Technical Note 0006 – Digital Signatures in PDF/A-1
Digital signatures are primarily used to check the integrity of the signed part of the document. They also can be used to authenticate the signers identity and determine the time of signing. The concept of digital signatures was introduced in PDF 1.3 and thus is part of the ISO 19005-1 standard.
PDF 1.5, 1.6, 1.7 documents can also be PDF/A-1 confirming if they meet the requirements of the standard. This applies in particular to digital signatures, where for example the appearance stream must obey the rules of the standard whereas the cryptographic message syntax may conform to newer versions. Therefore higher versions than 1.4 are mentioned in this TechNote where appropriate.
PDF Reference 1.4 defines how digital signatures are to be embedded into a document. There are aspects of the digital signature that are impacted by the PDF/A-1 standard, e.g. fonts and colors. However, the standard does not make any statements about the semantics, i.e. on how signatures are created and validated. The semantics of digital signatures is left up to the corresponding signature handlers which are uniquely identified by registered names. Furthermore, PDF/A-1 does not require that conforming readers be able to validate digital signatures.
The main purpose of this TechNote is to help manufacturers of PDF/A-1 conforming producers to correctly embed digital signatures. Discussions about the structure of the signature value (cryptographic message syntax) and the long term quality of specific signature techniques are beyond the scope of this TechNote.
In order to verify the statements made here, a test implementation of a signature handler has been used to create, embed and validate a PDF/A-1 conforming digital signature. The PDF/A-1 conformance has been tested using Acrobat 8.0 Preflight. The signature validation has been tested using the signature handler plug-ins of Acrobat 5.0, 6.0, 7.0 and 8.0.