Slightly OT - i need the proper wording for a signed document

Stefan Claas stefan.claas at posteo.de
Fri Nov 2 15:42:40 CET 2018


Am 02.11.18 um 15:20 schrieb Dirk Gottschalk:
> Hello Stefan.
>
> Am Freitag, den 02.11.2018, 12:53 +0100 schrieb Stefan Claas:
>> Hi Wiktor,
>>
>> thanks a lot! Now this is awesome... i just timestamped my already
>> signed .pdf with Adobe Reader DC and this does not invalidate my
>> qualified signature, when saving the document again! :-) I must admit
>> i did  not know this.
> You mean, you "tampered" with the file and the signature is still
> valid? Are you sure? Then Adome does sometging really bad, IMHO.
>
> Such a signature should ensure that the file is unmodified completely.
> otherwise somebody can modify it in a way that could be used as a
> backdoor to the signature, at least in theory.
Hi Dirk,

i did not tampered with the file, i simply used the function
in Adobe Reader DC to let it *add* a time stamp to my
document and then saved it again.

I strongly assume that it is also possible that someone
else can sign my .pdf too with a qualified signature and
this will also not invalidate my qualified signature, unless
of course someone would *edit* my document.

This would then mean in reality, that for example
a "boss", team-leader or whoever prepares a contract
signs it and then lets other parties sign this document
too and all involved parties have then a multiple signed
and valid document.

You can check two added (one from freetsa and another
commercial one which is in the EU list) timestamps i
added to my greetings.pdf on keybase.

Regards
Stefan
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3852 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181102/f720e760/attachment.bin>


More information about the Gnupg-users mailing list