Putting Digital Signature on PDF in Ubuntu 20.04

Question

Adobe Acrobat DC on windows support this feature. While snap package adobe acrobat is partially functional on linux, as it logs incompatibility message.

So actually I am looking for signing my offer letter pdf for joining I want to do it on ubuntu 20.04. Is there any software (long term supported) for that?***

Requirement:

I will be putting my name in the signature in text or image form.
The whole thing will get digitally signed by some encryption algorithm.

Mostly what I am getting is merely signing and securing the document but not a visible signature. Any wayout?

I believe that you can do that in LibreOffice, although I am not sure of the details. — Eagle_Mike, Mar 11 '21 at 16:26
@Eagle_Mike the signature line method is in libre office writer, pdf opens in libre office draw — Sayan Dey, Mar 11 '21 at 17:23

score 5 · Answer 1 · edited Feb 10 '22 at 05:53

5

Not recommended (options 1): use deb installation commercial Foxit https://www.foxit.com/pdf-editor/ or online solution.

Not recommended (options 2): long way to install w$ on VirtualBox and use the latest Abode Reader DC or try to use deb installation Adobe Reader 9.

Recommended (options 3): In Ubuntu install apt-get install xournal add annotate picture as sign and sign all document by yours pgp key.

Sign:

gpg --clearsign --output=sign_file.pdf file.pdf

Verify:

$ gpg --verify sign_file.pdf
gpg: Signature made czw, 3 lut 2022, 12:45:58 CET
gpg:                using RSA key 14644CCD80A59C3A15E226568C199B37E09FA079
gpg: Good signature from "xxxxx" [ultimate]
gpg:                 aka "xxxxxx" [ultimate]

You can add this command to filemanager-actions

Credit: How do I digitally sign a PDF with a S/MIME certificate?

pdf xournal pgp signature

edited Feb 10 '22 at 05:53

Zanna

70,465

answered Feb 03 '22 at 12:04

C2RLOS

59

Thanks I just tried this out, exactly what i want except the ux is a bit difficult to work with. – Sayan Dey Feb 14 '22 at 05:49
There's a spanish open source signature tool called AutoFirma which can: sign pdfs, binary and xm files with advanced signatures (complying PAdES, CAdES and XAdES standards) and verify those signatures. – erny Mar 27 '23 at 17:26
The method "recommended" by this answer is incompatible with PDF signatures (it's a GPG signature which can be understood only by the GPG program). Furthermore, the resulting file will not actually be a PDF file (it will be a GPG-wrapped file), and it might not open in a PDF reader. – Vladimir Panteleev Mar 26 '24 at 09:10
Quoting GPG's documentation: "A signed document has limited usefulness. Other users must recover the original document from the signed version, and even with clearsigned documents, the signed document must be edited to recover the original." The PDF format supports native signing capabilities, and I think it's misleading to recommend GPG to sign PDF files. – Vladimir Panteleev Mar 26 '24 at 09:16

score 2 · Answer 2 · answered Mar 27 '24 at 19:41

The answer depends on how exactly you plan to digitally sign your document.

The whole thing will get digitally signed by some encryption algorithm.

Signing things in a void is generally not very useful.

Sure, you could create your own key pair and certificate authority and then sign the document with a signature derived from that, and maybe even put the public key on your website, person-mc-persington.com. But that doesn't stop someone else from doing exactly the same thing, and claiming that they are the real you, and that their signed document is legitimate while yours is a counterfeit, and that their website person-mc-persington.name is the actual real website. You see where this goes.

So, digital signing is usually done within the context of some PKI, or other structure where some authority has the role of verifying that people are indeed who they say they are, and only their private keys are signed such that the resulting document signatures indeed certify that the documents are signed by them. So, the answer to the stated question depends on what kind of document is being signed, and who is the recipient.

For example, if you are signing a legal document within the legal structure of the country of Spain, you will almost certainly want to use a certificate issued by that country's government. Usually, they will also provide you with a hardware card that will store the certificate and private keys, a USB card reader, as well as software that allows using the card/reader and signing the documents. If you're lucky, they will also provide a Linux version of the software, usually either in a .deb package file or a tarball.

For ad-hoc signing, there are services like DocuSign. These signatures don't certify much - only that a user with certain credentials clicked a button to sign a document. I believe there may be services which perform actual identity checks for the signers and thus provide a higher level of confidence in their signatures.

Some PDF signing software will allow you to apply a visible signature along with a digital signature at the time of signing. This is not the same as simply doodling on the PDF - the crucial difference is that such a visible digital signature will not invalidate any prior digital signatures, as a simple edit would.

Finally, there are decentralized "web-of-trust" structures, as used by PGP. However, unless the counter party is aware of and is already using such a signing scheme, it is unlikely to find much acceptance.

Putting Digital Signature on PDF in Ubuntu 20.04

2 Answers2