Digital signature validation

Post Reply
Woody44
Posts: 594
Joined: Wed May 22, 2019 11:56 pm

Digital signature validation

Post by Woody44 »

The response to a previous question ( https://forum.softmaker.com/viewtopic.php?f=405&t=22436 ) confirms that FlexiPDF can create digital signatures.

As an official whose job involves reviewing documents that more and more frequently now contain digital signatures (and which may have been created by Adobe Acrobat, Foxit, or other PDF applications), I need a way to verify whether or not something that appears to be a digital signature is, in fact, a valid digital signature. Does FlexiPDF include any tools to verify the validity of digital signatures?
Last edited by Woody44 on Sun Mar 31, 2024 11:14 pm, edited 2 times in total.
miguel-c
SoftMaker Team
SoftMaker Team
Posts: 1233
Joined: Wed Jun 05, 2019 12:02 pm

Re: Digital signmature validation

Post by miguel-c »

Unfortunately, FlexiPDF doesn't have that feature yet.
Woody44
Posts: 594
Joined: Wed May 22, 2019 11:56 pm

Re: Digital signmature validation

Post by Woody44 »

Is it on the list of planned improvements? If so, where is it on the list and how soon will it be implemented? If it is NOT on the list ... why not?

The business world is going digital. I work in a municipal office. I am on a committee formed by my state's State Library to update policies regarding public records to bring the policies into the digital age. The Town Clerk of the municipality learned that I am on the State Library committee, and she came by my office today for a chat. As the official custodian for the public records of the municipality, she is responsible for guiding the entire municipal government into the municipal age -- and she admitted that she has no idea where to begin. Which means I have probably just been "volunteered" for another committee.

The whole point of a digital signature -- as opposed to just a scanned JPEG of a physical signature that can be pasted into a document -- is that a digital signature can be authenticated. Since for most record keeping purposes PDF/A is currently the recommended file format for archival documents, a PDF reader or editor that doesn't provide a tool for authenticating the validity of digital signatures is going to be an orphan -- useless.

In addition, the FlexiPDF virtual printer driver (for FlexiPDF 2019) doesn't include any option to "print" to PDF/A standards. PDF/A is pretty much the recognized standard for archival record purposes by most government entities (federal, state, county, and municipal) that have adopted any digital record protocols. So it is important that FlexiPDF also incorporate the ability to "print" to PDF/A standards -- preferably to PDF/A-3, which is the current standard for U.S. government agencies.


Point number 3: In reading up on my state's standards for PDF archival records, the protocol also specifies a number of items of file metadata that must be incorporated into the file or attached to it in some way. PDF readers (which would mean FreePDF as well as FlexiPDF) need to be able to access and display document metadata of the program is going to be useful in settings and applications involving public, archival records. And the programs that create archival PDFs (FlexiPDF) must also offer a way to enter or attach metadata.

[Edit to add] After poking around a bit in both FlexiPDF 2019 and FreePDF 2022, I see that there is a provision to display at least some metadata, and to enter and edit it. I won't be in the office on Friday, but I will try to remember to consult the State's archival document protocol next week, because my recollection is that they ask for (meaning require) more pieces of metadata than are displayed in FllexiPDF and FreePDF.
miguel-c
SoftMaker Team
SoftMaker Team
Posts: 1233
Joined: Wed Jun 05, 2019 12:02 pm

Re: Digital signmature validation

Post by miguel-c »

FlexiPDF is a PDF editor. As soon as you edit a PDF, the digital signature loses its validity.
However we recognize that it would be important to be able to have digital signature validation because some of our clients use FlexiPDF as a PDF viewer by default.
We wish to implement it, but we don't have any concrete dates yet.
miguel-c
SoftMaker Team
SoftMaker Team
Posts: 1233
Joined: Wed Jun 05, 2019 12:02 pm

Re: Digital signmature validation

Post by miguel-c »

It just crossed my mind that you probably are not aware that FlexiPDF has a Digital Signature panel.
Go to View | Sidebards | Digital signatures
There you'll be able to see the signatures on the file, but FlexiPDF immediately invalidates the certificate because it is an editor.
Woody44
Posts: 594
Joined: Wed May 22, 2019 11:56 pm

Re: Digital signmature validation

Post by Woody44 »

I know the difference between an editor and a reader. Adobe Acrobat is also a PDF editor, but it doesn't invalidate a digital signature the moment you open a file -- it only invalidates the digital signature if/when you make an edit. But when you open a digitally-signed file in Acrobat, it immediately displays a notice across the top of the window that informs the viewer of the digital signature status. It has done this since at least as far back as Acrobat 9. If merely opening the file or looking at the digital signatures in it immediately invalidates the signatures -- that's a serious bug.

It should be possible to use a PDF editor as a reader, also. When I am in the municipal office where I work on a part-time basis, the only PDF reader I have is Acrobat 9. There has never been an issue with using it as a reader, but the ability to edit is invaluable when creating or merging documents.

