39
ADOBE LIVECYCLE ES2.5
Signature Service
LiveCycle ES2.5 Services
124
Certifying signatures: : Used for attesting to the document contents and specifying the types of changes that are permitted for the document
to remain certified. For example, a government agency creates a form with signature fields. The agency certifies the document, allowing
users to change only form fields and to sign the document. Users can fill the form and sign the document. However, if users remove pages
or add comments, the document does not retain its certified status.
Certifying signatures are also known as Modify Detection Prevention (MDP) signatures.
About signature fields
When a form is digitally signed, the signature is added to a signature field. Forms must include a signature field before they can be signed.
Multiple signature fields can be added to a single form. Each signature field can be associated with a set of fields on the form. After the
signature is added, the associated fields are locked. These types of signatures are known as MDP+ signatures. To use this feature with PDF
forms and XML forms, users must use Acrobat or Adobe Reader 8.0 and later to open the forms.
Seed value dictionaries can be added to signature fields to configure how the field is used when the document is signed. For example, a list
of signing reasons can be provided, or the hashing algorithms that can be used for creating the document digest can be specified.
You can add signature fields at design time or at run time:
• Use Designer ES2.5 to add signature fields at design time. (See LiveCycle Designer ES2.5 Help.)
• Use the Signature service to add signature fields at run time. (See “Adding, modifying, and removing signature fields” on page129.)
About the Signature service and form types
LiveCycle ES2.5 supports several types of PDF forms. Although Acrobat or Adobe Reader users notice no apparent difference between the
form types, the way the PDF form is constructed can be different. For example, forms can be rendered to PDF by the Forms service on the
LiveCycle ES2.5 server or by Acrobat or Adobe Reader.
PDF forms that do not require rendering can be used with the Signature service in any situation. However, PDF forms that require rendering
can be problematic for digital signatures, depending on how they are used.
When a PDF form that is digitally signed is rendered, the signature on the form is invalidated. For example, a user opens a dynamic PDF
form in Acrobat, digitally signs it, and saves it. Then the user sends the file to a colleague in an email message. When the colleague opens
the form, Acrobat renders the form to PDF, which invalidates the digital signature.
To use the Signature service, identify the type of form you are using.
Acrobat PDF form: : PDF forms that are created using Acrobat (or a similar tool). These forms do not require rendering after they are
created.
Adobe PDF form: : PDF forms that are created by using Designer ES2.5. These files are saved as static or dynamic PDF forms:
• The content of static PDF forms, except for field values, does not change. When the file is opened, Acrobat or Adobe Reader use infor-
mation in the file to render the PDF form. When the file is saved for the first time, the PDF form is stored in the file. The next time the
form is opened, it is not rerendered.
• The content of dynamic PDF forms can change according to user input. For example, table rows or subforms can be added as required.
The PDF form is always rendered when it is opened by using Acrobat or Adobe Reader.
For more information about the static and dynamic Adobe PDF forms, see Using Designer ES2.5 > Working with Form Designs > Guidelines
for creating PDF forms in LiveCycle Designer ES2.5 Help.
42
ADOBE LIVECYCLE ES2.5
Signature Service
LiveCycle ES2.5 Services
125
Adobe XML form: : XDP files that are created by using Designer ES2.5. Adobe XML forms are prepared for opening in Acrobat or Adobe
Reader by using the Forms service. The Forms service can be configured so that the PDF form is rendered by any of these agents:
• Forms service (on the LiveCycle ES2.5 server) before being sent to the client
• Acrobat
• Adobe Reader.
Non-interactive PDF forms: : PDF forms that users can view electronically or print. For example, files that are converted to PDF from a
different file format are non-interactive. These forms do not require rendering after they are created.
For information about design requirements for forms that are used in LiveCycle Workspace ES2.5, see “Requirements for form design and
Workspace ES2.5” on page 131.
About digital signature technology
Public key cryptography
Digital signatures are based on public-key cryptography (or asymmetric cryptography), which involves using public/private key pairs for
encrypting and decrypting text:
• The private key is used to encrypt text and documents. Private keys are kept safe.
• The corresponding public key is used to decrypt the text that is encrypted by the private key. The public key can decrypt only the text
that is encrypted with the associated private key. Public keys are distributed, sometimes widely.
