Digital Signatures
Revu supports digital certification of PDFs and digitally signing PDFs. These two actions have some similarities, and can be done at the same time, but they are distinct. Before beginning, it is important to understand both concepts:
- Digital Certification is the act of certifying the accuracy of a document. When a document is digitally certified, its page content is locked to prevent changes. The certifier can opt to allow limited changes that do not affect this content (for example, adding markups, completing form fields or applying digital signatures).
- Digital Signatures are independently validated signatures placed on a document by somebody to approve the document in its current state. If changes are made to the document after the digital signature is placed, the status of the signature changes accordingly.
- An important distinction between digital signatures and electronic signatures is that the latter are not validated for authenticity. An electronic signature is simply an electronic representation of somebody's autograph; a digital signature contains a unique digital ID to verify its authenticity.
Revu supports both adding digital signature fields to PDFs and applying digital signatures to those fields. You can create and validate signatures from self-signed certificates, which is ideal for certification that occurs within organizations or among trusted parties. Revu also supports commercially available certificates purchased from trusted third-party Certificate Authorities.
Revu validates and signs documents based on the Windows Certificate Store and the PKCS #12 standards. Revu also supports Adobe CDS signatures.
Before you can digitally sign
If you are not sure which option is right for you, consider the following:
Self-Signed:
- Usually adequate for personal use or for small-to-mid-sized companies, but it is generally recommended that their usage be limited to parties that have established mutual trust. When using a self-signed digital ID, you are essentially vouching for yourself.
- You will need to provide digital certificates to parties that will receive your signed and/or certified documents and they must install them in order to validate your digital signature.
Third-Party Certificate Authority:
- The Certificate Authority takes responsibility for verifying your identity to other parties, bypassing the need for pre-established mutual trust.
- The Certificate Authority is usually trusted by the Windows Certificate Store by default, eliminating the need to provide digital certificates to recipients ahead of time.
If you choose to purchase a digital ID from a third-party Certificate Authority, you should not need to create a digital ID in Revu and you should not need to export a digital ID to send to recipients. Skip ahead to Managing Signature Appearances to determine the appearance of your digital signature in Revu, if desired.
If you choose to use a self-signed digital ID, you will need to create it (described below) and then export your public certificate so you can send it to recipients of your signed and/or certified documents.
To create a new, self-signed digital ID:
-
Go to Tools > Signatures > Digital IDs. The Manage Digital IDs dialog box appears.
-
Click Add Digital ID. The New Digital ID dialog box appears.
- Select one of the available Create Digital ID options:
- Create Digital ID file: Creates a digital ID in the PKCS #12 format. It is protected by a separate password that is defined at the time of creation.
- Create Digital ID in Windows Certificate Store: Creates a digital ID in the Windows Certificate Store. It is protected by the user's Windows login.
Note: Since it relies on a user's Windows login credentials, Windows Certificate Store is not recommended for environments with shared login credentials. Additionally, the Windows Certificate Store is Windows-only while PKCS #12 is compatible with both Windows and Mac OS.
- Enter the Identity information, as desired.
- Name and E-mail Address are required fields.
-
If Create Digital ID file was selected, enter and confirm a Password under PKCS #12 Options. This password will be used to confirm the user as the signer of a document, so use a sufficiently secure password.
Caution: Keep your password in a secure place. By design, passwords for these types of digital IDs cannot be retrieved or reset if lost. In the event that you lose your password, you will need to create a new digital ID.
- Click OK.
When you create a self-signed digital ID, you need to send copies of your public certificate to anybody who will receive documents with your digital signature so they can validate it. This should be done before sending them documents that you have digitally signed. Fortunately, Revu makes it simple to export your public certificate.
To export your digital ID certificate:
-
Go to Tools > Signatures > Digital IDs. The Manage Digital IDs dialog box appears.
- Select the digital ID to be exported and click Export. If this digital ID is password-protected (for example, a PKCS #12 ID), a password prompt will appear. Provide the necessary password.
- The Windows Save As dialog box opens. Browse to a desired location and click Save to save the public certificate. This file can now be sent to other users, who can add it to their trusted repositories.
Revu allows you to customize the information supplied with your digital signature as well as its appearance. You can also create multiple appearances for your digital signature to suit any kind of signing need.
