PDF is by far the document format most often used in conjunction with digital signatures. In 1999, Adobe introduced version 1.3, which allowed for embedding digital signatures directly within PDF documents. At that time, it was common practice when signing a file to store the signature itself in a signature container in a separate signature file with the same name as the file to be signed but with a special extension such as "pkcs7". Although modern document formats such as OpenOfficeXML or OpenDocumentFormat now also allow embedding of digital signatures, this feature is hardly ever used with these formats in everyday life. If a document is to be signed, it is almost always signed as a PDF. Why is this so?
Digital signatures, or more correctly PKI-based electronic signatures, were originally specified mainly via RFCs of the IETF and PKCS documents of the RSA corporation, all independently of the document format or the data to be signed. Integration into the PDF structure was accomplished by simply attaching the external signature container to the PDF structure via a special signature dictionary. This meant that no special PDF signature format had to be defined, since the signature properties such as certificate chains, signature attributes, algorithms used, and validation information were part of a container that was opaque to PDF. In contrast to other document formats, however, PDF facilitated visualization of digital signatures using graphic and textual elements from the very beginning. The appearance of a hand-signed paper document was therefore perfect. The specification of how an integration is to be carried out, which PDF objects are involved and what exactly the scope of the signed area in the PDF is, has been part of the PDF specification since version 1.3. Currently, this is covered in chapter 12.8 of ISO 32000-1 and ISO 32000-2, among others.
The corresponding ETSI and EN standards EN 319 122 and EN 319 132 are now used as standards for the electronic signature itself, with their different variants CAdES (CMS-based Advanced Electronic Signature) for general data and XAdES (XML-based Advanced Electronic Signature) for XML data. The bridge to the integration of these signature standards in PDF is provided by the EN 319 142 PAdES (PDF Advanced Digital Electronic Signatures) standard. In addition to the four basic profiles in EN 319 142-1, EN 319 142-2 specifies three extended profiles, some of which only relate to XML content in PDF.
ISO 32000-2 also explicitly refers to this framework for signature structures, including extension by ETSI TS 119 142-3, which deals with document time-stamp digital signatures, also known as PAdES-DTS.
These numerous profiles are a result of diverse requirements for signatures in terms of evidential value, long-term verifiability and/or renewability. Thus, it is now possible to create a signature container that contains not only the actual signature but also all the certificates involved, together with their verification information. Such a signature can be reliably validated even without online access to the revocation information of the respective certificate issuers. To anchor the signature structure in the PDF, additional objects such as the DSS dictionary or the VRI dictionary allow various structures to be interlinked more optimally. At the same time, the variety of profiles and their integration into PDF also pose a major challenge for software manufacturers developing PDF-based signature applications. Achieving standard conformity and the interchangeability of appropriately signed PDFs has become anything but trivial in the age of ISO 32000-2 and the ETSI standards, as compared to the beginnings of PDF 1.3.
Adobe early recognized the potential of PDF and digital signatures to realize fully digital business processes. The dogma that any change to the PDF document after a digital signature has been applied would lead to the signature being broken was opposed to the desire to enable multiple or serial signatures. Also, the possibility of being able to change certain form fields after a digital signature would not have been feasible without softening the strict requirement of unchangeability. Fortunately, PDF has a powerful change mechanism with revisions that allow incremental changes to the document by attaching a new revision to the end of the PDF document. The difficulty now lies in validating such PDF documents, interpreting the changes made correctly in order to be able to give the final "OK" for a valid signed PDF. Together with the variety of possible signature profiles, the validation of permitted modifications to signed PDF documents is the biggest challenge for developers of PDF application software.
The PDF Digital Signatures TWG aims at serving as a discussion and information exchange platform for the members of the PDF Association who deal with digital signatures in PDF in the areas of creation, validation and presentation. Members help other members to correctly interpret the valid standards. Practical experience in implementing solutions for digital signatures in PDF documents is the special focus of this platform in order to achieve a better exchangeability of signed PDFs, and to enable a uniform view on what a standard-compliant digitally signed PDF really is.
PDF Association members are welcome to sign up for the PDF Digital Signatures TWG via the Member Area!
Dr. Bernd Wild is originally a graduate physicist. After completing his studies, he worked for several years at a computer science research center in the field of artificial intelligence and its possible applications in industrial processes. Upon obtaining his PhD, Dr. Wild was responsible for the organization and management of C/S software development at an IT service provider in the banking …