User Guide Cancel

Validating digital signatures

  1. Acrobat User Guide
  2. Introduction to Acrobat
    1. Access Acrobat from desktop, mobile, web
    2. Introducing the new Acrobat experience
    3. What's new in Acrobat
    4. Keyboard shortcuts
    5. System Requirements
  3. Workspace
    1. Workspace basics
    2. Opening and viewing PDFs
      1. Opening PDFs
      2. Navigating PDF pages
      3. Viewing PDF preferences
      4. Adjusting PDF views
      5. Enable thumbnail preview of PDFs
      6. Display PDF in browser
    3. Working with online storage accounts
      1. Access files from Box
      2. Access files from Dropbox
      3. Access files from OneDrive
      4. Access files from SharePoint
      5. Access files from Google Drive
    4. Acrobat and macOS
    5. Acrobat notifications
    6. Grids, guides, and measurements in PDFs
    7. Asian, Cyrillic, and right-to-left text in PDFs
  4. Creating PDFs
    1. Overview of PDF creation
    2. Create PDFs with Acrobat
    3. Create PDFs with PDFMaker
    4. Using the Adobe PDF printer
    5. Converting web pages to PDF
    6. Creating PDFs with Acrobat Distiller
    7. Adobe PDF conversion settings
    8. PDF fonts
  5. Editing PDFs
    1. Edit text in PDFs
    2. Edit images or objects in a PDF
    3. Rotate, move, delete, and renumber PDF pages
    4. Edit scanned PDFs
    5. Enhance document photos captured using a mobile camera
    6. Optimizing PDFs
    7. PDF properties and metadata
    8. Links and attachments in PDFs
    9. PDF layers
    10. Page thumbnails and bookmarks in PDFs
    11. PDFs converted to web pages
    12. Setting up PDFs for a presentation
    13. PDF articles
    14. Geospatial PDFs
    15. Applying actions and scripts to PDFs
    16. Change the default font for adding text
    17. Delete pages from a PDF
  6. Scan and OCR
    1. Scan documents to PDF
    2. Enhance document photos
    3. Troubleshoot scanner issues when scanning using Acrobat
  7. Forms
    1. PDF forms basics
    2. Create a form from scratch in Acrobat
    3. Create and distribute PDF forms
    4. Fill in PDF forms
    5. PDF form field properties
    6. Fill and sign PDF forms
    7. Setting action buttons in PDF forms
    8. Publishing interactive PDF web forms
    9. PDF form field basics
    10. PDF barcode form fields
    11. Collect and manage PDF form data
    12. About forms tracker
    13. PDF forms help
    14. Send PDF forms to recipients using email or an internal server
  8. Combining files
    1. Combine or merge files into single PDF
    2. Rotate, move, delete, and renumber PDF pages
    3. Add headers, footers, and Bates numbering to PDFs
    4. Crop PDF pages
    5. Add watermarks to PDFs
    6. Add backgrounds to PDFs
    7. Working with component files in a PDF Portfolio
    8. Publish and share PDF Portfolios
    9. Overview of PDF Portfolios
    10. Create and customize PDF Portfolios
  9. Sharing, reviews, and commenting
    1. Share and track PDFs online
    2. Mark up text with edits
    3. Preparing for a PDF review
    4. Starting a PDF review
    5. Hosting shared reviews on SharePoint or Office 365 sites
    6. Participating in a PDF review
    7. Add comments to PDFs
    8. Adding a stamp to a PDF
    9. Approval workflows
    10. Managing comments | view, reply, print
    11. Importing and exporting comments
    12. Tracking and managing PDF reviews
  10. Saving and exporting PDFs
