1 2 Previous Next 69 Replies Latest reply on May 10, 2016 12:22 PM by cindis61994726 Go to original post
      • 40. Re: Multiple digital signatures
        Julio9807 Level 1

        Hello Mr. Madwin:


        Your reply for Jamie in Oct 5, 2011 seems to be very important for our company now - "A certifying signature has to be the first signature applied to the document. You can add approval signatures post certification, but not the other way around."


        We have Acrobat XI Pro and require digitally signed pdf design plans for approval in our offices; we have certified signatures, probably the designer's too. But when we sign, the designer's signature becomes invalid.


        Subsequent signatures may be required. So, in order to avoid invalidation and have all signatures valid, what would be your advice?


        In another reply (Oct 4, 2011) you talk about 3 options; since the original design must remain untouched, the one I see as adequate is "form fill-in and signing". Is this correct or are there aditional options for Acrobat XI?

        • 41. Re: Multiple digital signatures
          Steven Madwin Adobe Employee

          Hi Julio,


          A second signature should not invalidate the previous signature. Does the PDF document contain a signature field for each planned signer prior to it being signed the first time, or, are you expecting the signer's to inscribe (create) a signature field at signing time?




          • 42. Re: Multiple digital signatures
            Julio9807 Level 1

            Thanks for the prompt answer, Steven.


            Let me add that this is a new process for us in Puerto Rico's government, and it's probably the same for the mayority of the designers. What this means is that we are still learning about digital signatures and what are the options with Acrobat XI. As we institute policy, it also means that we need to understand what requirements are needed for designers to comply.


            Designers are probably signing with default settings or choosing "no changes allowed", which invalidates their signature when we sign.


            I asked our main department to look for somekind of training regarding these options, but they're taking too long and these are costly and liable processes.


            The process is - 1. Designers submit a pdf plan digitally signed. 2. We check the design and if OK, we digitally sign (a certified signature). 3. Designers may submit the plan (with 2 valid signatures) to other agencies which may digitally sign too.


            We need this pdf plan to accept and validate all these signatures, starting with the designer's. So, what is your advice?

            • 43. Re: Multiple digital signatures
              Steven Madwin Adobe Employee

              Hi Julio,


              I think we may be using "certified signature" in different contexts. If the designer digitally signed the plan and then submitted it for review, then the reviewer could not add a certifying signature in Acrobat because the certifying signature must be the first signature. Acrobat will not allow a certifying signature to be created once the file has been signed. If a certifying signature is to be created it must be the first signature and then all subsequent digital signatures will be regular signatures (also know as "approval signatures").


              The certifying signature is what puts the blue ribbon icon on the document message bar



              With a valid regular signature on an uncertified file you would see this icon on the document message bar


              I think what you need to do is create a template file for the designer to use to that includes places for approval signatures along with his/her own signature. That way, once they create their design they can convert the document to a PDF file (unless they they are creating the document in Acrobat, but that's not usually how this works) that already has places for people to sign if they approve the design. Since the designer is going to be the first person to sign the PDF file, they (and only they) will have the opportunity to create a certifying signature, and it's here that you need to make sure that they don't totally lock down the file by setting No changes allowed.


              I would recomend that if they are creating a certifying signature that they select Annotation, form fill-in, and digital signatures so that the reviewers can use Acrobat to add comments to the file if they are not planning on approving the design. That way they can return the file to the designer, and the designer can see the comments as to why the plan was not approved.

              Certify Doc dialog.jpg



              • 44. Re: Multiple digital signatures
                Julio9807 Level 1

                Actually, since we prepare letters for our comments, "Form fill-in and digital signatures" would suffice.


                Incidently we do have an official project info and ink signature template; designers paste it to the bottom right of plans and submit. CAD designs are converted to pdf and usually the digital signature is located there, that's where the "Form fill-in" should be done.


                As I said before, all this is new to us, so... Where do I learn about "Form fill-in" for digital signatures?

                • 45. Re: Multiple digital signatures
                  Julio9807 Level 1

                  A question; does the first signature always certifies the document or is this an option you must choose?


                  What if the designer is not certifying the document and just adding a signature?

                  • 46. Re: Multiple digital signatures
                    Steven Madwin Adobe Employee

                    Hi Julio,


                    The first signature is NOT automatically a certifying signatutre, it can be a regular signature. What you get with a certifying signature is the ability to restrict the document recipients from editing the file by using the drop-down list seen in the screen shot above.



                    • 47. Re: Multiple digital signatures
                      Kok-Yong Tan Level 1

                      Does whomever doing the certifying need to create all the empty, as-yet-unsigned digital signature blocks for the approvers to sign just before he certifies the document?  Or can the approvers place their own signature blocks anywhere they choose at the time they sign their approvals after the certifier has placed his certification with the options chosen as you've described?

