Digital Signature in PDF

Mobile working

The importance of keystore, PEM, and TSA

Secure IT processes play a major role in business environments, because companies must protect confidential data, defend against cyberattacks, and meet legal requirements. In webPDF, our powerful PDF solution for businesses, we therefore place special emphasis on security. One of webPDF's standout features is the ability to add digital signatures to PDF documents. To understand this process, let's look at the key technical components webPDF uses: keystore, PEM, and TSA.

The keystore - protection for key pairs and certificates

webPDF uses a keystore to securely manage private keys and certificates. A keystore acts as a secure vault for this sensitive information. To ensure integrity, the keystore is protected with a password. This ensures that only authorized users can access the keys and create digital signatures.

The PEM format - flexibility for keys and certificates

webPDF supports the widely used PEM format (Privacy Enhanced Mail) for importing and exporting keys and certificates. With PEM, users can easily import or export keys and certificates in webPDF. Exchange with other applications and systems is also straightforward. This simplifies integration and interoperability with various security solutions.

TSA - trusted timestamps for digital signatures

Another important feature that is essential for digital signatures is integration with a Time Stamp Authority (TSA). A TSA provides trusted timestamps for digital signatures. These timestamps make it possible to prove the exact time a signature was created and help ensure that signatures remain valid over the long term.

Cryptographic hash function for a unique verification value

Whenever a signature is created in webPDF, the PDF document to be signed is signed using an X.509 certificate, which is used to identify and verify authenticity, together with a private key. The private key is securely stored in the keystore. This is where the cryptographic hash function comes into play, generating a unique verification value for the document. This verification value is then encoded with the private key and added to the PDF document as a digital signature.

The digital signature is verified by extracting the verification value from the signed document. Using the public key that corresponds to the private key in the keystore, the signature is then decrypted. This restores the original verification value. By comparing the restored verification value with the document's current verification value, it can be validated whether the signature is still valid.

Why keystore, PEM, and TSA matter in webPDF

With the combination of keystore management, PEM format support, and TSA integration, webPDF enables the secure and trusted creation and verification of digital signatures in PDF documents. This is crucial for ensuring the integrity, authenticity, and legal validity of electronic documents in today's digital world.

See how to apply digital signatures with webPDF in this YouTube tutorial.

Learn more about the cryptographic hash function in this article.

For introductory information on securing documents with digital signatures, read Part 1, Part 2, and Part 3 on the webPDF blog.