Use digital signatures

The Adobe Acrobat Sign Digital Signature workflow is available to all levels of service

Feature description

Digital Signatures are a type of Electronic Signature that uses a certificate-based Digital ID, obtained either from a cloud-based trust service provider or from the signer's local system.

A digital signature, like a conventional handwritten signature, identifies the person signing a document. Unlike a handwritten signature, a certificate-based signature is difficult to forge because it contains encrypted information that is unique to the signer. It can be easily verified and informs recipients whether the document was modified after the signer initially signed the document.

Adobe Acrobat Sign supports digital signatures by simply placing the Digital Signature field on a form (either via Text Tags, drag and drop in the Acrobat Sign Authoring environment or authoring in Adobe Acrobat with Acroforms).

Time Stamps

Time stamps are a critical component of both the US and EU signature compliance standards when applying digital signatures. 

The time stamp acts as a locking mechanism for both the signer’s identity and the document itself.  Identity can be established in a number of ways (certificate, logon, id card …) but the time stamp has to be provided by a trusted and authorized time stamping authority (TSA). 

The time stamp guarantees the Long-Term Validity (LTV) of the signed agreement by locking the signature as well as the document.  Essentially providing a lock for the lock.  This is critical for digital signature compliance because personal signing certificates can expire, while the time stamp LTV can be renewed over time without changing the validity of the signature.  The LTV time stamp assures the certificate was valid when applied and extends the validity of the signed agreement beyond the time scope of the signer’s actual certificate.


The Time Stamp evidence is displayed in the digital signature appearance using the ISO 8601 notation

Qualified Timestamp for e-IDAS compliance in the European Union

All accounts on the Acrobat Sign EU1 instance in Europe have e-IDAS compliant Qualified Timestamps being applied by default. (Know what instance you are on)

How it's used

For Senders

From the Senders perspective, all that is required is for a Digital Signature field to be placed on the document that is being sent.

For Document/Template Authors

Each recipient can have, at most, ten digital signature fields assigned to them within an agreement. Any additional signature fields that are needed can be of the standard e-signature field type.

Keep in mind that just because one signer is using a digital signature, that does not mean that any other signers are required to. It's perfectly allowable to have only your internal signers apply digital signatures while external signers use the e-signature field type (or vice versa).



If the recipient is expected to sign the document by downloading the file and applying their own digital signature certificate, only one digital signature field is allowed.

If multiple digital signature fields are present on a document, the option to download and apply a local signature is not available to the recipient.

Digital signatures applied online require the recipient to use a Cloud Signature issued by a supporting TSP

When multiple signatures are applied for one recipient, each field should have a unique name. e.g., {{digsig1_:signer1: digitalsignature}}, {{digsig2_:signer1: digitalsignature}}, and so on.

If a digital signature text tag name is duplicated, Acrobat Sign automatically renames the fields by adding a "-n" appendix, where 'n' is a number starting from 1 and is incremented for each duplicated field name found. e.g., {{digsig1_es_:signer1:digitalsignature}} will become {{digsig1-1_es_:signer1:digitalsignature}} and {{digsig1-2_es_:signer1:digitalsignature}} and so on.

Using Drag and Drop Authoring

Template creators will find the Digital Signature field in the Signature Fields section of the Authoring environment.

Below you can see the e-signature field on the left, and the digital signature field on the right.

Digital signature field

Text Tag Syntax

The syntax for a digital signature field uses the argument :digitalsignature

For example: {{digsig1_es_:signer1:digitalsignature}}


Building forms in Acrobat

Like all other field types, you can replicate the functionality of a Text Tag when building your documents in Acrobat by renaming the field to contain the full text tag with all arguments (but not the brace pairs on either end).

The Signer's experience

Because digital signatures are certificate-based, signers need to obtain a Digital ID before they can apply their signature. This Digital ID can be obtained from one of several cloud signature providers, or by applying the signature using Adobe Acrobat or Acrobat Reader, using a local Digital ID.

The Acrobat Sign solution walks the signer through the process:

  • Open the agreement, and fill in any required fields
  • Choose from existing Digital IDs, or create a new one
  • Apply the signature

Once the signature is applied, the signature cycle continues as normal.

Open the agreement and fill in the fields...

Signers are notified via email, and instructed to open the agreement by clicking the Review and sign button

Review and Sign email


Once the document is open, the signer can read the document and fill in any fields that are needed. All required fields need to be completed before the signer can advance the signature process.

Mousing over the digital signature field prompts a text balloon with additional instructions.


Clicking the field opens an overlay asking the signer to select one of two paths:

Select the appropriate option and click Next


A new overlay is presented, asking the signer to select an identity provider from a drop-down.

  • Only providers listed in the drop-down can be used 
  • Signers that do not have a permissible Digital ID can click the Click to get a new Digital ID link, and be routed to obtain a new Digital ID from one of several cloud signature providers
  • Once they have established a new Digital ID, they can return to the signature process.


The identity provider challenges the signer to authenticate to their service


Once successfully authenticated, the signer is presented with a list of valid Digital IDs to choose from.