    1. Saving PDFs
    2. Convert PDF to Word
    3. Convert PDF to PPTX
    4. Convert PDF to XLSX or XML
    5. Convert PDF to JPG
    6. Convert PDF to PNG
    7. Convert or export PDFs to other file formats
    8. File format options for PDF export
    9. Reusing PDF content
  11. Security
    1. Enhanced security setting for PDFs
    2. Securing PDFs with passwords
    3. Manage Digital IDs
    4. Securing PDFs with certificates
    5. Opening secured PDFs
    6. Removing sensitive content from PDFs
    7. Setting up security policies for PDFs
    8. Choosing a security method for PDFs
    9. Security warnings when a PDF opens
    10. Securing PDFs with Adobe Experience Manager
    11. Protected View feature for PDFs
    12. Overview of security in Acrobat and PDFs
    13. JavaScripts in PDFs as a security risk
    14. Attachments as security risks
    15. Allow or block links in PDFs
  12. Electronic signatures
    1. Sign PDF documents
    2. Capture your signature on mobile and use it everywhere
    3. Send documents for e-signatures
    4. Create a web form
    5. Request e-signatures in bulk
    6. Collect online payments
    7. Brand your account
    8. About certificate signatures
    9. Certificate-based signatures
    10. Validating digital signatures
    11. Adobe Approved Trust List
    12. Manage trusted identities
  13. Printing
    1. Basic PDF printing tasks
    2. Print Booklets and PDF Portfolios
    3. Advanced PDF print settings
    4. Print to PDF
    5. Printing color PDFs (Acrobat Pro)
    6. Printing PDFs in custom sizes
  14. Accessibility, tags, and reflow
    1. Create and verify PDF accessibility
    2. Accessibility features in PDFs
    3. Reading Order tool for PDFs
    4. Reading PDFs with reflow and accessibility features
    5. Edit document structure with the Content and Tags panels
    6. Creating accessible PDFs
    7. Cloud-based auto-tagging
  15. Searching and indexing
    1. Creating PDF indexes
    2. Searching PDFs
  16. Multimedia and 3D models
    1. Add audio, video, and interactive objects to PDFs
    2. Adding 3D models to PDFs (Acrobat Pro)
    3. Displaying 3D models in PDFs
    4. Interacting with 3D models
    5. Measuring 3D objects in PDFs
    6. Setting 3D views in PDFs
    7. Enable 3D content in PDF
    8. Adding multimedia to PDFs
    9. Commenting on 3D designs in PDFs
    10. Playing video, audio, and multimedia formats in PDFs
    11. Add comments to videos
  17. Print production tools (Acrobat Pro)
    1. Print production tools overview
    2. Printer marks and hairlines
    3. Previewing output
    4. Transparency flattening
    5. Color conversion and ink management
    6. Trapping color
  18. Preflight (Acrobat Pro)
    1. PDF/X-, PDF/A-, and PDF/E-compliant files
    2. Preflight profiles
    3. Advanced preflight inspections
    4. Preflight reports
    5. Viewing preflight results, objects, and resources
    6. Output intents in PDFs
    7. Correcting problem areas with the Preflight tool
    8. Automating document analysis with droplets or preflight actions
    9. Analyzing documents with the Preflight tool
    10. Additional checks in the Preflight tool
    11. Preflight libraries
    12. Preflight variables
  19. Color management
    1. Keeping colors consistent
    2. Color settings
    3. Color-managing documents
    4. Working with color profiles
    5. Understanding color management

