PDF with e-signature

[myshafi44]

I have a requirement coming up to archive e-signed PDF into CMOD. This is my first time working with e-signed PDF's. I want to know what is the best way to archive e-signed PDF's and any documentation will be helpful.

I have the following questions too.

1. Most of our documents archived today in cmod are AFP's. Is there a possibility that I can get e-signed AFP version to archive and transform the same to e-sign PDF while accessing it?
2. There are going to be bank account numbers on the PDF's, is there any way I can mask the bank account numbers on the PDF's while displaying the same? Can I display the bank account numbers based on the users accessing the PDF's?

[Justin Derrick]

I suspect a few problems.

A digitally signed PDF can't be modified in any way -- not even to add indexing information inline -- otherwise the digital signature is broken, and the document becomes invalid.  This means you'd have to store the full-sized copy of the PDF, which defeats some of the advancements in PDF indexing in the newest versions of CMOD.

I also don't know what you mean by e-signed AFP.  I don't think this is something that's supported, unless you're talking about creating separate cryptographic signature(s) with an external tool like PGP. 

Also, referring back to my first paragraph, you can't redact or tokenize customer account numbers with signed PDFs, because doing so would modify the PDF file, breaking the signature.  The only way around this that I can think of, is that you'd have to encrypt the document at the same time it's signed.  But then you need to manage the credentials for that document.  It's a bit of a mess.

I know that none of these are helpful in achieving your goal, but hopefully they're a little enlightening.

-JD.

[Alessandro Perucchi]

The only thing I can add to what Justin just said is:

What do you mean by e-signature PDF? Do you mean something like PDF/A, PDF/X, or some PDF with added certificates from some company that allows you to ensure that your PDF is not printed where it should be printed, seen where it should and blocked otherwise, etc...??

I know there are some companies that creates certificates to be included in PDF, which allows a lot of behaviour, which are not found in PDF normally with these certificates, and maybe (to be checked), they offer the possibility to mask some part of a PDF (like customer number/name/address/...)... to be verified.
Such solution requires some servers to give/deny the rights to see/print/... with the PDF. Meaning that if you extract the PDF, but the person who wants to see the PDF doesn't have access to the verification server, you won't be able to do anything with this PDF.

Is that what you want?

Of course, you can add the functionality of the AFP to convert it into a PDF, then convert the PDF to a e-signature PDF, but that takes time to do such conversion.
You can archive the PDF with the e-signature, but what happens in 10 years? Will this e-signature be still valid? If yes, then in 10 years the certificate will certainly not be secure anymore... So you might need to extract ALL PDF with e-signature, and reapply the new e-signature, and re-archive them again... a long work.

this concept of PDF with e-signature, is really not an easy one, and it has a lot of advantages and disadvantages... you need to check with the vendor of the PDF with e-signature solution and ask them what you can do or not do.

CMOD will happily store them, and display them. Everything outside is not something that CMOD will be able to to do. This is done via 3rd party tools.
The only thing that CMOD could help, is the conversion from AFP to PDF, but even here, you must have a 3rd party conversion tool.

I hope I've given you some enlightenment too :-)

[myshafi44]

Thank you for your quick responses they are definitely useful. 

I am in agreement with “Digitally signed PDF cannot be modified”. Looks like I am going to end up loading the PDF’s as is using generic indexer with an inbuilt program I have written to create generic indexer file from the .csv file (with index information related to PDF file). These volumes are less so I don’t mind now to do this way or probably I don’t have choice as we use HP Exstream to generate the PDF’s.

Regarding security we are going to come up with the server level security where we store these PDF’s instead of encryption at PDF level.
 
Thank you once again for those insightful.

[Justin Derrick]

You can archive the PDF with the e-signature, but what happens in 10 years? Will this e-signature be still valid? If yes, then in 10 years the certificate will certainly not be secure anymore... So you might need to extract ALL PDF with e-signature, and reapply the new e-signature, and re-archive them again... a long work.

I have honestly never (even remotely!) considered this.  I wonder what the 'expiration date' is on the documents I sign with Adobe Acrobat are.  I'd never considered checking the certificate chain.  Hopefully it's far enough in the future that I can say that I'll be retired by the time that happens. 

-JD.