  • Select the Digital ID
  • Click Next


A preview of the signature is presented.

  • Click Edit Signature to:
    • Manually sign via mouse or touch pad
    • Upload a signature image
  • Click OK when ready to proceed


The signer is returned to the agreement and prompted to Click to Sign


The identity provider then may require an additional, second-factor authentication.

eg: The below provider requires a static PIN, established when setting up the Digital ID, and a one-time password.

  • Enter any required values, and click OK


When the second-factor authentication is successfully entered, the document is signed, and a success message is displayed.

AAdhaar signature



Digital signatures applied via the “Download and Sign with Acrobat” option must use Adobe Acrobat or Adobe Acrobat Reader XI v11.0.7 or later.

After selecting Download and Sign With Acrobat, an overlay is prompted describing the process

  • Click OK


The blue Continue to Sign button pops up from the bottom of the window when all required fields have been filled.

  • Click Continue to Sign

Download and open the PDF in Acrobat or Adobe Reader

Clicking the Continue to Sign button launches the download page


If you do not have Acrobat or Adobe Reader, you need to download and install it. At the bottom of the page is a link (>Get it Here) to Adobe Reader, a free to use PDF viewer.


Click the Download Document button, and Acrobat (or Reader, depending on what application you have installed) opens the PDF.

At the top of the Reader window is a blue banner indicating that a digital signature is needed.

A yellow tab indicates where to click and place the signature

Create a new Digital ID

Clicking the signature area opens a dialogue box showing any certificates available. 

If valid Digital IDs are already present:

If no certificate can be found, only the buttons to Configure New Digital ID are available


After clicking the button to create a new Digital ID, you are presented with the configuration panel. Here you find three options:

  • Use a Signature Creation Device - Used when you have a physical device that you connect to your local system.
  • Use a Digital ID from a file - Used to import an existing Digital ID from a networked file
  • Create a new Digital ID - Used when you do not have an existing Digital ID that you can access

Select Create a new Digital ID and then click Continue


The panel changes to ask where you want to store the Digital ID:

  • Save to File - This option stores the Digital ID on your local system, and makes the Digital ID available for Adobe-based signatures
  • Save to Windows Certified Store - Saving the Digital ID to the Windows Certified Store saves the Digital ID in a way that makes it available to applications other than Adobe Reader / Acrobat

Select Save to File, and click Continue


The panel refreshes to show the details of the Digital ID.

Make sure that all fields are correctly filled in, and click Continue.


The next panel asks you to provide a password for the Digital ID.

You need to enter this password every time you attempt to apply your digital signature.

Once you have entered your password, click Save to complete the creation of your Digital ID.


You are then returned to the first panel showing all of your Digital IDs.

Select the Digital ID to use, and click the Continue button

Apply the signature

After clicking Continue, the panel refreshes to show the visual representation of your signature object.

You can use it as-is, or you can further customize the look of the object.

To customize it, click the Edit button at the top right of the panel, which loads the Customize panel.

At the top of the Customize panel, notice that the same signature options exist as in the App.  You can opt to replace the default font with either a drawn signature, or an image.

Make any edits you like, and then click Save to save the new format.


This returns you to the previous screen, asking for your Digital ID password.


Type the password for the chosen Digital ID into the field that says Enter the Digital ID PIN or Password and click Sign.

The Digital ID panel disappears, and the PDF updates to show a new blue banner at the top, indicating that the signature is valid.  Additionally, a small pop-up window appears, confirming the successful digital signature.


Click OK and close the PDF, the signature process for this recipient is complete!

Below is an example of a normal e-signature field on the left, and a digital signature on the right

History and Audit Report

The History tab, and the related Audit Report, are slightly different than a standard e-signature report in that they have an additional event: Document digitally signed

In the example below, you can see that the first signer has one "e-signed" event, and that is all.

The second signer has both an e-signed event as well as a digitally signed event.

The reason for this is the digital signature process takes place in two parts.  The part you do in the web browser (filling in the fields), and the part that you do on your local desktop (applying the digital signature certificate).

When the signer completes the field portion and clicks the Submit and Proceed to Sign button, the input content is uploaded, and pressed into the PDF. This is what the e-signed event indicates.

When the digital signature is applied, the digitally signed event is posted.


Keeping in alignment with the History information, you can see that the audit report also reflects the two stages of the signature process.

How to configure

The Digital Signature workflow can be enabled at the Account level by the Acrobat Sign Account Admin.

  • Group level settings are permitted and will override the Account level values.

To access the Account level settings, navigate to: Account > Account Settings > Digital Signatures

Digital Signature tab

There are several options that can be configured to manage the signature experience:

Enable signers to import their digital signature from one or more sources:

  • Download and Sign With Acrobat - Allows the signer to use a self-certified signature
  • Cloud Signatures - Enables the option to use a cloud-based digital signatures for your signers, which makes digital signing also possible on mobile devices
    • If digital signatures are important to your signing process, enabling the cloud-based option is strongly recommended.