For example, Tony Blue uses his private key to encrypt email messages before sending them to recipients. The recipients require the public
key to decrypt the messages and read them. Tony must provide the recipients with the public key before they can read his email messages.
Digital certificates
Digital certificates can be used to verify the authenticity of digital signatures. Digital certificates bind a public key with a person’s identity:
• Certificates can be issued by certificate authorities (CA), a trusted third party. CAs verify the identities of the people who they issue
certificates to. If you trust the CA, you trust the certificates they issue.
• Certificates can also be self-signed. Self-signed certificates are typically generated by the certificate owner. Certificates are useful when
you are certain that you can trust the owner.
CAs publish certificate revocation lists (CRL) that contain the serial numbers of the certificates that are no longer valid. CRLs have expiry
dates and are typically updated periodically.
Similar to using CRLs, Online Certificate Status Protocol (OCSP) is used for obtaining the status of X.509 certificates. OCSP enables certif-
icate status to be updated and obtained more quickly than CRL systems.
CAs can delegate the authority to issue certificates to lower-level CAs. The result can be a hierarchy of CAs. A certificate chain indicates the
path in the hierarchy from a lower-level CA to the root CA. Certificates that are issued by lower-level CAs include the certificate chain. The
authenticity of each CA in the chain can be verified.
Digital credentials
Credentials are used to digitally sign documents. A credential contains a user’s private key and other identifying information, such as an
alias. A password is required to access the contents of the credential. Different standards define the content of a credential and the format.
The following standards are two examples:
• Personal Information Exchange Syntax Standard (PKCS #12) defines a file format for storing the private key and the corresponding
digital certificate.
• Cryptographic Token Interface (PKCS #11) defines an interface for retrieving credentials that are stored in hardware.
29
ADOBE LIVECYCLE ES2.5
Signature Service
LiveCycle ES2.5 Services
126
Digital Signatures
Digital signatures are an encrypted digest of the document that is signed. The digest and the signer’s certificate are used to validate the
integrity of the document.
When a document is digitally signed, a digest of the document contents is created by using a hashing algorithm. The digest is unique for the
document, and the document cannot be reconstructed by using the digest. The digest is encrypted by using the signer’s private key to create
the signature.
The signature and the certificate that corresponds with the private key that is used to create the signature are typically bundled with the
document.
Signatures can include timestamps. Time Stamp Protocol (TSP) is used to establish the time at which a digital signature is created. This infor-
mation is useful for verifying that a digital signature was created before the associated certificate was revoked. A Time Stamp Authority
(TSA) provides services for obtaining and verifying timestamp information.
Validating document integrity
To validate the signature, the public key in the certificate is used to decrypt the digest. The digest is then recalculated and compared with
the decrypted digest. If the digests are identical, the document has not been altered.
Integrating with a security infrastructure
The Signature service accesses certificates, credentials, and revocation lists that are stored in Trust Store Management. It can also use Trust
Store Management to access credentials that are stored in Hardware Security Module (HSM) devices. (See Managing HSM credentials in
LiveCycle ES2.5 Administration Help.)
The Signature service also supports communicating with external resources for retrieving certificates and validating signatures:
• LDAP/LDAPs and HTTP/HTTPs queries for retrieving certificates for chain validation.
• Connecting to TSAs using HTTP and HTTPs.
• Retrieving CRLs using HTTP/HTTPs and LDAP/LDAPs. The Signature service also supports offline CRLs that are stored using Trust
Store Management.
• Connecting to OCSP servers.
• Integrating with external service providers for retrieving credentials and verifying certificates.
41
ADOBE LIVECYCLE ES2.5
Signature Service
LiveCycle ES2.5 Services
127
Supported technologies and standards
The following table provides a summary of the technologies and industry standards that LiveCycle Digital Signatures ES2.5 supports.
The Signature service enforces Federal Information Processing Standard (FIPS) compliance and uses the RSA BSAFE libraries.
Using the Signature service
For information about developing processes that use this service, see LiveCycle Workbench 9.5 Help. For information about developing
client applications that programmatically interact with this service, see Programming with LiveCycle ES2.5.
You can use the Applications and Services pages on LiveCycle Administration Console to configure default properties for this service. (See
Signature service settings in LiveCycle ES2.5 Administration Help .)