To create a signature appearance template:
-
Go to Tools > Signatures > Digital IDs. The Manage Digital IDs dialog box appears.
-
Select the desired digital identity and click Manage Appearances. The <name> Appearances dialog box appears.
-
Click the Add Appearance button. The Signature Appearance dialog box appears.
- Give this appearance template an easily recognizable name in the Title field. The title appears in the selection list when choosing which appearance template to use when signing the document.
- Choose a Graphic option:
- None: Applies no graphic to the signature.
- Name: Prints the signer's name as a graphic.
- File: Applies the specified graphic to the signature. Click the navigate button to browse for a file (for example, a scan of the signer's "wet" signature).
-
Choose a Position option to determine where in the graphic appears in the signing box.
- Select any of the options in the Text list to enable them. These auto-generate certain information when a signature is applied. They are all optional.
-
Choose the Alignment of these options. The boxes correspond to the regions of a signature field, such as "top-left," "middle" or "bottom-right" (as shown in the example below).
- To set the font size of the text options manually, uncheck Auto and select the desired Font Size. Otherwise, leave Auto checked.
- To prevent field names such as "Digitally signed by" and "DN" from appearing in the signature box, uncheck Labels.
- To remove the Bluebeam icon watermark, uncheck Logo.
- The Preview of the digital signature updates whenever any option is set. Use this to confirm that the appearance of this digital signature is satisfactory, and when it is, click OK.
To prepare a document for digital signing, add one or more digital signature fields (depending on how many signatures are needed).
- Go to Tools > Form > Digital Signature.
- Click and drag a rectangle to define the region where the signature will appear.
- If the PDF requires multiple signatures, drag similar rectangles over the other signing areas.
- To manage the properties of any signature field, right-click it and select Properties. Set any of the following options, as desired:
- Name: Assign a name to this signature field (often the name or title of the person to sign here).
- Tooltip: Enter text that will display when a user hovers their cursor over the field.
- Field: Select whether the field will be Visible (default), Hidden, Visible but doesn't print or Hidden but printable.
- Orientation: Select the orientation of the signature, in degrees: 0 (right-side up, default), 90, 180 (upside down) or 270.
- Read-Only: Check to set the signature field as read-only so it cannot be altered. This will actually make it impossible to add a digital signature to the field, so it is not generally recommended.
- Required: Check to set the signature field as being required. Required signatures are easily identified by a red border.
- Lock: Check to lock the properties of the signature field so that they cannot be changed.
-
Press Esc when all signature fields have been added and then save the PDF.
In the event that it becomes necessary to delete a digital signature field, do the following:
- Go to Tools > Form > Digital Signature.
-
Right-click the digital signature field to be deleted and select Delete.
Documents can be certified, usually by the person who created it or by the first signer, as being authentic. Additionally, certifying a document prevents signers from making changes to its page content, though the certifier has the option to allow other limited changes to the document, including the addition of markups, the completion of form fields or the application of digital signatures. As such, documents should be certified only when they are complete, including after all digital signature fields have been added.
Certified documents cannot be combined with other documents without breaking the certification. Combine documents before certifying or use Sets in Revu 11 or greater to view separate certified PDFs as a single collection. The only option after certifying a document that preserves the certification is to create a PDF package.
There are two ways to certify a PDF, depending on whether or not you are also a signer on the document. Please note that after the first signature is added to a PDF, its certification status cannot be changed; if a document needs to be certified, do so as the first signer or, if you are not a signer on the document, before sending it out for signatures.
Certified documents will show a certification statement on the document's Properties panel that can be reviewed at any time. Additionally, when opening a certified document a dialog box will appear prompting the reader to open the Properties panel in order to review the certification statement.
Using this process, you can certify the document and sign it at the same time.
-
Click in the desired signature field. The Sign dialog box appears.
- Choose a Digital ID.
- For PKCS #12 IDs, enter the Password and click Log in.
- Windows Certificate Store IDs do not require a separate password as they are protected by the user's Windows login.
-
Select Document Certification and choose one of the Permitted changes after certifying options:
- No changes allowed: No changes are permitted and no other signatures can be added.
- Fill in forms and digital signatures: Form fields can be completed and signatures added, but no other changes are permitted.
- Markups, fill in forms, and digital signatures: Markups can be added, form fields can be completed and signatures added, but no other changes are permitted.
