Document changes
Incremental storage of signatures
Digital signatures (signatures) make it possible to sign a document at a certain stage and thus to fix it.
This exact processing state of the document, at the time of signing, can be restored at any time. All changes made after the signature are stored as an "incremental storage" (the so-called "increment") of the document. The addition of further increments is possible in principle, for example to apply further signatures.
The exact processing status of the document at the time of signing (the so-called "increment") can be restored on the basis of the signature, which is achieved by "incremental storage" of the document. The addition of further increments is possible in principle, for example in order to apply further signatures.
These increments are "incremental" in that they build on each other, each comprising the changes from the previous increment. The last existing increment is thus the preliminary final state of the document, which is usually represented in display programs.
Any direct change to the increment belonging to the signature automatically results in the signature becoming invalid or the checksum stored in the signature no longer matching the state of the document.
If another "increment" is added to a document, previous increments remain unchanged. If "increments" concern the same contents of a document, these contents are thus available in different, reproducible versions in the document and the exact state of the document at a certain point in time can thus be restored.
Change restrictions of signed documents
Signatures also restrict which subsequent changes to a document are permitted at all. Even if the processing state associated with the signature remains unchanged, signatures can still become invalid if certain unauthorized changes are made to a document.
The PDF specification (ISO 32000-1) defines various possible rule sets for this, but Adobe's "Technical White Paper: Adobe Acrobat 9 Digital Signatures, Changes and Improvements" of April 1, 2009 further restricts these for all Adobe products and adds additional restrictions.
General rule:
If such a rule set is chosen for a signature, it is considered a "certifying" signature. A document may contain only one "certifying" signature - it is therefore not possible to define other rules for subsequent signatures. If such restrictions are not directly selected for a signature, it is considered a "simple signature" - a document may theoretically contain any number of simple signatures.
If a simple signature is applied without defining change restrictions and a certifying signature is not yet available, the following changes to the document are possible (without invalidating the signature):
- Included forms may be filled in.
- Annotations may be added and edited.
- Additional signature fields may be added to forms in the document.
- Additional signatures may be added.
It is prohibited in this case:
- Add fields other than signature fields to the form.
- Modify page contents.
The following rule sets can be selected for certifying signatures:
Certify no changes - No changes are allowed, not even the addition of further signatures.
Certify form filling and signatures - Existing form fields may be filled in, additional signatures may be added.
Certify form filling, signatures and annotations - Existing form fields may be filled in, additional signatures may be added, and annotations may be added and edited.
Any changes to the document other than those listed here would risk invalidation of the signature, and no rule set exists that would allow unrestricted further editing of the document.
API {REST}: /signature: These restrictions can be selected when creating new signatures (under "signature" and "add") by the "certificationLevel" parameter.
You can use the "Execution settings" to configure whether and how strictly webPDF web services follow this and thus avoid modifications that would lead to the invalidation of existing signatures by throwing errors.