3 Replies Latest reply on Oct 13, 2015 2:33 PM by IsakTen

    How to ensure uniqueness of a digital id / digital signature.

    kalyanar79538553

      An Id or a signature should be unique and i have checked Digital Id creation option in acrobat X pro and it asking some general information such as Name, email, company etc. when trying to create a digital id in Acrobat. Therefore anyone who know those information can create another person's digital signature. What is the mechanism of ensuring uniqueness of a digital id from another digital id created with same general information and image.  

        • 1. Re: How to ensure uniqueness of a digital id / digital signature.
          Test Screen Name Most Valuable Participant

          Self-created digital IDs are worthless for proving a person's identity by themselves. And you should never look at the signature info to prove anything. This is extremely important. They are of value if, before using them, you exchange the public certificate with the recipients, and check the exchange is authentic (perhaps with a phone call). Then, to check identity, you make sure the signature matches.

           

          It's just like a paper signature. To check a paper signature you first need to get a copy of the signature - and not in the same envelope.

           

          There are also certificates issued by organisations which DO check; you can use these.

          There are also enterprise certificate libraries, where for in-house checking the signatures can be checked against the official in-house signature.

          • 2. Re: How to ensure uniqueness of a digital id / digital signature.
            Test Screen Name Most Valuable Participant

            To emphasise: a signed document is worthless unless you will verify the signature against a known one or certificate authority.

             

            Some people will look at the page with the name etc. This is a very bad practice and education is needed to be sure people NEVER trust this.

            • 3. Re: How to ensure uniqueness of a digital id / digital signature.
              IsakTen Level 4

              The worthiness of a signature signed with a self-signed certificate is that it ensures integrity of the document: that it had not been changes since the time when it was signed. Self-signed certificate does not provide any means to prove identity of the signer. Therefore identity of the signer cannot be ascertained for signatures signed with a self-signed certificates. If you need to prove identity of the signer you need to procure a signing certificate from reputable Certificate Authority (and it is not free).