The Adobe Sign Digital Signature workflow is available to all levels of service

Feature description

Digital Signatures are a type of Electronic Signature that uses a certificate-based Digital ID, obtained either from a loud-based trust service provider, or from the signer's local system.

A digital signature, like a conventional handwritten signature, identifies the person signing a document. Unlike a handwritten signature, a certificate-based signature is difficult to forge because it contains encrypted information that is unique to the signer. It can be easily verified and informs recipients whether the document was modified after the signer initially signed the document.

Adobe Sign supports digital signatures by simply placing the Digital Signature field on a form (either via Text Tags, drag and drop in the Adobe Sign Authoring environment, or authoring in Adobe Acrobat with Acroforms).

Sig Image

Time Stamps

Time stamps are a critical component of both the US and EU signature compliance standards when applying digital signatures. 

The time stamp acts as a locking mechanism for both the signer’s identity and the document itself.  Identity can be established in a number of ways (certificate, logon, id card …) but the time stamp has to be provided by a trusted and authorized time stamping authority (TSA). 

The time stamp guarantees the Long-Term Validity (LTV) of the signed agreement by locking the signature as well as the document.  Essentially providing a lock for the lock.  This is critical for digital signature compliance because personal signing certificates can expire, while the time stamp LTV can be renewed over time without changing the validity of the signature.  The LTV time stamp assures the certificate was valid when applied and extends the validity of the signed agreement beyond the time scope of the signer’s actual certificate.


Qualified Timestamp for e-IDAS compliance in the European Union

All accounts on the Adobe Sign EU1 instance in Europe have e-IDAS compliant Qualified Timestamps being applied by default. (Know what instance you are on)

e-IDAS cert

How it's used

For Senders

From the Senders perspective, all that is required is for a Digital Signature field to be placed on the document that is being sent.


For Document/Template Authors

Each recipient can have, at most, one digital signature field assigned to them within an agreement. Any additional signature fields that are needed can be of the standard e-signature field type.

Note that just because one signer is using a digital signature does not mean that any other signers are required to. It's perfectly allowable to have only your internal signers apply digital signatures while external signers use the e-signature field type (or vice versa).

 

Using Drag and Drop Authoring

Template creators will find the Digital Signature field in the Signature Fields section of the Authoring environment.

Below you can see the e-signature field on the left, and the digital signature field on the right.

Authoring

Text Tag Syntax

The syntax for a digital signature field uses the argument :digitalsignature

For example: {{digsig1_es_:signer1:digitalsignature}}

Note:

As previously stated, there can only be one digital signature field per signer in each document.

If you add more than one Digital Signature for a signer (e.g., {{digsig1_:signer1: digitalsignature}} and {{digsig2_:signer1: digitalsignature}}), only the first is preserved and the others are automatically removed when the document is sent for signature.


Building forms in Acrobat

Like all other field types, you can replicate the functionality of a Text Tag when building your documents in Acrobat by renaming the field to contain the full text tag with all arguments (but not the brace pairs on either end).

Acrobat

The Signer's experience

Because digital signatures are certificate-based, signers need to obtain a Digital ID before they can apply their signature. This Digital ID can be obtained from one of several cloud signature providers, or by applying the signature using Adobe Acrobat or Acrobat Reader, using a local Digital ID.

The Adobe Sign solution walks the signer through the process:

  • Open the agreement, and fill in any required fields
  • Choose from existing Digital IDs, or create a new one
  • Apply the signature

Once the signature is applied, the signature cycle continues as normal.


Open the agreement and fill in the fields...

Signers are notified via email, and instructed to open the agreement by clicking the Click here to review and sign link

please sign email

 

Once the document is open, the signer can read the document and fill in any fields that are needed. All required fields need to be completed before the signer can advance the signature process.

Mousing over the digital signature field prompts a text balloon with additional instructions.

DigSig Field

 

Clicking the field opens an overlay asking the signer to select one of two paths:

Select the appropriate option and click Next

Signature Fork

 

A new overlay is presented, asking the signer to select an identity provider from a drop-down.

  • Only providers listed in the drop-down can be used 
  • Signers that do not have a permissible Digital ID can click the Click to get a new Digital ID link, and be routed to obtain a new Digital ID from one of several cloud signature providers
  • Once they have established a new Digital ID, they can return to the signature process.
Select IdP

 

The identity provider challenges the signer to authenticate to their service

IdP Authentication

 

Once successfully authenticated, the signer is presented with a list of valid Digital IDs to choose from.

