) ... Thanks for any info, ideas or help.


        • 1. Re: What is the certification authority, the third party that can confirm the digital signature?
          Sabian Zildjian Level 4

          I am not sure of what your situation is but when a third party verification authority is mentioned it usually means something like this URL link describes:  Acrobat Help | Adobe Approved Trust List

          • 2. Re: What is the certification authority, the third party that can confirm the digital signature?
            IsakTen Level 4

            Each Digital Certificate has a pair of private and public keys used for encryption/decryption. The private key belongs to the certificate owner and should be kept secret. It is protected by a password. The public key can be used by anyone. Digital certificates come in two flavors: one that contains both private and public key and one that contains only public key.

            When you create a digital signature the signing process uses the private key to encrypt the signed content digest and the public key is used to decrypt it. So, only you can encrypt signed content with your certificate that has both private and private keys and anyone can decrypt it to validate the signature using certificate that has only public key. Usually, this certificate with the public key only is embedded in the digital signature, so that anyone can use it for decryption.

            The .cer certificate contains only public key. Certificates with both private and public keys usually have extensions .pfx or .p12. You need one of those to sign.

            CAcert.org issues only public key certificates. so you cannot use its certificates for digital signing.

            Adobe is not a general purpose certification authority. It issues some certificates for internal use only.

            Acrobat has a feature that allows you to create so-called self-signed certificates with both private and public keys but these certificates can be used only in a limited way. They do not provide the means to authenticate the real certificate owner nor revoke a certificate if it is stolen.

            Generally, a digital signature asserts three main features:

            1. Document integrity (document has not been changes since it had been signed),

            2. Authentication (the signer is indeed what the certificate says)

            3. Non-repudiation (the signature author cannot deny that he signed it: this is achieved via certificate revocation mechanism).

            A self-signed certificate (of the type that Acrobat produces) can be used only for #1. It cannot be used for ##2 and 3. The latter two come only when a certificate (with private key) is issued by a reputable Certificate Authority which is trusted (like VeriSign, Symantec, etc.).