                      • 48. Re: Multiple digital signatures
                        Steven Madwin Adobe Employee

                        It's always best for the document creator to add the signature fields in the places that they expect to be be signed as it eliminates confusion.


                        You don't need a signature field for the certifier, because when you add a certifying signature you have the option of signing invisibly (that is, there is no signature appearance). You can have a signature field for the certifying signature, you just don't have to.

                        • 49. Re: Multiple digital signatures
                          Kok-Yong Tan Level 1

                          Does that mean it's optional whether the document creator/certifier does it or the approver does it *LATER* so long as the creator/certifier selects the correct options when certifying?  Just want to ensure I don't misunderstand you and end up painting myself into a corner.


                          Usually, if it's formal enough that they require approvers' signatures visible, they'll require the creator's/certifier's signature visible as well.

                          • 50. Re: Multiple digital signatures
                            Steven Madwin Adobe Employee

                            There is no one answer here. The processed was designed so the author of the document could add the certifying signature as the first signer and thus prevent anyone from altering their work. There is no rule that the person that created the file must be the first signer of the file. However, whoever is the first signer (and only the first signer) has the option of creating a certifying signature instead of a regular (approval) signature. All subsequent signatures must be regular (approval) signatures. If the document author (creator) wants the file certified to take advantage of the locking options along with getting the blue ribbon to display in the document message bar then it is incumbent upon them to be the initial signer of the file.



                            • 51. Re: Multiple digital signatures
                              Julio9807 Level 1

                              Man, I've been browsing and reading the site and can't find a simple explanation on this feature.


                              I'm guessing we'll create a suitable signature area template which designers will add to the pdf plan, just as they have done with the current ink signature one. The requirement should be for them to create a signature box over the signature area, which they will use to sign (visible) and certificate the pdf document, then choose "form fill-in and signing" for subsequent approval signatures. Is this correct?


                              If so, we need this in every page and all signatures must be visible. How is this set?


                              Message was edited by: Julio9807

                              • 52. Re: Multiple digital signatures
                                kher23 Level 1

                                I have a similar question on multiple digital signatures. I created a form on Adobe LiveCycle Designer ES 8.2 adding mutiple digital signatures. I opened the form in Adobe Acrobat 9 Pro and I extended features in "Adobe Reader" since the staff using these will be sigining the form with their clients. I did a "trial" run signing (using Topaz) on the first line (right clicking and choosing "certify with visable signature" and selected "form fill-in and digital signautres." I sent it to a co-worker to sign. She has Adobe Pro as well, but wasn't able to sign on the second line. Any idea? I've been struggling with this for a while now and haven't used this feature because I can't get it to work. Thanks!

                                • 53. Re: Multiple digital signatures
                                  Steven Madwin Adobe Employee

                                  Hi kher23,


                                  First a bit of back-story. When Acrobat was invented 21 years ago one of the things the designers did was to make it extensible. That means that third-party software developers (i.e. someone not associated with Adobe) could create their own plug-in to extend the capabilities of Acrobat so the application would be able to do more than what Adobe had designed it to do. As long as the third-party developer kept within the scope of the PDF specification they could modify PDFs using their software running inside of Acrobat. Topaz is one of those companies. They created a plug-in that allows the end-user (in this case that would be you) to create a bio-metric digital signature by capturing your handwriting.


                                  Digital signatures based on the Topaz plug-in must be validated using the Topaz plug-in. Acrobat (or Reader) has no notion of a bio-metric signature, that concept lives in the plug-in provided by Topaz. If you sign a PDF file using the Topaz software along with their corresponding bio-metric capture device then that signature can only be validated using the same Topaz software.


                                  Also, when you create a digital signature using the Topaz software you are creating the signature based on their rules, not Adobe's. The Topaz plug-in has no notion of a "certifying signature", all it know is bio-metric handwriting capture.


                                  Please don't get me wrong, I think Topaz created a great product that provides functionality that is not part of Acrobat/Reader as it ships from Adobe. If you need a bio-metric signature then I think they do as good a job as anyone, but it's not a CMS type signature (i.e. a signature based on a public/private key-pair and the associated public-key certificate). Acrobat/Reader only understands CMS type signatures and without the Topaz plug-in has no ability to process the bio-metric signature.



                                  • 54. Re: Multiple digital signatures
                                    Matthew.Bowman Level 1

                                    Hi Steve,


                                    I am encountering an issue with the digital signature function as well. I have a form that requires 3 different signees to apply a digital signature to the form, but two of these signees must sign in two different places on the form. Is there a way that I could have them sign once and apply this signature in multiple locations so that each signee only has to save the form locally one time? I have searched for a solution to this issue and the only thing I can come up with is redesigning the form to only require one signature from each signee, but this isn't exactly what my stakeholder is looking for.