- Complete any of the desired Options fields.
- Select an Appearance for your signature.
- Click OK. A Save As dialog box appears. Signed documents must be saved at the time of signature.
- Enter a file name and select the location for the signed file, then click Save to save the signed PDF.
The person who certifies a document need not necessarily be one of the signers. Remember, a PDF cannot be certified after it has been signed by any party, so if the document is to be certified, do so before sending it out for signatures.
To certify a document without signing it:
-
Go to Tools > Signatures > Certify Document. The Sign dialog box opens.
- Choose a Digital ID.
- For PKCS #12 IDs, enter the Password and click Log in.
- Windows Certificate Store IDs do not require a separate password as they are protected by the user's Windows login.
-
Select Document Certification and choose one of the Permitted changes after certifying options:
- No changes allowed: No changes are permitted, including the application of digital signatures. Select this option only if the document does not need to be signed.
- Fill in forms and digital signatures: Form fields can be completed and signatures added, but no other changes are permitted.
- Markups, fill in forms, and digital signatures: Markups can be added, form fields can be completed and signatures added, but no other changes are permitted.
- Complete any of the desired Options fields.
- Click OK.
How a PDF is digitally signed depends on how it was created. In most cases, a signature field will have already been added to the document in preparation for your signature. Such documents might also be certified. In some cases, however, you might need to add your own signature field before signing. Fortunately, Revu makes it simple to do this, too.
Digitally signed documents cannot be combined with other documents without invalidating the signatures. Combine documents before signing or use Sets in Revu 11 or greater to view separate signed PDFs as a single collection. The only option after signing a document that preserves the signature is to create a PDF package.
-
Click in the desired signature field. The Sign dialog box appears.
- Choose a Digital ID.
- For PKCS #12 IDs, enter the Password and click Log in.
- Windows Certificate Store IDs do not require a separate password as they are protected by the user's Windows login.
- Complete any of the desired Options fields.
- Select an Appearance for your signature.
- Click OK. A Save As dialog box appears. Signed documents must be saved at the time of signature placement.
- Enter a file name and select the location for the signed file, then click Save to save the signed PDF.
- Go to Tools > Signature > Sign Document.
-
Click and drag a rectangle to define the region where the signature will appear. The Sign dialog box appears.
- Choose the Digital ID to sign with.
- For PKCS #12 IDs, enter the Password and click Log in.
- Windows Certificate Store IDs do not require a separate password as they are protected by the user's Windows login.
- Under Signature Type, select Digital Signature.
- Complete any of the desired Options fields.
- Select an Appearance for the signature.
- Click OK. A Save As dialog box appears. Signed documents must be saved at the time of signature placement.
- Enter a file name and select the location for the signed file, then click Save to save the signed PDF.
In the event that you wish to clear your digital signature, either permanently or in order to make any needed changes and reapply it, you can do so easily. You can only clear your own digital signature.
To clear your digital signature, simply right-click the signature and select Clear Signature.
When a document that has been digitally signed is opened in Revu, signatures are automatically checked for validity. One of several icons will appear on the Signatures panel to indicate the status of a signature's validity.
The document has been Certified and the Certification is valid.
The signer's identity is trusted and the document has not been changed. This is a valid signature.
The signer's identity is unknown. If the signer is known and trusted, see Importing a Trusted Identity Certificate to add the identity to your list of trusted identities.
The signature has not yet been validated and the document has not been updated since signed.
The signature is valid, but the document has been updated since being signed.
The signer's identity is unknown and the document has been updated since being signed.
The signature or certification is invalid and the document has been altered since being signed.
To attempt validation on a signature again (for example, if you've installed a certificate that wasn't installed when the file was first opened), right-click the signature on the PDF and select Validate Signature.
Before a digital signature can be validated in Revu, the digital ID certificate of the signer must be imported in your trusted repository. The recommended best practice when it comes to importing digital ID certificates is to have signers send you their digital ID certificates (which can be easily
To import a digital ID certificate from a file you've been sent:
- Save the .cer file that was sent to you somewhere on your computer or network.
-
In Revu, go to Tools > Signature > Trusted Identities. The Manage Trusted Identities dialog box appears.
- Click Add Trusted Identity. The Windows Open dialog box appears.
- Browse to the location of the saved .cer file and open it. Revu automatically adds it to your list of trusted identities.