|
|
|
|
|
|
by metafunctor
911 days ago
|
|
|
There are many ways, but a popular option is to add a “PDF Advanced Electronic Signature” (PAdES) compliant approval signature on the PDF file. You can tack on as many of these on a PDF as you wish, and they have a visual component you can control and place where you want. Most PDF readers support these and can verify the signatures using a PKI system similar as is used with HTTPS. Adobe Reader is a popular choice. Notably Apple's Preview.app does not support verifying PDF signatures. In the EU, often a personal key on a tamperproof personal device is used. In many EU countries these are readily available to citizens and the resulting signatures carry the signer's name, a unique personal ID code, and have the same legal effect as a handwritten signature. This is called a "qualified electronic signature". Qualified trust service providers verify the identities of people and provision the hardware to them. The EU system is great in that when creating or verifying signatures, you don't necessarily need a service provider at all — the software is free. Of course a good system can help managing signature invitations, the documents, archival, reminders, etc. But it's not needed for security; in fact the most secure way would be to not give your documents to a third party at all. Alternatively, the e-signing providers private key can be used to create a seal on behalf of the person signing. It's then up to the security of the e-signing provider, how they validate the signer's identity, etc, to decide how trustworthy such a signature is. |
|
|
One subtle problem in this setup is the trust list. Abode effectively has their own trust bit sovereign rights, while EU has it's own trust list (which doesn't always match with a list of qualified providers as per EU-conforming states). Then US federal government has it's own trust list.
So it's the usual PKI problem.