Applying Digital Signatures
Introduction
This chapter discusses how to apply digital signatures to PDF documents. For an introduction to digital signatures and detailed information on the options, see Digital Signature Options.
- Preliminary Steps tells you what you need to know to obtain a digital ID and create a visible signature seal.
- Applying an Invisible Signature explains how to apply an invisible signature to a PDF document.
- Creating a New Signature Field tells you how to add a new signature field to a document.
- Placing a Visible Signature in an Existing Field shows you how to add a visible signature to an existing field in your document.
- Placing a Visible Signature in a New Field shows you how to simultaneously create a new field and place a visible signature in it.
Preliminary Steps
Before you can sign a document with SecurSign, you must have a digital ID file. In addition, if you want to use a custom seal for a visible signature, you must convert your graphic to PDF format.
Creating a digital ID file
SecurSign uses the information in a PKCS#12 digital ID file to apply your signature to a PDF document. A PKCS#12 file is a standard format that contains two parts: the signer’s private key and a digital certificate.
- The private key is used to encrypt the message digest when the signature is created. (For more information, see About Digital Signatures.)
- The digital certificate includes a corresponding public key that is used by the recipient to decrypt the message digest, as well as information about you, the signer.
Creating a PKCS#12 digital ID file is a two-step process.
- Obtain a digital certificate from a third-party certificate authority by following the directions on their website. The following vendors supply digital certificates known to work with Acrobat:VeriSign www.verisign.com
Thawte www.thawte.com
GlobalSign www.globalsign.comSecurSign will work with any X.509 version 3 digital certificate with a 1024 or 2048-bit key-length. Several digital ID classes are offered by the certificate authorities. A personal digital certificate, also called a personal ID or a Class 1 Digital ID, is typically used to sign emails and is appropriate for signing PDF documents with SecurSign. - Export the digital certificate from your web browser to create the PKCS#12 digital ID file.
Exporting Certificates for use with SecurSign
If you’ve acquire a digital certificate from a certificate authority, you need to export the certificate so it may be used with SecurSign.
Using Internet Explorer
Select Tools > Internet Options. Then select the Content tab and click the Certificates button. Find your certificate in the list, select it, click the Export button, and follow the instructions in the Certificate Export Wizard.) By default, the digital ID file will have a .pfx extension on a Windows system.
Using FireFox (Windows)
Select Tools > Options > Advanced tab > Encryption tab. Click the View Certificates button. Select “Your Certificates” tab. Select your certificate and click “Export”. Accept the default file type (PKCS#12).
Note: If you are evaluating SecurSign and don’t require a high degree of security for testing purposes, a simpler option is to create a self-signed digital ID instead of going through a certificate authority. See the online help in Adobe Acrobat or Adobe Reader for instructions.
Creating a custom seal
If you plan to use a custom seal for your visible signature, it must be in PDF format. Most common graphic formats, such as TIFF, GIF, and JPEG can be easily converted to PDF using Adobe Acrobat or a similar tool.
In Acrobat 9, X and XI, two methods are available for converting graphics to PDF format:
- Drag the file onto the Acrobat icon (Windows and Macintosh) or into an open Acrobat window (Windows).
- In Acrobat 9, select File > Create PDF > From File.
- In Acrobat X & XI, select File > Create > PDF from File.
Before using any PDF file for a custom seal, make sure it is not cropped. Cropped seal files do not display correctly.
- In Acrobat 7, 8 and 9 select Document > Crop Pages. Then select Crop to show whether the page is cropped. (Cropped pages have one or more margins that are greater than zero.) If the file is cropped, select Set To Zero to remove the cropping, and then select OK.
- In Acrobat X & XI, select Tools Pane on right side of Screen > Pages > Crop. Shortcut for opening Window is Ctrl + Shift + T
In order to use a seal from an existing PDF file, it’s necessary to first crop the page to the desired dimensions for the seal and then.
For more information on file conversion and page cropping, see the Adobe Acrobat online help.
