It is possible to use Adobe Acrobat Reader to “sign” documents. There are actually several levels of both security and complexity, so depending on what you want to do you can either choose the easiest, or the most secure (well, at least more secure). Here are the options:
- Add an image of your hand-written signature (easiest, but least secure).
- Add a digital signature using a self-signed certificate (more secure)
- Add a digital signature using a self-signed certificate and an image of your handwritten signature (fancy!)
- Add a digital signature using a certificate signed by a Certificate Authority (even more secure)
Contents
So Many Options
This topic can be confusing because an “on-line” signature can mean any of these, and each one is different from the others:
Option 1 is the easiest, and it’s basically a (less secure 1) replacement for the steps of a) printing something out, b) signing it with a pen, and then c) scanning it to send to someone else. The idea is that you load a photo of your personal signature into Acrobat Reader (or you create a signature with the mouse — but who can do that?) and then Acrobat Reader can overlay this signature onto your document. But this option is not the most secure, because after all, if you can add an image of a signature, so can someone else.
Option 2 adds a digital signature to the document, which is more secure. To set this up you create a “certificate” file, which is encoded by a password. (Adobe Reader helps you do this.) Whenever you want to sign a document you will simply type that secret password to add the signature. This is more secure than option 1, with not much extra work to set up at the beginning, so this is probably what you want to do. It’s still possible for someone to spoof a signature by just creating a digital signature with your name on it, but it won’t match the digital signature you usually use, so it will be possible to spot a forgery if someone checks it carefully — and Acrobat Reader can check signatures automatically. It can also show a warning if the document has been altered after it has been signed.
Option 3 is an extension of Option 2 which lets you add an image to your handwritten signature. The image could be anything, but the nice thing about this choice is that you can use an image of your hand-written signature so that it actually looks like you signed the document even to people who don’t know about digital signatures.
Option 4 adds extra authentication. Instead of creating a “self-signed” certificate (that’s what is done in Option 2) the certificate you use to sign is itself signed by a higher-level certificate, from what’s called a Certificate Authority (CA). This is how certificates work for secure web pages (those that use https rather than http) to avoid spoofing. This option is not currently available at SUNY New Paltz, and for everyday work documents that’s (probably) okay.
So there are really two options, and in Adobe Acrobat you choose them with two different tools:
- To “sign” a document with an image of your handwritten signature, select the Tools tab and then open “Fill & Sign“. [Details Below]
- To sign the document digitally using a certificate, select the Tools tab and then open “Certificates” [Details Below]
Either way, there is some initial set-up you have to go through the first time you sign document, and it’s a little bit different for each method. But after that the process is fairly quick and easy whenever you need to sign a document, no matter which one you choose.
1. Adding a Signature Image
A digital signature is more secure, but if you really just want to add an image of your hand-written signature then here is how to do it:
- Write your signature on a blank piece of paper, take a picture of it and save it as either a JPEG or PNG file. You’ll just have to add this image to Acrobat Reader the first time you sign something, and after that it will remember the image.
- Open a PDF document you wish to sign using Acrobat Reader, select the “Tools” tab and click on “Fill and Sign“.
- Along the top of your document you will see the Fill & Sign toolbar. Select “Sign Yourself”. (You can also change the color of your signature here: click on the circle to select a pen color.)
- If you have previously loaded an image of your signature, it will be shown and you can just select it. If you have not previously added a signature image then select “Add Signature”, and then..
- At the top of the window that pops up, select “Image”
- Use the file chooser to select the image containing your handwritten signature
- Press “Apply”
- Once you have a signature image loaded, click on it to select it.
- The image of your signature will appear over the document and you will already be dragging it around with the mouse. Place it where you want to add the signature. You can use the dot at the lower right corner to resize it, or you can use the smaller or larger “A” buttons to shrink or enlarge the image. You can also click on the image to drag it around for better positioning.
- Click anywhere away from the signature image to leave it in place. Click back on the signature image to modify the position or size. Once you save the document you will no longer be able to adjust the size or position of the signature.
(Note that on a Mac you can also do the same thing using the Preview app. While viewing the document you want to “sign” pull down Tools → Annotate → Signature. To load an image of your signature, click on “Manage Signatures…” and follow the directions. If you have already loaded an image then you can just click on it and it will appear overlaying your document. Drag it into place and resize it. )
2. Signing with a Certificate
Signing with a certificate is a true “digital” signature. Your certificate is a public key, signed by a private key (or by a Certificate Authority – but that option is currently not available at SUNY New Paltz), and used to create a digital signature. Adobe Acrobat will do all the heavy lifting to create your certificate (and private key) – all you have to do is answer some simple questions.
- When you want to sign a document using a digital certificate, click on the Tools tab and open “Certificates,” then click on the “Digitally Sign” button above the document.