  • Select the Digital ID
  • Click Next
Choose ID cert

 

A preview of the signature is presented.

  • Click Edit Signature to:
    • Manually sign via mouse or touch pad
    • Upload a signature image
  • Click OK when ready to proceed
Digital Signature Preview

 

The signer is returned to the agreement and prompted to Click to Sign

Click to Sign

 

The identity provider then may require an additional, second-factor authentication.

eg: The below provider requires a static PIN, established when setting up the Digital ID, and a one-time password.

  • Enter any required values, and click OK
Second factor authentication

 

When the second-factor authentication is successfully entered, the document is signed, and a success message is displayed.

otp_success


Aadhaar signatures

Customers in the India (IN1) datacenter have Aadhaar compliant signatures configured by default. 

Adhering to India's strict requirements for online data management, Adobe Sign accounts in the India datacenter now manage data entirely within the country's borders. 

Aadhaar ID Panel

Download and Sign With Acrobat

After selecting Download and Sign With Acrobat, an overlay is prompted describing the process

  • Click OK
Local Instructions

 

The blue Continue to Sign button pops up from the bottom of the window when all required fields have been filled.

  • Click Continue to Sign
local continue to sign


Download and open the PDF in Acrobat or Adobe Reader

Clicking the Continue to Sign button launches the download page

Get Adobe page

Note:

If you do not have Acrobat or Adobe Reader, you need to download and install it. At the bottom of the page is a link (>Get it Here) to Adobe Reader, a free to use PDF viewer.

 

Click the Download Document button, and Acrobat (or Reader, depending on what application you have installed) opens the PDF.

At the top of the Reader window is a blue banner indicating that a digital signature is needed.

A yellow tab indicates where to click and place the signature

In Acrobat


Create a new Digital ID

Clicking the signature area opens a dialogue box showing any certificates available. 

If valid Digital IDs are already present:

If no certificate can be found, only the buttons to Configure New Digital ID are available

Choose Certificate

 

After clicking the button to create a new Digital ID, you are presented with the configuration panel. Here you find three options:

  • Use a Signature Creation Device - Used when you have a physical device that you connect to your local system.
  • Use a Digital ID from a file - Used it import an existing Digital ID from a networked file
  • Create a new Digital ID - Used when you do not have an existing Digital ID that you can access

Select Create a new Digital ID and then click Continue

Choose Cert Type

 

The panel changes to ask where you want to store the Digital ID:

  • Save to File - This option stores the Digital ID on your local system, and makes the Digital ID available for Adobe-based signatures
  • Save to Windows Certified Store - Saving the Digital ID to the Windows Certified Store saves the Digital ID in a way that makes it available to applications other than Adobe Reader / Acrobat

Select Save to File, and click Continue

Save to File

 

The panel refreshes to show the details of the Digital ID.

Make sure that all fields are correctly filled in, and click Continue.

Filled in cert

 

The next panel asks you to provide a password for the Digital ID.

You need to enter this password every time you attempt to apply your digital signature.

Once you have entered your password, click Save to complete the creation of your Digital ID.

Passwords for Cert

 

You are then returned to the first panel showing all of your Digital IDs.

Select the Digital ID to use, and click the Continue button

Select ID


Apply the signature

After clicking Continue, the panel refreshes to show the visual representation of your signature object.

You can use it as-is, or you can further customize the look of the object.

To customize it, click the Edit button at the top right of the panel, which loads the Customize panel.

edit your sig

At the top of the Customize panel, notice that the same signature options exist as in the App.  You can opt to replace the default font with either a drawn signature, or an image.

Make any edits you like, and then click Save to save the new format.

 

This returns you to the previous screen, asking for your Digital ID password.

Apply Sig

 

Type the password for the chosen Digital ID into the field that says Enter the Digital ID PIN or Password and click Sign.

The Digital ID panel disappears, and the PDF updates to show a new blue banner at the top, indicating that the signature is valid.  Additionally, a small pop-up window appears, confirming the successful digital signature.

acrobat_success

 

Click OK and close the PDF, the signature process for this recipient is complete!