Applying an Invisible Signature
The following example command applies an invisible signature to a document. The sample input file, securitysample1.pdf, is supplied with SecurSign. It is located in the samples directory where SecurSign is installed.
Command
$ secursign -sign -keypath pathname\my_key.pfx -keypass mykeypass -name "Al North" -location "London, England" -reason "Security Policy" -o pathname\SignedSampleBlind.pdf pathname\samples\securitysample1.pdf
Explanation
The -sign option instructs SecurSign to apply a signature to the input file, securitysample1.pdf, according to the remaining options. Note that quotes are used to enclose values containing spaces.
| Option | Value | Explanation |
|---|---|---|
| -sign | Instructs SecurSign to apply a signature. (Because -sign is the default, it can be omitted.) | |
| -keypath | my_key.pfx | Digital ID file used to sign the document. |
| -keypass | mykeypass | Password required to access the digital ID file. |
| -name | “Al North” | Name of the person signing the document. |
| -location | “London, England” | Location of the document signing. |
| -reason | “Company Policy” | Reason for signing the document. |
| -o | SignedSampleBlind.pdf | Output file where the results are saved. |
Result
When the command is executed, an invisible signature is applied to the input file, securitysample1.pdf. The signature may be viewed in the Signatures pane of the output file, SignedSampleBlind.pdf. The input file is not changed.
Creating a New Signature Field
This example command creates a new signature field in a document that has none. A signature can be applied to the field at a later time, as described in Placing a Visible Signature in a Existing Field. The sample input file, securitysample2.pdf, is supplied with SecurSign (see the figure below). It is located in the samples directory where SecurSign is installed.
Command
$ secursign -addfieldonly -newsigfield mysignfield -left 300 -right 600 -top 100 -bottom 10 -o pathname\NewSignatureFieldSample.pdf pathname\samples\securitysample2.pdf
Explanation
The -addfieldonly option instructs SecurSign to create a new signature field in securitysample2.pdf, and save it to NewSignatureFieldSample.pdf according to the remaining options.
| Option | Value | Explanation |
|---|---|---|
| -addfieldonly | Instructs SecurSign to create a new signature field with no signature in it. | |
| -newsigfield | mysignfield | Name of signature field to be created. |
| -left | 300 | Left side of signature field positioned 300 points from left side of uncropped page. |
| -right | 600 | Right side of signature field positioned 600 points from left side of uncropped page. |
| -top | 100 | Top of signature field positioned 100 points from bottom of uncropped page. |
| -bottom | 10 | Bottom of signature field positioned 10 points from bottom of uncropped page. |
| -o | NewSignatureFieldSample.pdf | Output file where the results are saved. |
Result
When the command is executed, a new signature field, named mysignfield, is saved in NewSignatureFieldSample.pdf (see the figure below).
Placing a Visible Signature in an Existing Field
This example command applies a visible signature to an existing field in a document. The sample input file, securitysample3.pdf, and the seal, default_seal.pdf, are supplied with SecurSign. They are located in the samples directory where SecurSign is installed. The input file contains a signature field, as shown in the figure below.
Command
$ secursign -sign -keypath pathname\my_key.pfx -keypass mykeypass -name "Beth Anderson" -location "San Francisco, CA, USA" -reason "Company Policy" -f signfield -fontsize 8 -offset 22 -o pathname\SignedSample3.pdf pathname\samples\securitysample3.pdf
Explanation
The -sign option instructs SecurSign to apply a signature to the field named signfield in securitysample3.pdf, and save it to SignedSample3.pdf according to the remaining options. Note that quotes are used to enclose values containing spaces.