Select the digital signature providers you will accept.  Only options selected will be available to signers.

You can define a preferred vendor, which sets that vendor as the default.

  • If only one vendor is allowed, the selection process is bypassed during the signature process

Aadhaar signatures

Aadhaar signatures are available to enterprise accounts at an additional per signature cost, which must be configured prior to use.

Customers that need to obtain Aadhaar signatures can contact their Success Manager or their Sales contact to discuss volume and start the configuration process.

External signers are defined as any email address not within your Acrobat Sign account.

  • Internal signers being all of the users defined within your Acrobat Sign account

If you would like to create a different signature experience for external signers vs internal, you can enable a second set of the above options that apply only to external signers.

For example, you may want to be more permissive in the signature vendors for external signers, or provide different instructions for how to obtain a signature for internal signers.

Show Signing Reason

Some compliance requirements demand that a reason for an applied digital signature be noted by the signer. eg: Title 21 CFR Part 11 and SAFE-BioPharma compliance.

If digital signatures are being used to fulfill a compliance demand, consult with your legal team to determine if you should also require a signature reason within the signature process.

To access the controls, click the Bio-Pharma Settings link

If you need advanced signature controls, refer to the BioPharma page >

Restricted Cloud Signature Providers

There are some providers that restrict access to their service only to pre-authorized customers. This means that the service will not be accessible until the provider has authorized the account to use it.

During the activation process, these providers require the subscribing customer to provide their Account or Group ID to configure the service. Once authorized by the provider, your users will be able to use the restricted service.


The Account ID is truly a property at the account level. All groups from an account share the same Account ID. If the restricted provider is authorized for an account, it becomes authorized for all groups of that account.

If the provider is authorized for a group using the Group ID, then only that identified group is authorized to use the service.

Digital Signature Format options

PKCS#7 is the default format governing the digital signature for most (non-EU) Acrobat Sign accounts.

Accounts on the European (EU1) shard use PAdES format (ETSI EN 319142) by default to meet eIDAS compliance.

Any account level admin can request to have this setting changed from one format to the other by sending a request to the Acrobat Sign Support team.

This feature can be enabled and configured at the group or account level.


RSA-PSS is a signature scheme that is based on the RSA cryptosystem and provides increased security assurance relative to the older RSA-PKCS#1 v.1.5 scheme. 

The Acrobat Sign implementation of RSA-PSS does not require any configuration on the part of the Account Admin.

  • When “Cloud Signature” is chosen, and the signer’s Digital ID supports both RSA-PSS and RSA-PKCS#1, the RSA-PSS signature scheme is used by default.
  • When “Sign with Acrobat” is chosen, the use of RSS-PSS or RSA-PKCS#1 depends on the signer's settings in their Acrobat application
  • Acrobat Sign fully supports CRL and OCSP responses that are signed with the RSA-PSS scheme.
  • The use of the RSA-PSS scheme is required to comply with Germany-specific requirements for Qualified Electronic Signatures.

Things to Know

The digital signature workflow forces the agreement into a unique process. Because of the special handling required to get the signature affixed, there are several limitations to be aware of.

  • Each signer can have only one digital signature field assigned to them when downloading the document and signing with Acrobat. Cloud-based signatures can support up to 10 digital signature fields per recipient. (Aadhaar and Singpass are not supported.)
  • Web forms don't support digital signatures.
  • Send in Bulk does not support Download and Sign With Acrobat signatures. Cloud-based digital signatures work as expected.
  • Digital signatures are not supported in Microsoft Office Desktop apps, as they're designed to work inside a browser environment. Alternatively, you can use the Office Web apps from your browser.
  • Digital Signatures disable Limited Document Visibility. All recipients will see all pages.
  • Signers on Mobile devices can only apply a cloud-based digital signature.
  • Cloud-based Digital ID using OAuth authorization mode are not supported in Fill & Sign feature.
  • Fill & Sign feature does not support signing with Aadhaar service provider.
  • Users sharing their content or accounts with advanced sharing enabled cannot use digital signatures.
  • eVaulting cannot be used in conjunction with digital signatures.
  • File attachments can only be applied by the first signer. Subsequent signers that attach new files invalidate all previous digital signatures.
  • Transaction Number fields will convert a digital signature into an electronic signature.
  • The optional setting to Keep documents separated (when more than one is used to create the agreement) isn't currently supported. The document can only be returned as a single, complete file.


Pridobite pomoč hitreje in preprosteje

Ali ste nov uporabnik?

Adobe MAX 2024

Adobe MAX
Konferenca o ustvarjalnosti

14.–16. oktober v Miami Beachu in spletu

Adobe MAX

Konferenca o ustvarjalnosti

14.–16. oktober v Miami Beachu in spletu

Adobe MAX 2024

Adobe MAX
Konferenca o ustvarjalnosti

14.–16. oktober v Miami Beachu in spletu

Adobe MAX

Konferenca o ustvarjalnosti

14.–16. oktober v Miami Beachu in spletu