Home / Solutions /

Digital Signatures

Your autograph, please.

As more companies implement paperless processes, the importance of providing authentic and genuine digital signatures is more relevant than ever. Revu® allows users to create digital IDs and signature fields in a PDF, certify and sign PDF documents, and validate other users' signatures. Signatures of trusted sources can even be stored in Revu for immediate validation of documents. Simply put, your protection is our priority.

What is a digital signature?

A digital signature is intended to provide authenticity (the signee is the genuine creator of the document), integrity (the document has not been changed since last signed), and non-repudiation (the person who signed it cannot claim otherwise). Digital signatures are created and validated using digital ID certificates, which can be self-signed or purchased from a trusted Certificate Authority (CA). Whether you need to purchase a Digital ID certificate depends on what your use of the signatures will be.

 

What isn't a digital signature?

There are a number of misconceptions about digital signatures so let's discuss what they are not. They are not a picture of your signature scanned in to your computer. A scan of your hand signature is not legally binding, but in the U.S. a digital signature is as legally binding as a real pen-and-ink signature. A digital signature is not PDF security. Though both PDF security and digital signatures use the same encryption methods, they do entirely different things. For instance, Digital Signatures do not hide the content of your document or prevent editing.

Best practices for

Digital Signatures

 

Self-signed Certificates

Revu supports manually importing and validating signatures from self-signed certificates, which is ideal for certification that occurs within organizations among trusted parties.

 

Certificate Authorities

Revu supports validating and signing documents based on the Windows Certificate Store and the PKCS#12 standards. It also validates but does not sign documents using Adobe CDS.

 

Before Buying a Digital ID Certificate

Ask yourself these questions before buying a Digital ID Certificate:

  1. Do I need to send documents, receive them, or both?

  2. Are the documents I receive from within my organization or outside? Are their recipients within or outside of my organization?

 

Links to More Info

Learn the Process

Digital Signatures

Keep your intellectual property secure by determining who can print, view, copy or comment on your PDFs. A tutorial by Don.

Best Practices for Digital Signatures

 

Choose the Right Digital ID for Your Needs

Following are scenarios for Digital IDs. Find the one that suits you and your organization.

 

I need to validate signatures within my organization or sign documents within my organization

Self-signed certificates are generally the best solution for this use. The upside of this solution is there are no other purchase requirements to make it work; the functionality is fully contained within Revu. The downside is that the certificate must be trusted manually by every person receiving the signed documents. The Digital ID is created by the person signing the document, who must provide this file to each recipient. Once the validity of the Digital ID is established, the recipient imports it in to their system and any subsequent files signed by and received from that sender will validate automatically.

 

In very large organizations, it may be beneficial to manage Digital IDs through Public Key Infrastructure (PKI) internally. For more information, see Managing Your Own Certificate Authority below.

 

I need to validate signatures from outside my organization

In this case you should require that the signers purchase a trusted third party Certificate Authority. Revu will validate certificates based on the Windows Certificate Store, PKCS#12, and Adobe CDS standards. For a list of vendors that are compatible with Bluebeam Revu, see below.

 

I need to sign documents to send outside my organization

You will need to purchase a Digital ID from a trusted third party Certificate Authority. The Certificate Authority will attest to your identity outside your organization. Revu allows documents to be signed with certificates based on the Windows Certificate Store and PKCS#12 standards. For a list of vendors that are compatible with Bluebeam Revu, see below.

 

Managing Your Own Certificate Authority

Very large organizations may consider managing their implementation of Public Key Infrastructure internally. This allows the organization to become the trusted third party CA that issues Digital IDs. PKI allows users within the organization to automatically trust each other once they are issued Digital IDs from their own PKI Management Group, usually a function of the IT Department.

 

The benefits of maintaining PKI internally include giving the organization full control over who to trust and revoke. Another advantage is that Digital IDs can be issued without paying a third party CA, which can become very expensive for enterprises. Implementing PKI is not entirely free however, as the PKI infrastructure must be configured, managed, and maintained by the organization.

A List of Recommended Certificate Authorities

You do not need to purchase a Digital ID certificate to self-sign, but if you decide you need to purchase a certificate from a third party CA, the following sources have been tested and are known to work with Revu.

 

 

Please contact a CA listed above to find out which Digital ID is most suited for you.

 

NOTE: Revu will validate documents signed with Adobe CDS but not sign with Adobe CDS.

In Depth: What is a Digital Signature?

A digital signature uses Public Key encryption methods to provide for a document's authenticity, integrity, and non-repudiation.

 

When you purchase a Digital ID certificate from a CA, you are issued a pair of keys, one private and one public. Data encrypted with your public key can only be decrypted with your private key (by you). Data encrypted by your private key works the opposite way: anyone can obtain your public key and decrypt it, and they can be sure that you were the sender since only your private key will encode information that your public key will decrypt.

 

Digital Signatures contain a hash of the original document encrypted with your private key. The process of validation decrypts the hash and compares it to a new hash made from the document as received. Thus by distributing your public key and the signed file, you can prove that you signed the document, that the document is the same now as it was when you signed it, and that no one could have impersonated you in order to forge your signature.

 

In order for this to be trustworthy, the receiver has to trust that the public key they acquire is genuinely yours. The easiest way to obtain that trust is to procure the public key from a trusted third party Certificate Authority. Windows has preinstalled support for some well-known CAs. The CA attests that the public key corresponds to the owner.

 

Different CAs have different procedures for validating the identity of certificate holders. In general some certificates validate only a particular email address and others add an additional layer of security, such as providing a physical token or authorizing the certificate by contacting the CA via a phone call. Your organization's specific requirements will determine the best suited third-party CA.

What is a Self-Signed Certificate?

If the claimant you are receiving the self-signed certificate from is known to you, you can choose to trust that certificate. This has the same effect as relying on the CA: once you trust that certificate, any documents signed with it and sent to you will validate.

 

Self-signed certificates are not issued from a third-party CA, so it's the user's responsibility to make sure he can trust the identity of the signer. This works well in small organizations where users see each other regularly, but can pose security risks if external organizations or claimants unknown to the recipients are involved.