PRIVACY! Is it important for you? Can you compromise with it? Of course , A big NO!
We all know that how much privacy matters to all of us. We can’t compromise our privacy at any cost. To maintain this privacy, we sometimes spend thousands of dollars just because we don’t want anyone to interfere in our job.
In this article, we will be discussing about privacy issue. Let us take an example ! You send important data in the form of PDF across the internet but have you wondered that how much secure your PDF would be when it would roam around the internet? If by chance ,hackers tapped your document, change the content in it and send it to the target, and the end user believed the tampered document then ,what ? GAME FINISHED?
In this article we are gonna talk about a similar situation and how can you prevent the same. So let’s see how can we protect the integrity of our document and verify the credibility of the document target received.
We will use the concept of asymmetric Cryptography in which the sender digitally sign the PDF using his own private key and send the document digitally along with the Key. These pair of keys are generated with complex algorithms. These asymmetric cryptography is the best way to maintain integrity as the sharing of keys is restricted between the sender and receiver and it becomes impossible to crack due to complex algorithms.
TOOL WE WILL USE:
We will be using the Adobe Acrobat Reader DC and the sample digitally signed PDF which we downloaded from the internet.
CASE 1: WHEN WE RECEIVE THE DOCUMENT FROM A TRUSTED SOURCE BUT IT IS NOT TRUSTED BY THE READER
- Suppose you received a digitally signed pdf from an authority and you open it with Adobe Acrobat Reader DC. A signature panel will appear in top asking to verify the signature or not. Here is our sample PDF with digital signature on the top right.
- Then first thing you have to do is check your trusted certificates from organization that is by default in your trust list. To view this list, go to the top menu Edit>Preferences>Signatures.
- Then go to Identities and Trusted Certificates>More>Trusted Certificates. Here you will get the list of certificates from some entities or organizations on which you trusts by default.
- Now if you trust the digital signature and the organization you just received the PDF from, you can able to verify from the information given on the certificate either with a telephonic conversation or by having a physical meeting with the sender. To verify the details, go to signature and right click on it. Then click on Show Signature Properties.
- Then, a dialog box will appear. Click on Show Signer’s Certificate.. Another dialog box will be opened.
Now you can go to the Details Section where you can see the Public key of the sender(verify from the sender whether it is his public key or not), MD5 and SHA 1 hash of the PDF sent(ask the sender to send the original hash of the PDF as this hash can only be changed if the content inside the PDF will change), issuer of the certificate(verify the identity of the sender).
CAUTION: If all the information above verifies, then only proceed to the next step.
- Then go to the Trust section in the dialog box and click on Add to Trusted Certificates. It will prompt a caution message, click OK. A new dialog box will appear asking for the level of trust that reader would be having on the newly added certificate in the future (this is the most important step as it will decide the trust level, so do it carefully)
- Now after verifying all the information, come back to the main dialog box and click on Validate Signature. The signature is verified.
Close the dialog box now and go to the Trusted Certificates in the Signature. You will be able to see the newly added certificate.
Important : It is better to trust the authorities which are trusted by your PDF Reader. Ask your sender to get verified from the Trusted Authorities instead of trusting the third party without any solid reasons.
CASE 2: WHEN WE WANT TO SELF-SIGN A PDF TO MAINTAIN INTEGRITY
There are cases when when you want to self sign a PDF that you design and then send it to the target so that integrity of the document can be maintained. To digitally sign a PDF :
- Again go to Edit>Preferences>Security>Identities and Certificates>More. Then go to the Digital IDs and click on + sign on the top left in the dialog box.
- It will ask you to choose between Digital ID exist on your system or Create a New Digital ID. Select Create a New Digital ID.
- Next, you have to choose where you want to store the new digital ID file either a New PKCS#12 digital ID File or Windows Certificate Store. Choose New PKCS#12 digital ID File as it will be a digital file based Public Key Cryptography Standards (asymmetric cryptography) acceptable in most formats.
- In the next step you have to enter your details( only name and email ID is mandatory). Keep the key generation algorithm as 2048-bit RSA as it is the most complex algorithm.
- Click on Next. You will be asked to select a location where you want to store this digital ID on your system and create a password for your Digital ID. Enter the password and finish the process.
- Now your newly created digital ID will appear in the Digital IDs section along with the certificate.
- In the next step you have to open a PDF to which you want to insert the digital signature. Here, we will show this on a sample PDF.
- Now go to Tools. Select Open Certificates.
- Now as you can see a top bar is created in the appearance of your PDF. Now click on the option Digitally Sign. An action box will appear. Select OK.
- After accepting the message. Select the area where you want your digital signature should appear. After you have selected an area, it will ask you to select the Digital ID. Select the recently created Digital ID.
- Now click continue. Change the appearance if you want. Now enter the password for the Digital ID you created and finally click Sign.
- Now again see your document, the digital signature will appear on the area which you selected.
Send this document to whom you want to send and tell your receiver to follow the steps as dicussed in Case 1!
Suggestion : It is better that your digital signature and certificate should be verified by a trusted authority so that the end user will get a more sophisticated reason to trust on your identity.