                                    • 55. Re: Multiple digital signatures
                                      Steven Madwin Adobe Employee

                                      Hi Matt,


                                      The short answer is no, you cannot duplicate signature appearances on multiple pages like you can with other form form fields.


                                      Much of the digital signature world is based on the wet ink signature world. If you are sitting with a large document (on paper) in front of you and have to sign on multiple pages, then each pages requires that you put pen to page individually. This all boils down to what happens when you go to court (if nobody ever sued anyone else then this might be different). Each signature has its own unique thumbprint and you need to count on that to prove that the signer signed what they thought they were signing and is who they say they say they are. The problem with allowing someone to sign page 1 and have the same signature appearance show up on page 7 is the signer can claim they never saw page 7 and had no notion that they were agreeing to something they hadn't seen. By have individual thumbprints for each signature you can prove that the signer did sign the document twice. PDF files can be tricky things with page templates that spawn (adding additional pages to the document) unbeknownst to the signer. If we allowed signature duplication it would open up a hole for bad guys to exploit. 



                                      • 56. Re: Multiple digital signatures
                                        Test Screen Name Most Valuable Participant

                                        The location is a really, really unimportant thing. Thinking about location shows too close an analogy to the paper based workflow. Every PDF digital signature, without exception, certifies the WHOLE PDF, and cannot be separated from that context.

                                        • 57. Re: Multiple digital signatures
                                          CevinKarney Level 1

                                          Hi Steve,


                                          So I am having an issue where I have a form that needs to be signed by 4 people. I saw earlier in this thread you mentioned that a way to do this would be to send the form out and have 1 person sign it then email it to the next person and have them go from 1 person to the next until all 4 have signed it and thus the form has all 4 signatures when it is returned. This would work fine but I was wondering if there is a way that I could send out the form to all 4 people, have them each sign it, send it back to me, and have something put all 4 forms together so that there is one form with all 4 signatures?



                                          • 58. Re: Multiple digital signatures
                                            Steven Madwin Adobe Employee



                                            If you did that you'd end up with four separate files. You could bundle them into a portfolio (the portfolio is a container that hold separate files of any type, not just PDF's), but they can never be merged them into one file PDF form file. The problem is you can never add pages to a signed file because it would break the signature. You know you are just trying to add more signatures, but Acrobat doesn't. All Acrobat see is a page has been inserted into a signed file and knows that the signer didn't sign that page, thus it invalidates the signature with a message that the signed file has been altered.



                                            • 59. Re: Multiple digital signatures
                                              joebsobe Level 1

                                              I know this is an old thread, but I am also having problems with sequential signing. We are trying to validate a workflow with Acrobat for internal use, and then use EchoSign for 21CFR compliant signatures. I have valdiated the process through EchoSign, but there are a few problems.

                                              1. Using an internal signature process, I apply a Signature with Certificate and everything I know of configured correctly. When the second person receives the file by e-mail, or opens from the network location and attempts to sign they are receiving a "file is read only" error, so the file must be save as under a new name?

                                              2. The workflow I would like to have is send the document for signature with the restrictions applied under the Certifying dialog. But then once it is signed my QAU wants to apply a final security to prevent anyone from being able to print out the final doc. The security cannot be changed because the file is signed.

                                              3. If we have a finalized document internal with signatures, when it is sent through EchoSign the signature fields are removed and EchoSign takes precedence (so it destroys the original document properties).

                                              • 60. Re: Multiple digital signatures
                                                Steven Madwin Adobe Employee

                                                Hi Joe,


                                                In its current configuration, the EchoSign electronic signature workflow is not compatible with cryptographic digital signatures. When a file is uploaded to EchoSign it is flattened, that is active form-fields are are turned into images, and then as users sign they are just adding an image to the flattened file. At the end of the electronic signature workflow the file is digitally signed with a certifying signature to preserve the integrity of the electronic signature images.


                                                The advantage of using an cryptographic digital signature is the files integrity is preserver even though it is out in the wild so to speak. With EchoSign, the integrity is provided by the file being only on the EchoSign Server which acts as a trusted third-party, backed by an audit trail that logs file access. Also access to the file is controlled by the document author (that is, the person who decides who gets to sign electronically).


                                                The bottom line is, you need to pick one work-flow that works best for you and stick with either PKC based digital signatures or server based electronic signatures.



                                                • 61. Re: Multiple digital signatures
                                                  joebsobe Level 1

                                                  Okay I will need to address that, but what about the internal issue?

                                                  Files that are worked through the steps outlined in that thread are showing as “read-only” on the receivers workstation and can’t be signed without saving under a different name.