I'm attaching a screen shot of the alert Acrobat 9 offers. This document happens to have an expired certificate, and that's exactly what we need to know when opening documents that purport to have been digitally signed. If you're saying that FlexiPDF is an editor so it shouldn't check for valid digital signatures, then logic would suggest that FreePDF should perform this check ... but I don't think it does.

Snell_Digital_Signature_Acrobat9.jpg
Woody44
Posts: 594
Joined: Wed May 22, 2019 11:56 pm

Re: Digital signmature validation

Post by Woody44 »

miguel-c wrote: Fri May 12, 2023 1:06 pm It just crossed my mind that you probably are not aware that FlexiPDF has a Digital Signature panel.
Go to View | Sidebards | Digital signatures
There you'll be able to see the signatures on the file, but FlexiPDF immediately invalidates the certificate because it is an editor.
Is this new in FlexiPDF 2022? I only have FlexiPDF 2019, because I can't work with the ribbon-style menu and (unlike TextMaker) FlexiPDF doesn't offer the option of a classic menu structure. I don't see a selection for digital signatures in the View menu in FlexiPDF 2019. It is there in FreePDF 2022, and it properly displays the digital signature in the sample document.

If FreePDF, which is not an editor, can display information to validate digital signatures in a file, why would displaying the same information in FlexiPDF invalidate the signature in the file just because I opened it and looked at it?
miguel-c
SoftMaker Team
SoftMaker Team
Posts: 1233
Joined: Wed Jun 05, 2019 12:02 pm

Re: Digital signmature validation

Post by miguel-c »

Yes, it's a FlexiPDF 2022 feature. FlexiPDF 2019 doesn't have it.
Woody44
Posts: 594
Joined: Wed May 22, 2019 11:56 pm

Re: Digital signmature validation

Post by Woody44 »

miguel-c wrote: Sun May 14, 2023 9:41 pm Yes, it's a FlexiPDF 2022 feature. FlexiPDF 2019 doesn't have it.
Thank you. If it works the same in FlexiPDF as it works in FreePDF, that's what we need for validating digital signatures. The only thing better would be if it would be done automatically, when the file is opened. Adobe Acrobat and Adobe Reader check this automatically, but Bluebeam does not. Having the check performed automatically would be nice, but it is not necessary as long as there is an easy way to perform the check manually.

But I do not understand why checking the validity of the digital signature would invalidate it. That doiesn't make sense. It doesn't invalidate the signature in FreePDF, in Adobe Reader, in Adobe Acrobat, or in Bluebeam. Why would FlexiPDF do that?
SuperTech
SoftMaker Team
SoftMaker Team
Posts: 3196
Joined: Wed Mar 11, 2020 5:31 pm

Re: Digital signature validation

Post by SuperTech »

I have forwarded this as an improvement suggestion.
Woody44
Posts: 594
Joined: Wed May 22, 2019 11:56 pm

Re: Digital signature validation

Post by Woody44 »

Another follow-up to the recent notification that SoftMaker has taken over direct control of the future development of FlexiPDF (and, I hope, FreePDF as well).

The attached image is a screen shot from the free FoxIt PDF Reader. I have highlighted where it automatically pops up a panel notifying the view that a valid digital signature has been attached. This is the functionality that's lacking on FlexiPDF and FreePDF. It's nice that FlexiPDF now has a way to verify digital signatures, but to be competitive with other products in the marketplace I respectfully suggest that it needs to be automatic. I also suggest that it should work in FreePDF as well as in FlexiPDF.

The free FoxIt Reader also allows digitally signing PDF documents. The free FoxIt Reader, like the free Adobe Reader, also includes measuring tools. I know these suggestions have been made before, but with the change in development hierarchy I would like to repeat my request. I know first-hand that my department at work (municipal government office) wouldn't even look at FlexiPDF because of the lack of digital signature validation tools and measuring tools. I tried to have FlexiPDF added to the list of contenders but, like the proverbial lead balloon, it never got off the ground because of these two issues.
Attachments
FoxIt_Screenshot.jpg
Woody44
Posts: 594
Joined: Wed May 22, 2019 11:56 pm

Re: Digital signature validation

Post by Woody44 »

I would like to add a further thought regarding digital signature verification:

The whole point of digital signatures and third-party verification is to allow viewers to ascertain that the digital signatures on a document are valid. Digital signatures are supposed to work such that the digital signature is removed or invalidated if the document is changed after the digital signature was affixed. If the digital signature is invalidated by the simple act of opening the document to view it -- that completely undermines the concept of digital signatures.

If this is really the way FlexiPDF (and FreePDF!) work(s), I respectfully suggest that it needs to be changed. Digital signatures should be invalidated only if/when a document is edited, not upon opening to view it.
Post Reply

Return to “FlexiPDF 2022”