| Option | Value | Explanation |
|---|---|---|
| -sign | Instructs SecurSign to apply a signature. (Because -sign is the default, it can be omitted.) | |
| -keypath | my_key.pfx | Digital ID file used to sign the document. |
| -keypass | mykeypass | Password required to access the digital ID file. |
| -name | “Beth Anderson” | Name of person signing the document. |
| -location | “San Francisco, CA, USA” | Location of the document signing. |
| -reason | “Company Policy” | Reason for signing the document. |
| -f | signfield | Name of field to sign. |
| -fontsize | 8 | Font size of signature text set to 8 points. |
| -offset | 22 | Signature text offset 22% from left edge of signature rectangle. |
| -o | SignedSample3.pdf | Output file where the results are saved. |
Result
When the command is executed, securitysample3.pdf is saved as SignedSample3.pdf with a visible signature in the field named signfield, as shown in the figure below. (The signature information is also displayed in the Signatures pane.) The -seal option is not specified, so the default graphic, default_seal.pdf, is used. SecurSign scales the seal to fit the field. For this specific signature field, a reduced -offset of 22 (default=50) and -fontsize of 8 (default=12) ensure that the signature text fits in the signature field.
Placing a Visible Signature in a New Field
Example 1 — A cropped document
This command simultaneously creates a new field on a cropped page and places a visible signature in the field. The sample input file, securitysample2.pdf, and the default_seal.pdf, are supplied with SecurSign.
If you examine the page cropping of securitysample2.pdf (Document > Crop Pages in Acrobat 9 or Tools > Pages > Crop in Acrobat X), you will see that the left and right sides are cropped by 90 points, or 1.25 inches, as shown in the figure below. This cropping must be taken into account when creating a signature field, because while SecurSign positions the field from the bottom-left of the uncropped page, Adobe Acrobat displays only the cropped portion of the page.
Note: Adobe Acrobat refers to the cropped page as the “CropBox”.
Command
$ secursign -sign -keypath pathname\my_key.pfx -keypass mykeypass -name "Frieda Jones" -location "Topeka, Kansas, USA" -reason "Document Safety" -seal pathname\default_seal.pdf -newsigfield signfield2 -left 100 -right 410 -top 100 -bottom 10 -offset 28 -fontsize 11 -o pathname\SignedSample2.pdf pathname\samples\securitysample2.pdf
Explanation
The -sign option instructs SecurSign to apply a signature to the input file, securitysample2.pdf, according to the remaining options. Note that quotes are used to enclose values containing spaces.
| Option | Value | Explanation |
|---|---|---|
| -keypath | my_key.pfx | Digital ID file used to sign the document. |
| -keypass | mykeypass | Password required to access the digital ID file. |
| -name | “Frieda Jones” | Name of person signing the document. |
| -location | “Topeka, Kansas, USA” | Location of the document signing. |
| -reason | “Document Safety” | Reason for signing the document. |
| -seal | default_seal.pdf | File that contains the signature seal. |
| -newsignfield | signfield2 | Name of signature field to be created and signed for this example. |
| -left | 100 | Left side of signature field positioned 100 points from left side of uncropped page. |
| -right | 410 | Right side of signature field positioned 410 points from left side of uncropped page. |
| -top | 100 | Top of signature field positioned 100 points from bottom of uncropped page. |
| -bottom | 10 | Bottom of signature field positioned 10 points from bottom of uncropped page. |
| -offset | 28 | Signature text offset 28% from left edge of signature rectangle. |
| -fontsize | 11 | Font size of signature text to 11 points. |
| -o | SignedSample2.pdf | Output file where the results are saved. |
Result
After the command is executed, securitysample2.pdf is saved as SignedSample2.pdf with a visible signature in a newly created signature field called signfield2 (see the figure below). The left side of the signature field appears to be positioned 10 points from the left side of the page, even though the value of the -left option is 100 points. That is because the page is cropped by 90 points on the left, and only the cropped area is displayed in Acrobat. The seal, default_seal.pdf, measures 420 x 520 points. It is reduced to fit in the signature field, signfield2, which measures 310 x 90 points. The signature text is forced to the right edge of the seal with an offset of 28%.
Example 2 — A seal with wide margins
This example command simultaneously creates a new field and places a visible signature in the field. The sample document, securitysample1.pdf, and the seal, sig.pdf, are supplied with SecurSign. They are located in the samples directory where SecurSign is installed.