                                                  Also is there any means of applying a security policy that will lock a document form editing/printing, but allow signatures? Would it need to be like some others in that thread where a simple signature is applied for submission and review, and then the final signature is the certifying one with no further changes?


                                                  Joe Burge


                                                  Wilson Division


                                                  252.265-5157 p

                                                  252.237.9341 f

                                                  • 62. Re: Multiple digital signatures
                                                    Steven Madwin Adobe Employee

                                                    Hi Joe,


                                                    Regarding item 1, that one I'm not 100% sure about, but one thing to check since the file is being downloaded from a server is to right mouse click on the PDF file, select properties from the pop-up menu, and see if the file is blocked. You're looking for this:


                                                    Have them try unblocking if that's the issue and see what happens.


                                                    With regard to to item 2, not since digital signatures were added to version 4 of Acrobat (security came in version 3) have you been able to encrypt, or remove encryption, on a signed file. If you want to prevent printing secure the file before the digital signatures are applied. This includes Reader Enabling a file as well as that process is a digital signature at its heart.



                                                    • 63. Re: Multiple digital signatures
                                                      joebsobe Level 1

                                                      I found my issue with write-protect Steve, thanks for your help.

                                                      If anyone else runs into a similar issue, they may be making the same mistake we were with security policy changes, versus signature allowed changes.


                                                      Applying a security policy to a document must be done after the document is complete, after forms especially signature boxes are positioned.

                                                      The process should be;

                                                      • Apply the correct security policy (collaborative review, final QA security) at the front-end

                                                      The security policy has settings for what changes are allowed after the file is saved.

                                                      If that conflicts with the permitted change choices from the signature, the file is read as write-only because the security and the signature permissions conflict.

                                                      • The file author MUST sign with a certificate signature

                                                      That locks the file from changes, traces the audit trail, and allows for revision viewing.

                                                      The allowed changes selection in the signature certificate MUST match that in the security policy or you get a read-only file (even though windows is not a read only attribute).

                                                      • The file is then saved and sent for review approval (works correctly)
                                                      • 64. Re: Multiple digital signatures
                                                        neerjaj36819175 Level 1

                                                        Hi Adobe Staff,


                                                        why a signature doesn’t work when someone else had already signed. My manager created an adobe form and he digitially signed with the company's logo and with his signature. He sent that document to me to sign on that. But I was not able to sign. Sgn section was grayed out. But when we tested on his no signature PDF, I was able to sign and then, he was able to sign. Please clear my confusion. Thanks.


                                                        • 65. Re: Multiple digital signatures
                                                          Test Screen Name Most Valuable Participant

                                                          It is a design choice. Most people want the form to be locked when it is signed.  But it is an option for the form creator.

                                                          • 66. Re: Multiple digital signatures
                                                            neerjaj36819175 Level 1

                                                            It means what the process of not locking the pdf? any suggestion?

                                                            • 67. Re: Multiple digital signatures
                                                              Steven Madwin Adobe Employee

                                                              Hi Neerja,


                                                              I'm not quite sure what work-flow you are using, but here's my guess.


                                                              If you are dealing with a document that does not contain any existing signature fields, then when you initiate the signing process Acrobat will ask you to draw (inscribe) a field somewhere on the document. After you draw the field, but before you proceed with the signing operation you have one signature field. You may consider it the first signature field, but it is also the last signature field on the document. When a signer is signing the last signature field, and only if it is the last signature field Acrobat will offer the signer the option to lock the document after signing (see screen shot below).

                                                              Last Sig Sign Dlg_1200.jpg

                                                              If there are still unsigned signature fields on the document the Lock Document After Signing checkbox is not displayed. It is possible that your boss is selecting this checkbox thereby blocking you from signing, but when you sign you are leaving the checkbox deselected, thereby allowing him to successfully sign.


                                                              If there are existing signature fields that were placed on the page(s) by the document author (creator) then it is possible that there is associated code with one of the fields that locks the document at signing time, but without seeing the file, or watching over your shoulders, this is all just speculation on my part.



                                                              • 68. Re: Multiple digital signatures
                                                                neerjaj36819175 Level 1

                                                                Great!! Good help! Thanks Steve!!

                                                                • 69. Re: Multiple digital signatures
                                                                  cindis61994726 Level 1

                                                                  I have a file that needs to get signed by up to 10 people, but it does not need to be in sequence.  One person's acceptance, or not, has no bearing on the next.  It appears the only way to obtain signatures is one at a time.  And if any choose to not sign (signifying not acceptance), the workflow stops and the remainder on the chain do not get to view/sign.  I thought I'd read there was a way to obtain parallel signatures, but can't figure that out.  Hoping you can assist.

                                                                  Thanks -


                                                                  1 2 Previous Next