- Use your mouse to drag out a rectangle where you wish to place the signature. (When you first start signing documents you will be prompted to do this, but you can turn that prompt off. If you turn the prompt off but you don’t sign things often then you might get stuck waiting at this point.)
- If you have previously created a signing certificate (a “Digital ID”) then it will be shown and you can select it. If you have not yet created a signing certificate then you will need to do that (only once), as follows:
- Select “Configure Digital ID”
- Select the option to “Create a new Digital ID”
- Select the option to “Save to Windows Certificate Store” to make your certificate public2
- Enter your Name, department, campus , and e-mail address.
- You will be asked to choose the Digital ID that you want to use for signing, and there is probably only one choice (though you can create multiple Digital ID’s if you wish — see below). Simply select that ID (it’s probably already selected) and press “Continue”.
- You can click the “Lock document after signing” checkbox if you want that option, but don’t do so if others need to add their signature. (If you saved your Digital ID to a file, instead of saving to the Windows Certificate Store, then you would have created a password to protect your private key, and you’ll have to enter that password now.)
- Press the “Sign” button to sign the document. You will be prompted to save the file, either using the same name and overwriting the original, or in a different file.
3. Digital Signature with Image
It’s possible (though a little bit more complicated) to create a digital signature which includes an image of your handwritten signature. How cool is that? If you are willing to go through a few extra hoops, this section describes how to do it
The way this works is that in Acrobat Reader your digital signature has the option to include an image, which is referred to by Acrobat Reader as a “logo.” And since it is Adobe, your “logo” has to be a PDF file — it can’t be a JPEG or PNG image. So you will need an image of your hand-written signature stored as a PDF file, however you manage to do that. One easy way is to use the OneDrive app on your phone to scan your handwritten signature as a document. On a Mac you can open the image with the Preview app and save as a PDF.
Once you have the PDF file on your computer, put it in the folder
C:\Users\<username>\AppData\Roaming\Adobe\Acrobat\DC\Security
where “<username>” is your own username on the computer. The “AppData” folder is hidden by default, so to view it you may have to select the View tab when looking at your home directory and check the box for “Hidden items”. This is where Adobe Acrobat stores PKI3 resources, so putting files here will make them more easily available to Acrobat Reader.
Since this is just an add-on to a regular digital signature, you should first create a “Digital ID” as described above under Signing with a Certificate. With this in place, start out to sign a document using “Digitally Sign” (you’ll have to highlight a rectangle even if you don’t intent to complete the process). Select the Digital ID and press “Continue”. Before you press the “Sign” button, press “Create” at the top of the pop-up. Now you will be able to customize the signature block, including adding the “logo” image. Above the display of how the signature will look, select “Image,” and then below the display click on “Browse”. You should see a list of files in the “Security” folder shown in the AppData path above, and this should include the PDF file of your hand-written image. Select it and press “Open”. Then press “Save” to save this customized signature block.
Now whenever you sign a document with this Digital ID you simply have to select the rectangle for the signature block and press “Sign” to add both a true digital signature and an image of your hand-written signature.
4. Certified Signatures and Certificate Authorities
Before describing how this works, it’s important to know that we don’t use this at SUNY New Paltz, or (as far as I can tell) SUNY in general. So this description is included only for completeness, and to point out that there is a more secure way to do digital signatures, which should be the goal.
A certified digital signature is sort of like having your signature witnessed by a Notary Public. The notary also signs and marks the document to insure that the person claiming to be the right person was the one who signed the document. In the digital world a Certificate Authority (CA) will create a digital signature of a person’s digital signing certificate, and this helps insure that the digital signature was not spoofed. A document could be signed by someone claiming to be you, but only your digital signature will include the certificate from the CA that verifies that it is legitimate.
Right now at SUNY New Paltz our digital signatures are “self-signed,” which means that there is no higher level of verification. That seems fine for now, but in the future you might expect digital signatures to be backed up with a SUNY Certificate Authority.
Managing Digital ID’s
It’s possible to have more than one Digital ID, and to delete one you don’t want to use, or export one that you want to use on another machine. To do any of this pull down the Edit menu to Preferences → Signatures and select “Identities & Trusted Certificates“.
- To delete a Digital ID select it (highlight it) and then click on “Remove ID”
- To export a Digital ID highlight it and click on “Export” . You can save the certificate to a file or have it emailed to someone, and you can save it in several PKI formats.
Notes and References
- Option 1 is slightly less secure than actually signing a document and scanning it, because anybody who can get an image of your personal signature can do the same thing ↩
- This makes your certificate public, so that others can verify your digital signature, but it does not publish your private key. The “Certificate Store” is “storage” for certificates, not a palace to buy them. Your private key is (presumably) encrypted with your Windows Live credentials. As a result, you don’t have to type in your password every time you sign a document, assuming you are logged in with your New Paltz ID. ↩
- “PKI” is Public Key Infrastructure, the technology that underlies digital signatures and public key encryption. ↩