Slightly OT - i need the proper wording for a signed document
stefan.claas at posteo.de
Fri Nov 2 15:42:40 CET 2018
Am 02.11.18 um 15:20 schrieb Dirk Gottschalk:
> Hello Stefan.
> Am Freitag, den 02.11.2018, 12:53 +0100 schrieb Stefan Claas:
>> Hi Wiktor,
>> thanks a lot! Now this is awesome... i just timestamped my already
>> signed .pdf with Adobe Reader DC and this does not invalidate my
>> qualified signature, when saving the document again! :-) I must admit
>> i did not know this.
> You mean, you "tampered" with the file and the signature is still
> valid? Are you sure? Then Adome does sometging really bad, IMHO.
> Such a signature should ensure that the file is unmodified completely.
> otherwise somebody can modify it in a way that could be used as a
> backdoor to the signature, at least in theory.
i did not tampered with the file, i simply used the function
in Adobe Reader DC to let it *add* a time stamp to my
document and then saved it again.
I strongly assume that it is also possible that someone
else can sign my .pdf too with a qualified signature and
this will also not invalidate my qualified signature, unless
of course someone would *edit* my document.
This would then mean in reality, that for example
a "boss", team-leader or whoever prepares a contract
signs it and then lets other parties sign this document
too and all involved parties have then a multiple signed
and valid document.
You can check two added (one from freetsa and another
commercial one which is in the EU list) timestamps i
added to my greetings.pdf on keybase.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3852 bytes
Desc: S/MIME Cryptographic Signature
More information about the Gnupg-users