Certifying and Locking file InvalidatesCertification and Signatures in Acrobat 9.0.0

I am running Adobe Acrobat Professional 9.0.0. After creating a PDF document from within Microsoft Word, and it opens in Adobe Acrobat Professional, I performed the following steps:

Select Forms => Add or Edit Forms.

Select the digital signature tool and create three forms.

Select Close Form Editing.

Right click the first form and select Certify with Visible Signature.

Set Permitted Actions After Signing to Form Fill in and digital signatures.

Select Sign.

Save the document, replacing the original file.

Click on the second field, to sign it, and select sign.

Save the document, replacing the original file.

Click on the third field, to sign it.

Select Lock Document After Signing, and select sign.

Save the document, replacing the original file.

I then find that the certification and the first signature are invalid. Only the last field to be signed is valid. Why is the previous signature and certification invalid? This only appears to occur if I both certify and lock the document when signing the last field. If I view the document in Adobe Reader 9, the result is the same. However, if I view the document in Adobe Reader 8 the certification and all the signatures are valid, as expected.

Any assistance much appreciated.

Regards,

David,
Canberra, Australia.

Each new signature changes the file. So the previous signature can no longer certify that the file has not changed. This is how all versions of Acrobat have behaved.

David,

You need to use the Adobe's sectional signing feature to resolve the problem. On double clicking a signature field, go to Signed tab, select the 2nd radio button named Mark as read-only and select "All Fields Except These" in the dropdown adjacent to the radio button.

Now, click the button labeled "Pick" and select the other signature fields except the one whose properties are being modified e.g. while editing the 1st signature field, select 2nd and 3rd signature fields. Perform this operation for all the 3 signature fields and you can sign the signature fields in any order without the document getting invalidated.

Atin

Thanks for the responses Geo & Atin,

Geo,

Maybe I'm misunderstanding what you're saying, but <http://www.adobe.com/devnet/reader/articles/reader_compatibility/readercomp_digitalsignatures.pdf> seems to indicate otherwise. Specifically:

"In Acrobat 9, when additional signatures are applied to a document, the earlier signatures continue to have the Valid status, subject to the certificate validation rules that have been part of Acrobat's signature processing for a number of releases.

In Acrobat 8, all signature appearances except the last one would have changed their status to "Valid with subsequent changes" (green check with a yellow warning triangle) if their certificate was still valid."

So I read this that in neither version should the signature be "invalidated" by simply applying another signature, but in version 8 it showed the triangle warning, and in version 9 nothing would change. Indeed nothing does change in version 9 and it works EXACTLY as described above providing I don't both certify AND lock the document. I still don't understand why just the extra locking step violates the "certificate validation rules".

Atin,

I carried out the steps that you described, and it works thank you. I notice that the lock option is not present when I sign the last field now, but presumably this is because by the time the last field in signed, with the settings you describe the document is effectively fully locked anyhow?

Now my problem is, is there any way of setting up templates of the signature fields laid out in the correct position, with the settings that you describe that I can use repeatably on many documents? I wish to use this function to electronically sign technical drawings which are drawn in a CAD package using a template based title block with 'drawn by', 'checked' and 'approved' fields etc. Each drawing may also have many sheets, each with the same fields in the title block. My concern is that to manually place digital signature fields in these 3 spaces in every title block after creating the PDF's, and then apply the settings you describe before certifying (at 'drawn by') and distributing for sign off at 'checked' and 'approved' is going to be a very time consuming and inefficient process. Am I missing something?

Regards & thanks again,

David.

Dave,

I dont know any signature field template but there is one option I can suggest (don't know how feasible it would be for you). You can create templates of the drawings with signatures placed at the correct position and then use the appropriate template as and when required. You will need to create a process/application to automatically figure out the template to be picked for the drawing.

Thanks,
Atin

The steps you indicate in your first post should work fine. I am easily able to reproduce the problem, however. It looks like a bug. If you don't lock the document in the last step, the signatures all look good. Since it doesn't sound like your document has form fields, you can just not lock it in the last step for now. I'll report more information when I investigate more.

As to your second question about automating the process of adding the fields to the converted cad documents once they become PDF, I would suggest writing a Javascript that adds the fields in the right places. You can make it an locally installed Javascript (not one that goes in the document) and add a menu item that invokes it. Then, you open the cad document, run the menu item (which will add the fields), and then save (or certify/sign and save).

Depending on your specific workflow, you might have several scripts that add different number of fields or add them in different locations if those are options you need.

Atin I'm not sure what you mean by 'create templates of the drawings with signatures placed at the correct positions'. This is exactly what I want to do, but in your first sentence you imply this is not possible? The drawing title blocks are already based on templates, but these are templates within the CAD application which is of no use to me as the CAD application has no concept of digital signatures.

I think the Javascript method Philip suggests may work such that I can run a script within Adobe Acrobat after creating the PDF in the CAD application, though so will investigate further with some colleagues that are familiar with Javascript.

Thanks guys.

David.

The invalid signature problem looks like an interaction between certification and the setting of lock-the-document. If you leave either one of those out, the signatures should be fine. We'll have to get that fixed.

thanks
phil

Philip,

The reason I was attempting to lock the document is that I notice that if it's not locked, the user who signed a field can come back later and clear the signature field and save the file (either in Adobe Acrobat or Adobe Reader), allowing either another user or the same user to sign it at a later date. However, locking the document prevents the signatures from being cleared even by the signer.

Independently to your latest post, in testing this, I notice what looks like another bug. If a user signs a document (using Adobe Acrobat or Adobe Reader) and locks it when signing the last field, none of the signature fields can subsequently be cleared in Adobe Reader, as expected. However, in Adobe Acrobat, the signature fields in the same document can be cleared, and when the field that the lock operation was performed against is cleared, the document can be saved. Even if the field that the lock operation was performed against can't be cleared (e.g. it was signed by a different user), while the Save command is unavailable, Save As is still available and the document can be overwritten. Surely this is a bug, or else the term 'lock' is meaningless? I.e. Once locked, none of the fields should be able to be cleared by either Adobe Acrobat or Adobe Reader?

Thanks for your further assistance. Are you an Adobe employee/developer?

Regards,

David.

There are two points of view: 1) Signing a document is creating a permanent record that should never be changed, lost, edited, etc. 2) Signing is indicating approval of a step in a workflow but it is perfectly reasonable to notice a typo, clear your signature, fix it, resign, and move on.

Both viewpoints are valid. It sounds like you fall more into the first than the second, but it seems signature users are close to evenly divided.

Signatures in general, and in PDF, are a detection method (in addition to non-repudiation and the other properties). When the PDF document is in physical posession of the signer, there is nothing that Acrobat, the PDF standard, or anyone else can really do to prevent the user from deleting the file or harming it in other arbitrary ways.

If preservation of signed records is an important requirement, use of PDF needs to be coupled with a secure repository of some kind that provides the physical preservation of the document. Policies for modifications on new versions of the document can then be implemented which can't really be done for documents in the wild.

Enough on philosophy. There are many variations on environments and permissions so I can only make a general statement, but
- Save is available if the document is modified
- Save As is available all the time
- Clear signature should be available only for signatures that you have the credential that signed
- Lock document should prevent clearing other signatures, but doesn't seem to in Acrobat as you noted, but clearing the signature does invalidate the locking signature as it should.

So there are some nits that should be fixed and the biggest problem is probably the bad interaction between certification and locking.

These are great observations you have made and we really appreciate it!

Yes, I do work for Adobe in the Acrobat security group.

thanks
phil