Before you begin

We're rolling out a new, more intuitive product experience. If the screen shown here doesn’t match your product interface, select help for your current experience.

In the new experience, the tools appear on the left side of the screen.

What is a digital signature?

Digital signatures are a secure and efficient way to electronically sign and authenticate documents, ensuring their authenticity and integrity. By using digital signatures, you can sign documents quickly and easily, and be confident that they can’t be tampered with or forged.

Why validate a digital signature?

When you receive a signed document, you may want to validate its signature to verify the signer and the signed content. Depending on how you’ve configured your application, validation may occur automatically. Signature validity is determined by checking the authenticity of the signature’s digital ID certificate status and document integrity.

To verify authenticity, the validator checks if the signer's certificate or its parent certificates are trusted. The validity of the signing certificate is also checked based on the user's Acrobat or Acrobat Reader settings.

To verify document integrity, the validator checks if the signed content was altered after signing. If changes were made, the verification ensures that the signer allowed the changes.

set-signature-preferences

Set preferences for validating digital signatures

You can set verification preferences in advance so digital signatures are valid when you open a PDF and verification details appear with the signature. When Digital Signatures are validated, an icon appears in the document message bar to indicate the signature status.

  1. Select the hamburger menu   (Windows®), or go to Acrobat (macOS)> Preferences.

  2. In the Preferences dialog box, from under categories, select Signatures.

  3. From the Verification box in the Digital Signatures panel, select More...

    set-digital-sign

  4. In the 'Signature Verification Preferences' dialog that opens, you can control the following settings: 

    • Set automatic validation of signatures: With the Verify signatures when the document is opened check box selected, Acrobat automatically validates all signatures in a PDF when you open the document.
    • Set verification behavior: The options specify methods that determine which plug-in to choose when verifying a signature. The appropriate plug-in is often selected automatically. Contact your system administrator about specific plug-in requirements for validating signatures.
    • Check the revocation status of certificates: With the Require certificate revocation checking to succeed... checkbox selected, Acrobat checks certificates against a list of excluded certificates during validation. If you deselect the check box, the revocation status for Acrobat Approval signatures is ignored. The revocation status is always checked to certify signatures.
    • Use expired timestamps: The option is selected by default. It uses the time mentioned in the timestamp or embedded in the signature, even if the signature’s certificate has expired. If you deselect the check box, Acrobat discards expired timestamps.
    • Set verification for time: You can select the appropriate options under 'Verification time' to check the time at which the signature was created, to check the timestamp embedded in the signature, or to check the current time. 
    • Add verification information: Select appropriate options under 'Verification information' to add verification information to the signed PDF or to alert the user when the verification information is too large.
    • Configure to trust the root certificates in the Windows® certificate store: You can specify whether to trust all root certificates in the Windows® Certificates store for:
      • Validating signatures: Certificates are trusted for Acrobat Approval signature validation.
      • Validating certified documents: Certificates are trusted for certification signature validation.

    Note: Selecting these options can compromise security.

Set the trust level of a certificate

In Acrobat or Acrobat Reader, the signature of a certified or signed document is valid if you and the signer have a trust relationship. The trust level of the certificate indicates the actions for which you trust the signer.

You can change the trust settings of certificates to allow specific actions. For example, you can change the settings to enable the dynamic content and embedded JavaScript™ within the certified document.

  1. Navigate to the hamburger menu   (Windows) or the Acrobat menu (macOS) > Preferences > Signatures.

  2. For identities & Trusted Certificates, select More...

  3. From the left panel, select Trusted Certificates.

    set-digital-id-certificates

  4. Select a certificate from the list and then select Edit Trust.

  5. In the Edit Certificate Trust dialog that opens, select any of the following items to trust the certificate:

    • Use this certificate as a trusted rootA root certificate is an originating authority in a chain of certificate authorities that issued the certificate. By trusting the root certificate, you trust all certificates issued by that certificate authority.
    • Signed documents or data: It acknowledges the identity of the signer.
    • Certified documents: It trusts documents in which the author has certified the document with a signature. You trust the signer for certifying documents, and you accept actions that the certified document takes.
      When the 'Certified documents' option is selected, the following options are available:
      • Dynamic content: It allows movies, sound, and other dynamic elements to play in a certified document.
      • Embedded high privilege JavaScript™: It allows privileged JavaScript™ embedded in PDF files to run. JavaScript™ files can be used in malicious ways. It’s prudent to select this option only when necessary on certificates you trust.
      • Privileged system operations: It allows Internet connections, cross-domain scripting, silent printing, external-object references, and import/export methodology operations on certified documents.
    Note:

    Allow Embedded high privilege JavaScript™ and Privileged system operations only for sources that you trust and work closely with. For example, use these options for your employer or service provider.

  6. Select OK

For more information, see the Digital Signature Guide at www.adobe.com/go/acrodigsig.

Note:

You can right-click a signature field in the Signatures panel to do most signature-related tasks, including adding, clearing, and validating signatures. In some cases, however, the signature field becomes locked after you sign it.

