About the verification of the qualified vs advanced electronic signature, in PDF documents

Verification of an electronic signature is a mandatory step that the interested party must take - the natural or legal person who invokes / relies on that electronic signature.

When we use validation software such as Adobe Acrobat Reader DC (one of the most common, especially since many electronically signed documents are .PDF files), it is generally pre-configured to automatically validate a certificate relative to the EUTL trust list at European Union level, according to eIDAS Regulation no. 910/2014.

Validating an unqualified certificate (eg. advanced signature) using Adobe Acrobat Reader requires that the user establish the Trusted Certification Authority - but here we must be very careful, as there is a risk of configuring a trust authority other than the correct one. For example, we can choose the trusted "Certification Authority of the Ministry of Interior", when in fact the correct authority is the "Certifying Authority of the Ministry of Administration and Interior". We end up validating a practically false document.

Taking into account these aspects, we present below the validation of a qualified electronic signature, respectively of a (potentially) advanced one, using Adobe Acrobat Reader DC.

Qualified electronic signature

A qualified signature appears in Adobe Acrobat Reader as valid (green check mark) and contains information about checking it against the European Trusted List. Easy-to-verify graphics are displayed that give users a level of confidence such as:

Green check mark and the text “Signed and all signatures are valid”;

Source of the information used to validate the signature is indicated: “Source of Trust obtained from the European Union Trusted Lists (EUTL)” (trust in the signature is given by the European Union secure lists);

European Union's trustmark (blue padlock with the EU flag) and the identification of the electronic signature as qualified.

 (potentially) Advanced electronic signature

A possibly advanced electronic signature is not automatically validated in Adobe Acrobat Reader. Because the application cannot display information about it, the user is warned that the signature is not trusted by the following:

Yellow triangle with the exclamation mark and the text “At least one signature has problems”;

Text indicating that the identity of the signer cannot be validated: "The signer's identity is unknown because it has not been included in your list of trusted certificates and none or its parent certificates are trusted certificates.".

In conclusion? The validation process is the easiest (therefore cheapest) and safest for an interested party in the case of qualified electronic signature, precisely because the qualified signature is the ONLY type of advanced signature for which Regulation 910/2014 fully specifies the technology (technical solution and procedural) used for its creation, including stipulates the obligation of the qualified provider to provide support to the signatory and compensation in case it was his fault.

Categories
1