Information Security
digital-signature pdf documents
Updated Fri, 24 Jun 2022 23:27:16 GMT

Self signed signature in PDF


I am asking for a very simple "dumbed-down" answer for a newbie.

Using Adobe Acrobat I can create a self-signed certificate and sign a document as anybody. I can use anyone's name and anyone's signature image.

So what's the point? If I can sign as anyone, what value does this add to the document. Does it prove anything?




Solution

Self-signing a document is not meant to prove that you are you or that you wrote it. It provides a way for you and the recipient to be assured that you are using the same file.

In order for this to work, yes, there needs to be some sort of agreement between the parties that they are talking to who they think they are talking to, but assuming that is established, then the parties know that the file is the same.

Have you seen file downloads where they list the MD5 hash of the file? Same idea. By comparing the signature to the trusted, known source reference (the hash, or in this case, the digital cert) the recipient can be assured. For a file, where the source might ultimately not be known, by including a name, then anyone who receives the file knows who to contact to check on its authenticity.





Comments (3)

  • +0 – Thanks Schroder. Great simple explanation. We are a small business of around 40 people. Managers are obsessed with seeing a staff signature at the bottom of our internal company forms as a method of authorizing the form. I guess self-signed signature is not the best method then. Can you suggest another free/cheap method where we would be assured the person placing the signature is actually the real person. — Jun 30, 2017 at 09:08  
  • +0 – Yes: use a digital signing service tied to your internal authentication service - I am not sure what is possible for Adobe. Did you know that Windows tags all files with the name of the account on which the file was created? You could use that to verify signatures. — Jun 30, 2017 at 09:13  
  • +0 – Excellent. The whole obsession with placing a signature is quite stupid in these days of electronic traceability. — Jun 30, 2017 at 09:20