@biglesias
To add SignTime option,
We have opened the following new ticket(s) in our internal issue tracking system and will deliver their fixes according to the terms mentioned in Free Support Policies.
Issue ID(s): SIGNATURECLOUD-610
Hi, @biglesias, got your message. Empty password - ok, but I don’t see the pfx file in message. It was requested for investigation
@biglesias, Got the certificate file,
We have opened the following new ticket(s) in our internal issue tracking system and will deliver their fixes according to the terms mentioned in Free Support Policies.
Issue ID(s): SIGNATURENET-5079
BTW, SignTime option already implemented, it will be released within next version of GroupDocs.Signature Cloud, probably in v24.4
@sergei.terentev
Thank you.
And wow, SignTime already implemented! That was fast. Will look into when it’s released. Where will you post the changelog?
The v24.4 planned to be released before end of this month (04/24)
1 Like
Hello @biglesias!
Thank you for sharing the issue - I hope to help you asap, and keep the product more stable and useful for your process. Let me deep into the digital signatures (DS) process with PDF.
DS is used to verify the authenticity and integrity of the document content.
When a PDF is signed digitally using a Personal Information Exchange (.PFX) file, the document is essentially “sealed” with the signer’s private key. Here’s what happens in the process:
- Hash Calculation: The product calculates a hash (a kind of digital fingerprint) of the document’s contents.
- Encryption: This hash is then encrypted with the signer’s private key, creating the digital signature.
- Signature Embedding: The signature, along with the signer’s public key certificate (from the .PFX file), is embedded into the PDF.
(PFX contains the private and public keys)
When a second signature is added, the same process is repeated, potentially on a modified version of the document (including the first signature), and that Causes of Invalid Signatures
1. Incremental Saving: PDF supports incremental saves, where changes (including new signatures) are appended to the document without altering the original content. If the PDF software does not handle the incremental saves correctly, it can cause earlier signatures to appear invalidated.
2. Signature Validation Policy: Different PDF viewers and editors have varying policies on how they validate signatures. Adobe Reader, for example, checks both the certificate’s validity period and whether the certificate is trusted by the system or not.
Root Cause
When PDF is signed a second time with the new PFX certificate the previous certificate in the document has only the public key, so the new PFX certificate creates new hash, encryption, and signature embedding. This is when the first certificate becomes invalid.
Solution
Each time the user signs the PDF with the certificate
- With the current version of the software following your process the simples way will be to remove all digital signatures from the document.
Delete Digital signatures from documents | Documentation - Add the PFX certificate signatures of all users who signed the document previously.
It means on each save iteration the document will be cleared out from the previous signatures and new PFX certificates (1-2 or many will be added)
if you have each user unique PFX certificate you can keep in the metadata signatures some user identification
*For the new 24.4 version
For the upcoming version we will try to investigate possible incremental saving mode without document change but only adding the digital signatures.
Meantime may I ask you to share your process - how do you use software to understand better your needs, and suggest some ideas
Thank you!
1 Like
Hi @yuriy.mazurchuk ,
Thank you for the info.
Having incremental saving would be great. I’ll send you privately a file as an example on what we are trying to replicate.
Our process consist of the following:
With the user’s document stored on our servers, we send it to you for the first signature. We are using Image, Text and Digital types together. After signature I use the downloadFile API to bring the signed doc back to our platform where we store it back to our servers. The second signature might happen just after that, half an hour later, or even a year later. It’s dynamic and depends entirely on our clients. When it happens the above process is repeated just the same. We plan on using a corporate PFX certificate and would bring the metadata from our platform of each user to use as the info for the Text type signature.
@sergei.terentev
Tested the SignTime option already and it worked great, thanks! Signature no longer appears as signed in future.
Any news on v24.4?
Hi @biglesias
We are currently investigating this feature and expect to provide you with an update and information on the hotfix release by next week.
Please note that the upcoming 24.4 release will not include this extension.
In the meantime, I’d like to share some insights into what’s happening behind the scenes with GroupDocs.Signature. Every time a document is saved with signatures, the library records a change log and signature details in the document’s metadata. This functionality facilitates the tracking of document modifications and signature verifications. Each signature is stored with a unique identifier in the metadata.
Furthermore, we are working on supporting incremental digital signing, which allows changes to be documented without altering the content of the document itself. Implementing this feature requires significant code adjustments.
Thank you for your patience and understanding.
1 Like
Hi @biglesias
I am glad to inform you that we implemented proof of concept to respect incremental signing with the digital signatures only.
We will do our best to deliver this enhancement in the nearest 24.5 release.
Thank you!
1 Like