Sign in preview mode for document integrity

When document integrity is critical for your signature workflow, you can enable 'View documents in Preview mode', and then sign the document. This feature analyzes the document for content that may alter the look and feel of the document and suppresses such content to allow you to view and sign the document in a static and secure state.

By signing in preview mode, you can find if the document contains:

  • Any dynamic content or external dependencies.
  • Any constructs such as form fields, multimedia, or JavaScript™ that may affect its look and feel. 

After reviewing the report, you can contact the author of the document about the problems listed in the report.

  1. Navigate to the hamburger menu   (Windows) or the Acrobat menu (macOS) > Preferences > Signatures.

  2. For Creation & look and feel, select More...

    set-sign-appearance

  3. Select View documents in Preview Mode checkbox.

  4. On the PDF, select the signature field and select Sign Document.

    The document message bar appears with the compliance status and options.

  5. Optionally, from the document message bar, select View Report (if available) and select each item in the list to show details. Once done, close the PDF Signature Report dialog box.

  6. If you’re satisfied with the compliance status of the document, from the document message bar, select Sign Document and add your digital signature.

  7. Save the PDF using a different name than the original and close the document without making any further changes.

Certify a PDF

Certifying a PDF means approving its contents and specifying what changes are allowed for the document to remain certified. For example, a government agency creates a form with signature fields and certifies it, allowing users to only change form fields and sign the document. Removing pages or adding comments will result in losing the certified status.

A certifying signature can only be applied if the PDF has no other signatures. These signatures can be visible or invisible, and a blue ribbon icon   in the Signatures panel confirms a valid certifying signature. Adding a certifying digital signature requires a digital ID.

  1. Remove content that may compromise document security, such as JavaScripts, actions, or embedded media.

  2. From the All tools menu, select Use a certificate

  3. From the Use a certificate menu on the left, select one of the following options:

    • Certify (visible signatures): It places a certified signature in either an existing digital signature field (if available) or in the location you designate.
    • Certify (invisible signatures): It certifies the document, but your signature appears only in the signatures panel.
  4. Follow the onscreen instructions to place the signature (if applicable), specify a digital ID, and select the Permitted Actions After Certifying option if required.

    Note:

    If signing in Preview mode is enabled, select Sign Document in the document message bar.

  5. Save the PDF using a different filename than the original file, and then close the document without making more changes. It’s a good idea to save it as a different file so that you can retain the original unsigned document.

Timestamp a document

Acrobat allows users to add a document timestamp to a PDF without needing an identity-based signature. To timestamp a PDF, a timestamp server is needed. See how to configure a timestamp server.
A timestamp guarantees the authenticity and existence of a document at a specific time and complies with ETSI 102 778 PDF Advanced Electronic Signatures (PAdES) standard. 

  1. Open the document to which you want to add a timestamp.

  2. From the All tools menu, select Use a certificate

  3. From the Use a certificate menu on the left, select Timestamp.

  4. In the Choose Default Timestamp Server dialog that opens, select a default timestamp server from the list, or add a new default timestamp server.

  5. Select Next and then save the document with the timestamp.

Validate a digital signature

If the signature status is unknown or unverified, manually validate it to identify the issue and find a potential solution. In case the signature status is invalid, you must contact the signer to resolve the issue.

For more information about signature warnings, and valid and invalid signatures, see Digital Signature Guide.

You can assess the validity of a digital signature and timestamp by checking the signature properties.

  1. Open the PDF containing the signature and then select the signature.

    The Signature validation status dialog box describes the validity of the signature.