Below is an example of a normal e-signature field on the left, and a digital signature on the right

Applied Sig

History and Audit Report

The History tab, and the related Audit Report, are slightly different than a standard e-signature report in that they have an additional event: Document digitally signed

In the example below, you can see that the first signer has one "e-signed" event, and that is all.

The second signer has both an e-signed event as well as a digitally signed event.

The reason for this is the digital signature process takes place in two parts.  The part you do in the web browser (filling in the fields), and the part that you do on your local desktop (applying the digital signature certificate).

When the signer completes the field portion and clicks the Submit and Proceed to Sign button, the input content is uploaded, and pressed into the PDF. This is what the e-signed event indicates.

When the digital signature is applied, the digitally signed event is posted.

History

 

Keeping in alignment with the History information, you can see that the audit report also reflects the two stages of the signature process.

Audit Report

How to enable or disable

The Digital Signature workflow can be enabled at the Account level by the Adobe Sign Account Admin.

Group level settings are permitted, and will over-ride the Account level values, but cannot be configured within the customer facing UI. Contact Adobe Support if you want to set group level settings. 

To access the Account level settings, navigate to: Account > Account Settings > Signature Preferences > Additional Settings

NAv to Settings


Configuration options

Allow cloud-based signatures

Enabling digital signatures only enables local digital signing by default.

By checking the Allow cloud-based signatures option, you enable the option to use cloud-based digital signatures for your signers, which makes digital signing also possible on mobile devices.

If digital signatures are important to your signing process, enabling the cloud-based option is strongly recommended.

release notes

Show Signing Reason

Some compliance requirements demand that a reason for an applied digital signature be noted by the signer. eg: Title 21 CFR Part 11 and SAFE-BioPharma compliance.

If digital signatures are being used to fulfill a compliance demand, consult with your legal team to determine if you should also require a signature reason within the signature process.

If you need advanced signature controls, refer to the BioPharma page >


Digital ID Provider Preselection

A number of options for identifying which digital ID providers you will accept is also available.

These preselection options allow the admin to define:

  • Internal and External recipient discretely
  • A preferred vendor
  • Access to restricted providers (eg: BankID)

Refer to the Digital ID Provider Preselection article here >


Digital Signature Format options

PKCS#7 is the default format governing the digital signature for most (non-EU) Adobe Sign accounts.

Accounts on the European (EU1) shard use PAdES format (ETSI EN 319142) by default to meet eIDAS compliance.

Any account level admin can request to have this setting changed from one format to the other by sending a request to the Adobe Sign Support team.

This feature can be enabled and configured at the group or account level.


RSA-PSS

RSA-PSS is a signature scheme that is based on the RSA cryptosystem and provides increased security assurance relative to the older RSA-PKCS#1 v.1.5 scheme. 

The Adobe Sign implementation of RSA-PSS does not require any configuration on the part of the Account Admin.

  • When “Cloud Signature” is chosen, and the signer’s Digital ID supports both RSA-PSS and RSA-PKCS#1, the RSA-PSS signature scheme is used by default.
  • When “Sign with Acrobat” is chosen, the use of RSS-PSS or RSA-PKCS#1 depends on the signer's settings in their Acrobat application
  • Adobe Sign fully supports CRL and OCSP responses that are signed with the RSA-PSS scheme.
  • The use of the RSA-PSS scheme is required to comply with Germany-specific requirements for Qualified Electronic Signatures.


Things to Know

The digital signature workflow forces the agreement into a unique process. Because of the special handling required to get the signature affixed, there are several limitations to be aware of.

  • Each signer can have only one digital signature field assigned to them
  • Widgets do not support digital signatures
  • Mega Sign does not support Download and Sign With Acrobat signatures. Cloud-based digital signatures work as expected
  • Digital Signatures disable Limited Document Visibility. All recipients will see all pages.
  • Digital Signatures cannot be delegated by any means: Recipient role, Signer delegation, or Replace Signer
  • Signers on Mobile devices can only apply a cloud-based digital signature
  • Cloud-based digital signatures are not supported when signing from Internet Explorer or Edge browsers when Protected Mode is turned on.
  • Users that are sharing their content, or accounts that have advanced sharing enabled, cannot use digital signatures
  • eVaulting cannot be used in conjunction with digital signatures
  • File attachments can only be applied by the first signer. Subsequent signers that attach new files invalidate all previous digital signatures
  • Transaction Number fields will convert a digital signature into an electronic signature

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy