How to Validate Digital Signatures

What is a digital signature? You can use proof of identity to protect data from unauthorized changes. If you have the resources, you can write programs to generate and verify digital signatures. Once created, you can use the signature with various PDF tools on PDF documents.

You may also use third-party systems to generate and verify digital signatures. Signature verification is the opposite of signing data. When you verify data, you discover whether the data has changed or not.

Signature verification involves the use of the public key to decrypt the signature and produce the original hash value. Next, the data that was signed is hashed.

If the two hash values are identical, then the signature is verified. And if they do not match, then the signature is invalid. In this article, we are going to discuss how to verify a digital signature.

Verify Digital Signature on Email and PDF Document

The typical process of verifying a digital signature is the same. However, the commands or interfaces used to execute the process could be different. In this guide, we will consider Outlook and Kofax.

How to Verify an Email Digital Signature in Outlook

  1. Open the message with a digital signature.
  2. Look for the email address of the signer at the "signed By" status line. The email should match that of the "From" line. It's possible that the person that sent the email isn't the one that digitally signed it.

If there is a discrepancy, then you have to use the email address in the “Signed By” status line.

  1. You can now verify the signature by clicking on the certificate seal icon on the "Signed By" status line. To view additional information about the signer, you can click on "Details."
  1. If all the details check out about the sender, then the signature is valid. You can contact the sender if some details are incorrect.

There may be cases where the check signature check may fail. This can happen if the sender’s certificate has expired or the certificate authority (CA) has revoked it.

It can also happen if the server verifying the certificate takes too long to respond or is unavailable. And if a delegate sends the message, then their name will appear as the sender.

Overall, if the check fails, you must contact the sender to find out why.

How to Validate a PDF Digital Signature with Kofax

If you have a Power PDF installation, you can use it to verify a PDF digital signature. Here is how to verify a PDF digital signature in five steps.

  1. Open the digitally signed PDF whose signature you want to verify.
  2. Look for the digital signature object in the document.
  3. Command-click or right-click the signature object.
  4. In the context menu that pops up, click on the "Verify Signature."
  5. Power PDF will check the signature to verify if the document is in its original form. If it is okay, it will output the message "Signature Valid."

If there are other digital signatures on the PDF, then repeat steps 3 and 4. The signature verifier will output the message “Signature Validity Unknown” if the verification fails. In that case, you can contact the original signer to help you verify its authenticity.

You can view the contact information of the signer and signature certificate numbers by clicking on “Verify Identity.” If you require additional information, you can contact the owner directly.

Verify Digital Signature Time Stamps on Kofax

Some digital signatures have a timestamp element to make them more secure. The timestamp element includes the time and date the signature was created. This information is critical in businesses such as banking.

To verify timestamps, you can follow the steps below.

  1. Locate the signature on the signed PDF document.
  2. Follow the PDF digital signature verification outline above.
  3. When it outputs the "Validation Status," click on the "Properties" item.
  4. Select the Date/Time tab, and click the Show Certificate option.
  5. If it has a verified timestamp from a certificate authority, it will display it.

Check out our useful articles: