PDFpen logo PDFpen logo

Help: Signing Documents

There are a few ways to sign a PDF document.

  • Sign a document with an image of your signature. This is most common. There are several ways you can apply it.
  • Sign a document securely with a digital signature using a digital certificate. Certain legal and governmental bodies require this. See below.

Adding a Basic Signature

Insert a scanned image of your signature into a PDF just as you would any other image. When you do, it's often necessary to make the background of the signature transparent.

  1. Scan your signature, crop it to size, and save it as an image file, such as JPEG, TIFF, or PNG.

    make transparent

  2. Drag and drop the image into the PDF from Finder. For other ways to insert an image see Adding an Image.
  3. With the signature selected, choose Edit > Make Transparent Image...
  4. In the window that opens, use the eyedropper to click on the background color of the signature. Usually this means anywhere on the white part. The Tolerance slider can adjust how sharp the edge of the the transparency appears.
  5. Click Make Transparent.
  6. If your signature appears too thin, choose Edit > Undo, and repeat Step 3 with decreased tolerance.
  7. Use resizing handles, with the Shift key held down to constrain proportions, to resize the signature to fit appropriately.

Tips for Adding A Signature

  • Once you've added your signature to a PDF, you can save it in the Library to reuse in the future. (See Library).
  • If your scanned image is too large, you can crop it first. (See Cropping Images).

Using an interactive signature field

signing field

PDFpen supports using the signature fields which come in certain forms. An interactive signature field aids in signing a form by providing a larger space to sign, and multiple ways to sign.

  1. Click in the signature field to open the field’s signing area.
  2. There are several ways to add a signature in this field, including drawing with with the mouse, drawing on the trackpad, or dragging in a signature from the library.

 

Digital Signatures

The goal of a digital signature is to provide a way for the document's recipient to verify the identity of the one who signed it, and that nothing has changed since it was signed. To accomplish this, digitally signing a document means applying a digital certificate to the document. This certificate is the way to ensure the integrity and authenticity of the document once signed.

  • Integrity
    Proves the document has not been altered. Nothing has been added, changed, or removed since the document was signed.
  • Authenticity
    Proves the document originated from a specific individual or organization.

Digital Certificates

When you open a document which was digitally signed, PDFpen will validate the digital certificate it was signed with and inform you whether the certificate is from a trusted source.

In order for you to digitally sign a document you need to obtain a digital certificate from a certificate provider, such as those on the Adobe Approved Trust List (AATL). This may involve purchasing a certificate, and may involve installing software from the provider.

What is a Digital Certificate?

A digital certificate is a piece of data, typically stored in files or on an external device, such as a secure USB dongle, which contains:

  • Identity information for a person or company, for example, a name, country and location
  • Public key, used to sign documents
  • Digital signature, typically of a trusted third party

Along with your digital certificate you create a private key. Unlike the public key which helps make up the certificate, the private key is typically stored on your system keychain where other secure items, like passwords, are stored. Documents are signed using this private key. Your digital certificate, containing your public key, along with your identity information and the digital signature, is embedded in any documents you sign. It's safe to give your public key to others. You must keep your private key secure.

Security

Digital certificates have a "chain of trust", which begins with a root certificate, may include intermediary certificates, and ends with the certificate of a person or company. Adobe's applications only trust signatures with root certificates from the Adobe Approved Trust List (AATL).

Just because a certificate is verified as trusted does not mean it always must be so. For example, if you lose your laptop or your secure USB dongle someone else could gain access to your private key, which means the integrity of the certificate has been compromised. In an event such as this it's possible to revoke the digital certificate.

Issuers of digital certificates maintain systems to check whether a digital certificate has been revoked or remains valid. One system is called the Online Certificate Status Protocol (OSCP), and the other is Certificate Revocation Lists (CRLs). PDFpen is capable of checking both, as necessary.

Validation

When you open a PDF with a digital signature using PDFpen, the following steps occur to validate the signature:

  • The signed content of the document is validated to ensure it hasn't changed
  • The signature of the certificate is tested to ensure the certificate is valid
  • The chain of trust of the certificate is validated
  • The expiration date of the certificate is considered
  • The certificate is checked against OSCP or CRLs to ensure it hasn't been revoked

States of Validation

When you view a signed document in PDFpen the document will display one of three states.

  • Pass
    You see a green badge in the upper right corner of the document. The document passed all of the above tests.
  • Conditional Pass
    You see a yellow badge in the upper right corner of the document. The document passed all of the above tests, but the root certificate is not trusted.
  • Fail
    You see a red badge in the upper right corner of the document. The document failed one or more of the above tests.

Hover your cursor over the validation icon badge for information about the validation. Click on it to see the certificate details.

Signing a PDF with a Digital Signature

  1. Add a signature field to the document. Either click the Signature Field button sign button in the Form Elements palette of the editing bar, or choose Tools > Signature Field from the menu bar.
  2. Double-click on the signature field and draw your signature.
  3. Click Apply Digital Signature and choose your digital certificate from the Select Signing Identity drop down menu.
    You may see several options in the drop down list, look for the issuer of your certificate.
    You may be prompted to allow PDFpen to access your keychain. You must allow this to apply the digital signature.

Please note that only digital certificates from Adobe Approved Trust List (AATL) issuers are trusted by the Adobe applications.

Smile's testing, as of February 2016, suggests that only DigiCert and GlobalSign offer digital certificates compatible with use on OS X. Each requires special driver software from the certificate issuer.

Self-Signed Certificates

It's possible to create your own digital certificate, rather than obtaining one from an issuer. This is called a self-signed certificate. Self-signed certificates do not have a chain of trust and cannot be revoked. Therefore, they are not suitable for establishing the authenticity of a document. They're only suitable for verifying document integrity.

Create a Self-Signed Certificate

  1. Add a signature field to the document. Either click the Signature Field button sign button in the Form Elements palette of the editing bar, or choose Tools > Signature Field from the menu bar.
  2. Double-click on the signature field and draw your signature.
  3. Click Apply Digital Signature. In the menu which appears click Create A New Identity.
  4. Enter your Name and Email address and click Create. Now you can select your new certificate from the list.

© 2003-2016 SmileOnMyMac, LLC dba Smile. All rights reserved.
PDFpen and PDFpenPro are registered trademarks of Smile. The Smile logo is a trademark of Smile.