The seal is a handwritten signature with wide margins around it, as shown in the figure below.
Command
$ secursign -sign -keypath pathname\my_key.pfx -keypass mykeypass -name "Jack Frost" -location "Buffalo, NY, USA" -reason "Secure Transmission" -seal pathname\samples\sig.pdf -newsigfield signfield1 -left 435 -right 690 -top 105 -bottom 0 -offset 15 -fontsize 11 -o pathname\SignedSample1.pdf pathname\samples\securitysample1.pdf
Explanation
The -sign option instructs SecurSign to apply a signature to the input file, securitysample1.pdf, according to the remaining options. Note that quotes are used to enclose values containing spaces.
| Option | Value | Explanation |
|---|---|---|
| -sign | Instructs SecurSign to apply a signature. (Because -sign is the default, it could be omitted.) | |
| -keypath | my_key.pfx | Digital ID file used to sign the document. |
| -keypass | mykeypass | Password required to access the digital ID file. |
| -name | “Jack Frost” | Name of person signing the document. |
| -location | “Buffalo, NY, USA” | Location of the document signing. |
| -reason | “Secure Transmission” | Reason for signing the document. |
| -seal | sig.pdf | File that contains the signature seal. |
| -newsignfield | signfield1 | Name of signature field to be created. |
| -left | 435 | Left side of signature field positioned 435 points from left side of uncropped page. |
| -right | 690 | Right side of signature field positioned 690 points from left side of uncropped page. |
| -top | 105 | Top of signature field positioned 105 points from bottom of uncropped page. |
| -bottom | 0 | Bottom of signature field positioned 0 points from bottom of uncropped page. Because the seal has a wide bottom margin that is the same color as the page, it will not appear to touch the bottom of the page in spite of the 0 setting. |
| -offset | 15 | Signature text offset 15% from left edge of signature rectangle. |
| -fontsize | 11 | Font size of signature text to 11 points. |
| -o | SignedSample1.pdf | Output file where the results are saved. |
Result
After the command is executed, securitysample1.pdf is saved as SignedSample1.pdf with a visible signature in a newly created signature field called signfield1. (The signature information is also displayed in the Signatures pane.) The seal, sig.pdf, measures 225 x 80 points. It does not have to be scaled to fit in the 255 x 105 point signature field. The signature text is forced over the top margin of the seal with an offset of 15%. (When using a seal without a top margin, you can achieve the same effect by increasing the height of the field.)
Convert from inches to points
All measurements in SecurSign are in points. If you are converting from inches, 1 inch is equivalent to 72 points, and an 8-1/2 x 11 inch page is equivalent to 612 x 792 points. The following table contains some common conversions.
| Inches | Points |
|---|---|
| 0.11 | 8 |
| 0.167 | 12 |
| 0.5 | 36 |
| 0.75 | 54 |
| 1.0 | 72 |
| 1.5 | 108 |
| 2.0 | 144 |
Use the correct measurements for the graphic seal
Open the seal in Adobe Acrobat or Adobe Reader and find its cropped page size. In Acrobat, move your mouse over the bottom-left corner of the document window.
This is the measurement SecurSign uses when fitting the seal into a field. If you open the image in a graphics application, you might see a different size. Do not use it for your calculations. Use the cropped page size shown in Acrobat or Reader.
Understand how SecurSign scales signature seals
SecurSign reduces the seal size if at least one dimension of the field in which it is being placed (horizontal or vertical) is smaller than the corresponding dimension of the seal. For example, when a 300 x 150 point seal is placed in a 400 x 100 point field, the seal is proportionally scaled to 200 x 100 points.
SecurSign increases the seal size if both dimensions of the field (horizontal and vertical) in which it is being placed are larger than the corresponding dimensions of the seal. For example, if a seal that’s 100 x 150 points is placed in a field that’s 200 x 400 points, the seal is proportionally scaled to 200 x 300 points.