  2. For more information about the Signature and Timestamp, select Signature Properties.

  3. In the Signature properties dialog box, review the Validity Summary that may display one of the following messages:

    • Signature date/time are from the clock on the signer's computerThe time is based on the local time on the signer’s computer.
    • Signature is time-stampedThe signer used a Timestamp Server and your settings indicate that you have a trust relationship with that timestamp server.
    • Signature is time-stamped but the timestamp couldn’t be verifiedTimestamp verification requires obtaining the timestamp server's certificate to your list of trusted identities. Check with your system administrator.
    • Signature is time-stamped but the timestamp has expiredAcrobat validates a timestamp based on the current time. This message is displayed if the timestamp signer's certificate expires before the current time. To accept an expired timestamp, go to the hamburger menu   (Windows) or the Acrobat menu (macOS) > Preferences > Signatures > Verification: More... and then in the Signature Verification Preferences dialog box, select Use expired timestamps. It displays an alert message when validating signatures with expired timestamps.
  4. For details about the signer’s certificate, such as trust settings or legal restrictions of the signature, select Show signer’s certificate in the Signature properties dialog box.

    If the document was modified after it was signed, check the signed version of the document and compare it to the current version.

Validate all digital signatures

  1. Open the PDF for which you want to validate all digital signatures.

  2. From the global bar in the upper-left, select All tools.

  3. From the All tools pane, select Use a certificate > Validate all signature.

  4. Select OK in the confirmation dialog box. Once all the signatures are validated. You get a confirmation message. 

View previous versions of a digitally signed document

Whenever a certificate is used to sign a document, a signed version of the PDF is created and saved along with the original PDF. The saved versions are in an append-only format, meaning the original PDF can’t be modified. The Signatures panel provides access to all digital signatures and their corresponding versions.

To view previous versions, open the Signature panel and then select Options  > View Signed Version

The previous version opens as a new PDF, with the version information and the name of the signer in the title bar. To return to the original document, choose the document name from the Windows® menu.

Compare versions of a signed document

After a document is signed, you can display a list of the changes made to the document after the last version.

To compare the previous versions, open the Signatures panel and then select the signature. Then, select Options   > Compare Signed Version To Current Version.

 

Once you're done, close the temporary document.

 

Trust a signer’s certificate

To trust a certificate, it must be added to the user's trusted identity list in the Trusted Identity Manager. Also, its trust level must be set manually. End users can exchange certificates or add them directly from signed documents and set their trust levels. However, enterprises may require employees to validate signatures without any manual intervention. Acrobat trusts all certificates that are signed and certified by a trust anchor. Therefore, administrators can preconfigure client installations or allow end users to add a trust anchor. For more information on trusting certificates, see About certificate-based signatures.

Digital signatures that were added using a self-signed certificate can’t be automatically validated by Adobe as the certificate isn’t in the list of Trusted Identities that Adobe uses to validate signatures. A self-signed certificate is a certificate that you’ve generated yourself using a third-party application. You won’t be able to manually validate the signature until the certificate is trusted by Adobe. If you open such a PDF, you’ll see a warning At least one signature has problems.

Signature validity warning message

Caution:

For security reasons, Adobe doesn’t recommend adding a self-signed certificate, or any random certificate to the Adobe's list of Trusted Identities.

To add the certificate that was used to apply the digital signature into Adobe’s list of Trusted Identities, do the following:

  1. Open the Signature panel.

  2. Right-click the signature and then select Show Signature Properties.

  3. In the Signature Properties dialog box, select Show Signer's Certificate.

    digital-signature-properties

  4. In the Certificate Viewer dialog box, select Trust > Add To Trusted Certificates.

    add-to-trusted-certificates

  5. Select OK.

Sign component PDFs and PDF Portfolios 

You can sign component PDFs within a PDF Portfolio, or sign the PDF Portfolio as a whole. Signing a component PDF locks the PDF for editing and secures its content. After signing all the component PDFs, you can sign the entire PDF Portfolio to finalize it. Alternatively, you can sign the PDF Portfolio as a whole to lock the content of all component PDFs simultaneously.

  • To sign a component PDF, see Signing PDFs. The signed PDF is automatically saved to the PDF Portfolio.

  • To sign a PDF Portfolio as a whole, sign the cover sheet (View > Portfolio > Cover Sheet). Once you sign the PDF Portfolio as a whole, you can’t add signatures to the component documents. However, you can add more signatures to the cover sheet.