Signing and certifying documents
You can use the Signature service to sign and certify PDF documents by using any credential that the service can access. When signing or
certifying, specify the signature field to use.
The following limitations apply to dynamic Adobe PDF forms when used with the Signature service:
• You cannot sign a visible signature field.
• You can certify invisible signature fields.
• You can certify visible signature fields only if the Signature service is configured to process documents with Acrobat 9 compatibility. The
form can only be viewed using Acrobat or Adobe Reader 9.
Note: For all types of forms, Acrobat or Adobe Reader users can delete signatures that the Signature service added.
When signing or certifying forms, the following information can be specified:
Credential: The credential that contains the private key to use to create the digital signature.
Document MDP permissions: : When certifying, the changes that users can perform on the document without invalidating the certification.
Item
Supported technology or standards
One-way hash (for creating document digests)
SHA-1, SHA-256, SHA-384, and SHA-512
MD5
RIPEMD160
Digital signatures
PKCS #1 and #7
RSA (up to 4096 bit)
DSA (up to 4096 bit)
XML signatures
Seed values (enforcement of certificate usage criteria)
Time stamping (using Time Stamp Providers)
Certificate validity
Certificate Revocation Lists (CRL)
Online Certificate Status Protocol (OCSP)
RFC 3280 compliant path validation
50
ADOBE LIVECYCLE ES2.5
Signature Service
LiveCycle ES2.5 Services
128
Revocation information: : Whether to embed revocation information in the signature to use for validating the signer’s certificate. The infor-
mation enables OCSP-checking and CRL-checking.
Time stamp information: : Whether to create a timestamp for the signature and the information required to perform the timestamp trans-
action with the timestamp provider.
Appearance: Properties that affect the appearance of the signature when it is viewed using Acrobat or Adobe Reader. These properties can
be the reason for signing, the contact information of the signer, a legal attestation, and the icons to use.
Validating document integrity and authenticity
You can use the Signature service to validate signatures that are added to PDF forms. To validate signatures, the certificate can be checked
for revocation, the timestamp of the signature can be checked, and the document digest is verified. You can validate signatures individually
or validate all the signatures on a PDF document.
The following limitations apply to validating digital signatures by using the Signature service:
• The Signature service cannot accurately validate signatures on dynamic Adobe PDF forms.
• The Signature service cannot ensure that field-locking rules for signature fields (MDP+ rules) are enforced for Adobe PDF forms and
Adobe XML forms.
When validating signatures, the following information can be specified:
Signature field: : The name of the signature field that holds the signature to verify.
Revocation checking: : Whether to check that the signer’s certificate is revoked. You can specify information to enable OCSP and CRL types
of checking.
Time stamp checking: : How to verify the timestamp of the signature.
Path validation: : Information that enables the verification of the certificates in the certificate chain that the signer’s certificate includes.
The validity status messages displayed depend on whether the Process Documents With Acrobat 9 Compatibility option is selected for
Signature service. (See Signature service settings in LiveCycle ES2.5 Administration Help.)
The following table describes the situations that cause the different signature-validity states when the option is selected.
Values
Signature status
DynamicFormSignatureUnknown
DocumentSignatureUnknown
Status Unknown
The integrity of the document or dynamic PDF form has not been verified.
CertifiedDynamicFormSignatureTamper
SignedDynamicFormSignatureTamper
CertifiedDocumentSignatureTamper
SignedDocumentSignatureTamper
Tamper
The document or dynamic form has been altered or corrupted since the signature was applied.
SignatureFormatError
Invalid
The signature is invalid because its formatting or the information it contains has errors.
DynamicFormSigNoChanges
DocumentSigNoChanges
Signed with no changes
The document or dynamic form has not been modified since the signature was applied.
DynamicFormCertificationSigNoChanges
DocumentCertificationSigNoChanges
Certified with no changes
The document or dynamic form has not been modified since it was certified.
47
ADOBE LIVECYCLE ES2.5
Signature Service
LiveCycle ES2.5 Services
129
The following table describes the situations that cause the different signature-validity states when the option is not selected.
When validating signatures, you must know whether you are validating a PDF signature or an XML signature.
Removing signatures
You can use the Signature service to remove signatures from signature fields.
