Using digital signatures

You can protect the integrity of forms by allowing people to use certificates to digitally sign forms. After the form is signed, the signed portion cannot be altered without invalidating the signature. The digital signature invokes a third-party signature handler that provides the required digital signature functionality.

Verifying the signature guarantees that no one tampered with the data after it was submitted. When someone signs a form, a message digest of the data to be signed is created, and a mathematical computation combines the person’s private key with the specified form data and encrypts them together. The output is a digital signature. This digital signature contains the signed data and the certificate information associated with the person who signed the form.

When the signature is verified, the individual's public key is used to decrypt the signed data and to obtain the digest value. The new digest value is calculated against the received document by using the same algorithm of the signing process. If the two digest values do not match, this means that the data has been tampered with since the form was signed, and the verification fails.

Digital signatures also bind certificates to the signed data. The certificate included in the signature can be authenticated to validate the identity of the person who signed the data.

The individual must have a digital certificate from an appropriate certificate issuer to sign the form. Adobe signatures support the Public Key Cryptography Standard (PKCS) #7, using the RSA MD5, RSA SHA-1 or DSA SHA-1 hash algorithm.

Designer contains the following two types of digital signatures.

Document signatures

Document signatures protect the appearance of form objects and the values they hold. To create a document signature, add a signature field to the form design. You can specify whether a document signature applies to an entire form or to a collection of objects on a form. By default, it applies to the entire form. If you want the document signature to apply to a collection of form objects, the signing party must use Acrobat or Adobe Reader 8.0 or later.

If the document signature applies to a collection of objects, it ignores static objects, such as circles and rectangles. It applies only to buttons, check boxes, date/time fields, decimal fields, drop-down lists, image fields, list boxes, numeric fields, paper forms barcodes, password fields, radio buttons, other signature fields, and text fields.

To sign the form, the user clicks the signature field. If the document signature applies to a collection of form objects, the objects specified in the signature are locked and set to read-only. Locking the objects prevents form recipients from changing the object values after the document is signed.

Data signatures

Data signatures secure the form data and guarantee the data integrity during transmission. To create a data signature, add a submit button, email submit button, or HTTP submit button, and select the Sign Submission option in the Object palette. To sign the data, the signing party must use Acrobat or Adobe Reader 8.0 or later.

Data signatures can apply to the form data only or to the entire submission, including any attachments such as annotations, document signatures, or PDF documents.

To sign the form data, the user clicks the submit button. When a user clicks the button, they must provide their signing certificate so that their digital signature is applied to the form data before it is submitted.

    To add a signature field

    Designer provides a built-in signature field that you can add to a form so that users can sign the data they enter. By default, the signature applies to all the objects on the form. If you want the signature to apply to a collection of objects on the form, you need to create the collection and then specify the collection in the Signature tab of the Object palette. For more information see Using signature fields.

    If the signature applies to a collection of objects, signing the document also locks the fields in the collection. If you add more than one signature field to cover different parts of the form, the first collection of objects is locked after the first signature field is signed and only the remaining fields can be filled in the form. For more information about object collections, see Using form object collections.

    When a signature applies to a collection of objects, it protects the value in the objects. The signature can also protect the appearance of the objects in the collection so that their original appearance is restored when the form is opened. The ability to protect the appearance of the objects depends on the Preserve Scripting Changes To Form When Saved option in the Defaults tab of the Form Properties dialog box. If this option is set to the default, Automatically, the appearance of the objects is automatically protected. However, if the option is set to Manually, you will need to write a script to restore the appearance of the objects.

    A signature field should not be repeatable and should not be inserted in a repeatable subform object. A form with repeatable signature fields is not valid and causes problems in Acrobat where the signature field may not appear at all.

    If signature covers a collection of objects, the objects in the collection should not be repeatable, because the number of objects can change and invalidate the signature. You can either remove the repeatable objects from the collection or use a data signature instead.

    To sign the form, the user clicks the signature field. To sign a collection of form objects, the signing party must use Acrobat or Adobe Reader 8.0 or later.

    1. In the Object Library palette, click the Standard category and drag the Signature Field onto the form design.

    2. (Optional) To apply the signature to a collection of fields on the form, click the Signature tab in the Object palette and select Lock Fields After Signing.

