2

I am new to the world of digital signature and I am trying to study about it. I found a good article here and a good tutorial here. But I have some doubts regarding digital signature. I am not sure these are any stupid questions. But I have no other best sources to clarify my doubts :)

1) Suppose a user digitally sign a pdf using his private key. After some years suppose his certificate expires. Then will other people be able to verify the pdf?

2) Suppose there is an organization and they are storing there documents in pdf, digitaly signed by an officer. Suppose that officer moved to another organization. Then will other officers in the previous organization be able to verify the signature?

3) Can two or more people sign a pdf using there own certificates?

4) Also I would like to create a web application. And I was thinking to use iTextSharp. Then how am I supposed to get certificate and passwords to server? If possible can anybody share link to a good tutorial?

Thanks in advance.

Matt
  • 1,953
  • 1
  • 19
  • 42

2 Answers2

4

1) unless the signature is timestamped, the verification will complain about expired certificate/signature. To address this shortcoming PAdES standard was offered.

2) yes, the signature in most cases is self-contained (given that trusted root certificates are still available).

3) PDF format doesn't support two independent signatures over original document, but otherwise yes, two people can sign the document consequently (i.e. the first person signs the original and the second person signs the document_with_fist_signature).

4) No way and no sense (private key must remain private and be kept on the client). Read my response to similar question here. BTW our solution will work for you.

Community
  • 1
  • 1
Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121
2

Then how am I supposed to get certificate and passwords to server?

You should not do this. If you want somebody to sign a document then you should have them download the current document, have them open the document and verify and sign the document, then upload the updated copy.

As Eugene points out it is possible for multiple people to sign a single document. How this happens is the first person fills in half the information saves and signs it the document. The second person is able to then verify the information was filled out by that first person ( it was signed by their certificate ) and fills out the second half of the document. They are unable to change any information signed by the first person ( otherwise it would become then unsigned/unverified ) but could in theory send it back asking for the first person to change the information.

I have seen this done with pdf documents in a form format.

Security Hound
  • 2,577
  • 3
  • 25
  • 42