Both types of signatures can be placed both visible and invisible on a PDF document. The certifying signature can only be the first signature on the PDF document. A certifying signature is generated in the same way as a non-certifying digital signature. However, documents with a certified digital signature differ from those signed with standard digital signatures. Certifying signatures are mostly used to provide guarantees about the content (but not necessarily the approval) and the issuer of the document. Standard digital signatures are mostly used as (but not exclusively) approval signatures.

Both signatures and certifying signatures can use Adobe AATL certificates. Adobe AATL certificates are only issued based on specific criteria but CA’s are implementing and enforcing those requirements. This way they provided a certain level of guarantee about the signer which can be a person or a legal entity. An additional advantage of using AATL certificates is that when using Adobe PDF reading software, the AATL root certificates of all CA’s issuing AATL certificates is known by the Reader software. This means that documents containing a signature based on AATL certificates will be automatically verified and indicated as valid in Adobe software (note: same is the case for EUTL based certificates).

When using certificates that do not derive from an AATL (or EUTL) trusted root, trusted root certificates will need to be explicitly trusted in Adobe software or using the ‘Trusted Root Certification Authorities’ store on Windows for the chain to the signing certificate to be trusted (and verifiable).

Signatures that are invalid (for example content changed after putting signature on the document) will always be indicated with a cross mark. Cryptographically correct signatures with a chain of which trust cannot be determined will be flagged by a yellow question mark. A correct signature with a validated chain will be indicated by a check mark.

When signing the document using a certifying signature (more general the first signature), it can be specified which modifications can be done to the document after the document has been signed.
The following modifications can be allowed:

• No adjustments
• Filling in fields
• Filling in fields and add comments

iSigner Legal Compliancy

iSigner (both the Client Library and the API) is compatible with:

• European eIDAS regulation 910/2014
• RFC 3161 – TSA and Timestamp
• RFC 5280 – Certificate and certificate revocation list
• RFC 6960 – Online certificate status protocol
• RFC 2315 – PKCS7
• ETSI EN 319 132-1 v1.1.1 Building blocks and XAdES baseline signatures
• ETSI EN 319 132-2 v1.1.1 Extended XAdES signatures
• ETSI EN 319 122-1 v1.1.1 Building blocks and CAdES baseline signatures
• ETSI EN 319 122-2 v1.1.1 Extended CAdES signatures
• ETSI EN 319 142-1 v1.1.1 Building blocks and PAdES baseline signatures
• ETSI EN 319 142-2 v1.1.1 Extended PAdES signatures