    3. (Optional) Create and select the collection:

      • Select New/Manage Collection.

      • In the Collection List dialog box, click New, type a collection name, press Enter, and click Modify.

      • In the Collection Editor dialog box, select the objects that you want to include in the collection and click OK.

      • In the Collection List dialog box, click Close.

      • Select the collection from the list.

    4. (Optional) Apply the signature to the fields inside or outside the collection:

      • To apply the signature to the fields inside the collection, select All Fields In Collection.

      • To apply the signature to the fields outside the collection, select All Fields Not In Collection.

    5. (Optional) Click Settings to define optional security settings, such as a signature handler or certificate revocation list.

    6. Use the palettes to format the appearance of the signature field.

    7. Save the form design.

    Considerations for adding multiple signature fields

    When you place a signature field on a form design, the Lock All Fields After Signing option is selected by default. This means all that all form objects will be locked after the field is signed.

    If you place more than one signature on the form design, and the Lock All Fields After Signing option is selected for at least one of the signature fields, all form objects, including all signature fields, will be locked after the form is signed.

    To ensure that all signature fields can be signed, create a collection of form objects that includes only one of the signature field objects, and make sure that the Lock All Fields After Signing option is selected. After this signature field is signed, all of the objects specified in the collection will be locked. Keep any remaining signature field objects outside of the collection, and deselect the Lock All Fields After Signing option for each one, so that these signature fields can still be signed.

    For more information about object collections, see Using form object collections.

    To test a signature field

    Use the Preview PDF tab to verify that the signature field behaves as expected. Before testing the form design, ensure that, in the Form Properties dialog box, you have set the default options for previewing an interactive form.

    To sign a collection of form objects, the signing party must use Acrobat or Adobe Reader 8.0 or later.

    1. Click the Preview PDF tab to view the form design as an interactive PDF form.

    2. Click in the signature field.

    3. In the Alert dialog box, select Continue Signing.

    4. In the Data Exchange File dialog box, select a digital signature or click Add Digital ID to create a new ID.

    For more information about testing forms, see Test and troubleshoot.

    To add a data signature to a submit button

    You can configure a submit button to create a data signature before submitting data so that users can sign the form data when they submit the form. Data signatures provide data integrity and authenticate the signing party during transmission. For example, you can use data signatures to secure the form data during automated transactions.

    To sign the data, the signing party must use Acrobat or Adobe Reader 8.0 or later.

    1. In the Object Library palette, click the Standard category and drag the Button, Email Submit Button, or HTTP Submit Button onto the form design.

    2. In the Object palette, associate a data signature with the button:

      • If you are using a standard button, in the Control Type area of the Field tab, select Submit, and then select Sign Submission in the Submit tab.

      • If you are using an email or HTTP submit button, select Sign Submission in the Field tab.

    3. (Optional) Click Settings to define optional security settings, such as whether the signature applies to the data only or to the entire submission.

    4. Use the palettes to format the appearance of the submit button.

    5. Save the form design.

    For more information, see Submitting data using a button.

    To use digital signatures in dynamic PDF forms

    If you add a digital signature to a dynamic PDF form, you need to preserve the state of the form when it is signed. Preserving the form state ensures that scripting changes in a form are preserved when a form is saved. For example, if some fields are hidden when a form is signed, those fields should remain hidden when the form is saved and reopened.

    The form state can be preserved automatically or manually. If it is automatically preserved, scripting changes are automatically preserved when the form is saved. If it is manually preserved, scripting changes are preserved through scripting when the form is saved. Use the delta script object and the preSave and initialize events to manually preserve the form state.

    For more information about the preSave and initialize events, see “Events” in Scripting Basics.

    If the form is not certified, you can preserve the form state automatically or manually. If the form is certified, you must manually preserve the form state. Automatically preserving scripting changes and restoring the form state invalidates the digital signature in a certified form.

    Note: If the form is certified, you can use data binding instead of scripts to determine the form state.

    You specify how the form state is preserved on the Form Properties dialog box.

    1. To display the Form Properties dialog box, select File > Form Properties and click Defaults.

    2. Select a Preserve Scripting Changes To Form When Saved option:

      • If the form is not certified, select Automatically or Manually.

      • If the form is certified, select Manually.

    // Ethnio survey code removed