Xml data signatures, Establish long-term signature validation, Add verification information at signing – Adobe Acrobat XI User Manual
Page 407
400
Electronic signatures
Last updated 1/14/2015
If the PDF Portfolio approval or certification is invalid or has a problem, the Signature Badge shows a warning icon. To
view an explanation of the problem, hover the pointer over a Signature Badge with a warning icon. Different warning
icons appear for different situations.
For a list and explanation of each warning, see the DigSig Admin Guide at
XML data signatures
Acrobat and Reader support XML data signatures that are used to sign data in XML Forms Architectures (XFA) forms.
The form author provides XML signing, validating, or clearing instructions for form events, such as button click, file
save, or submit.
XML data signatures conform to the W3C XML-Signature standard. Like PDF digital signatures, XML digital
signatures ensure integrity, authentication, and non-repudiation in documents.
However, PDF signatures have multiple data verification states. Some states are called when a user alters the PDF-
signed content. In contrast, XML signatures only have two data verification states, valid and invalid. The invalid state
is called when a user alters the XML-signed content.
Establish long-term signature validation
Long-term signature validation allows you to check the validity of a signature long after the document was signed. To
achieve long-term validation, all the required elements for signature validation must be embedded in the signed PDF.
Embedding these elements can occur when the document is signed, or after signature creation.
Without certain information added to the PDF, a signature can be validated for only a limited time. This limitation
occurs because certificates related to the signature eventually expire or are revoked. Once a certificate expires, the
issuing authority is no longer responsible for providing revocation status on that certificate. Without conforming
revocation status, the signature cannot be validated.
The required elements for establishing the validity of a signature include the signing certificate chain, certificate
revocation status, and possibly a timestamp. If the required elements are available and embedded during signing, the
signature can be validated requiring external resources for validation. Acrobat and Reader can embed the required
elements, if the elements are available. The PDF creator must enable usage rights for Reader users (File > Save As Other
> Reader Extended PDF).
Note: Embedding timestamp information requires an appropriately configured timestamp server. In addition, the signature
validation time must be set to Secure Time (Preferences > Security >Advanced Preferences > Verification tab). CDS
certificates can add verification information, such as revocation and timestamp into the document without requiring any
configuration from the signer. However, the signer must be online to fetch the appropriate information.
More Help topics
Add verification information at signing
1
Make sure that your computer can connect to the appropriate network resources.
2
Ensure that the preference Include Signature’s Revocation Status is still selected (Preferences > Signatures > Creation
& Appearances: More). This preference is selected by default.
3
Sign the PDF.