Digitally sign on attachments to component PDFs

You can add signatures to attachments before signing the cover sheet. To do so:

  1. Open the PDF in a separate window.
  2. Right-click the attachment and select Open file
  3. To view signatures on the PDF Portfolio, navigate to the cover sheet to view the document message bar and signatures pane.

View signed and certified PDF Portfolios

A properly signed or certified PDF Portfolio has one or more signatures that approve or certify the PDF Portfolio. The most significant signature appears in a Signature badge in the toolbar. Details of all signatures appear on the cover sheet.

  • To view the name of the organization or person that signed the PDF Portfolio, hover the pointer over the Signature Badge.

  • To view details about the signature that appears on the Signature Badge, click the Signature Badge. The cover sheet and the Signatures pane on the left are open with details.

If the PDF Portfolio approval or certification is invalid or has a problem, the Signature Badge shows a warning icon. To view an explanation of the problem, hover the pointer over a Signature Badge with a warning icon. Different warning icons appear for different situations.

For a list and explanation of each warning, see the DigSig Admin Guide.

XML data signatures

Acrobat and Acrobat Reader support XML data signatures that are used to sign data in XML Forms Architectures (XFA) forms. The form author provides XML signing, validating, or clearing instructions for form events, such as button click, file save, or submit.

XML data signatures conform to the W3C XML-Signature standard. Like PDF digital signatures, XML digital signatures ensure integrity, authentication, and non-repudiation in documents.

However, PDF signatures have multiple data verification states. Some states are called when a user alters the PDF-signed content. In contrast, XML signatures only have two data verification states, valid and invalid. The invalid state is called when a user alters the XML-signed content.

Establish long-term signature validation

Long-term signature validation allows you to verify the signature's validity long after the document was signed. To achieve this, all the necessary elements for signature validation must be embedded in the signed PDF. These elements can be embedded during the document signing process or added afterward.

If certain information is not included in the PDF, the signature can only be validated for a limited time because certificates related to the signature eventually expire or are revoked. When a certificate expires, the issuing authority is no longer responsible for providing revocation status, rendering the signature unverifiable.

The necessary elements for signature validity include the signing certificate chain, certificate revocation status, and possibly a timestamp. If these elements are embedded during signing, the signature can be validated without requiring external resources.

Acrobat and Acrobat Reader can embed the necessary elements if available, and the PDF creator must enable usage rights for Acrobat Reader users by going to the hamburger menu   (Windows) or the Acrobat menu (macOS) > Save as other > Acrobat Reader extended PDF.

Note:

Embedding timestamp information requires an appropriately configured timestamp server. In addition, the signature validation time must be set to Secure Time by navigating to Preferences > Security > Advanced Preferences > Verification tab.

CDS certificates can add verification information, such as revocation and timestamp into the document without requiring any configuration from the signer. However, the signer must be online to fetch the appropriate information.

Add verification information at signing

To add verification information while signing:

  1. Ensure that your computer can connect to the appropriate network resources.
  2. Go to Preferences > Signatures > Creation & AppearancesMore and make sure that the Include signature’s revocation status option is selected.
  3. Sign the PDF.

If all the elements of the certificate chain are available, the information is added to the PDF automatically. If a timestamp server has been configured, the timestamp is also added.

Add verification information after signing

In certain workflows, signature validation information may be unavailable during the signing but can be obtained later. For instance, a company official may sign a contract on a laptop while traveling without internet access. When internet access is later available, anyone validating the signature can add timestamping and revocation information to the PDF. Subsequent signature validations can also make use of this information.

To add verification information after signing:

  1. Ensure that your computer can connect to the appropriate network resources, and then right-click the signature in the PDF.
  2. Select Add Verification Information.

Information and methods used to include this long-term validation (LTV) information in the PDF comply with Part 4 of the ETSI 102 778 PDF Advanced Electronic Signatures (PAdES) standard.

The command is unavailable if the signature is invalid, or is signed with a self-signed certificate. The command is also unavailable in case the verification time equals the current time.

 Adobe

Get help faster and easier

New user?