Retrieving signatures and signature fields
You can use the Signature service to retrieve the following items from forms:
• Information about signature fields and certifying signature fields
• Digital signatures and information about the signatures
• The revision of the PDF form as it existed when a signature field was signed
Caution: You cannot retrieve the certifying signature field from forms that are rendered on the client.
Adding, modifying, and removing signature fields
You can use the Signature service to add, modify, and remove visible and invisible signature fields from forms. When you add and modify
signature fields, you can configure the following properties:
• The field name and, for visible signature fields, the location.
DocSigWithChanges
Signed with changes
The revision of the document that this signature covered has not been changed; however, subsequent changes were
made to the document.
CertifiedDocSigWithChanges
Signed with allowed changes
The document has been changed since the signature was applied. However, the changes are permitted by the document
certifying party and do not invalidate the signature.
CertificationSignWithChanges
Certified with changes
The document has been changed since it was certified. However, the changes are permitted by the document certifying
party and do not invalidate the signature
Value
Signature status
Invalid
Signature Invalid
The revision of the document that is covered by the signature has been altered.
Unknown
Status Unknown
Signature validation on the signed contents was not performed.
ValidAndModified
Signature valid but document modified
The revision of the document that is covered by the signature was not modified; however, subsequent changes were made to the docu-
ment.
ValidUnmodified
Signature valid and document unmodified
The revision of the document that is covered by the signature was not modified. No subsequent changes were made to the document.
Values
Signature status
40
ADOBE LIVECYCLE ES2.5
Signature Service
LiveCycle ES2.5 Services
130
• The fields to lock when the signature is added.
• The signature handler that validates signatures.
• Information about the signature (for example, whether to include revocation information, a list of signing reasons that users can select
from, and server URLs used for validating signatures).
• Whether the field can be used only for certifying the document.
Caution: The Signature service cannot add or modify signature fields on a dynamic Adobe PDF form.
Best practices
The following characteristics of LiveCycle ES2.5 and the Signature service result in limitations to the way you can use dynamic Adobe PDF
forms:
• Digital signatures are invalidated when a signed form is rendered to PDF.
• The Signature service cannot enforce field-locking (MDP+) signature rules for Adobe PDF forms and Adobe XML forms.
Generally, you must decide whether the use of dynamic PDF forms or the use of digital signatures on the server is more important for your
solution:
• If you need to use features of the Signature service that do not support dynamic Adobe PDF forms, use a different type of form and
ensure that no rendering occurs in Acrobat or Adobe Reader. (See “Ensuring that no rendering occurs after signing” on page130.)
• If you need to use dynamic PDF forms, you can convert the form to a non-interactive form before using the features of the Signature
service on the form. (See “Converting to non-interactive form” on page131.)
• Before you use the form with the Signature service, ensure that the form is not a dynamic Adobe PDF form. (See “Checking the form
type” on page 131.)
Also, to use digital signatures on forms that users open in Workspace ES2.5, your form must conform to specific design criteria. (See XREF).
Order of operations
Any combination of encrypting, certifying, and applying usage rights to the same document must occur in the following order. These
services must be invoked within a short-lived process:
1 Apply encryption (Encryption service) or apply a policy (Rights Management service) to a document before you digitally sign the
document (Signature service). A digital signature records the state of the file at the time of signing. Encrypting the document or applying
a policy after you apply a signature changes the bytes in the file, causing the signature to appear invalid.
2 Certify a PDF document (Signature service) before you set usage rights (Reader Extensions service). If you certify a document after you
apply usage rights, it invalidates the usage rights signature, therefore removing the usage rights from the document.
3 Digitally sign a PDF document (Signature service) after you set usage rights. Signing a PDF document after applying usage rights does
not invalidate the usage rights signature.
Ensuring that no rendering occurs after signing
When a form is rendered to PDF, any digital signatures that it contains are invalidated. Ensure that PDF forms are not rendered after they
are digitally signed. You can prevent rendering when you use static Adobe PDF forms or Adobe XML Forms.
Static Adobe PDF forms
Use Designer ES2.5 to create static Adobe PDF forms so that rendering occurs only the first time they are opened in Acrobat or Adobe
Reader.
Documents you may be interested
Documents you may be interested
