Security experts found PDF digital signatures can not be trusted

On November 8th 2018 a research group shared a paper that demonstrates how to circumvent digital signatures in PDF files: the vulnerability will result in most common readers to show the signature as valid even if it is not.

A website that analyzes the issue and shows results of such vulnerabilities is available here: https://www.pdf-insecurity.org/index.html

Digital Signature is a mathematical scheme for presenting the authenticity of digital messages or documents. Once applied to a digital document by its author or creator, anyone can verify whether the document has been tampered or not, as well as who is the author (in PGP for example).

The main issue of Digital Signatures is that they are usually "bundled" within the file, or as a companion file to the original document. The overall meaning is that Digital Signatures are prone to tampering or removal by third parties that may have access to the document.

For this issue Rights Chain developed an on Blockchain Digital Signature solution that stores the signature in a Blockchain database.

Unlike other solutions that stores only the "hash" of a document in a public blockchain, resulting in a "timestamping" of the document using a public ledger, Rights Chain stores also additional information that can contextualize the signature for better identification and verification.

The document has no digital signature bundled within, so any modification to the file will result in a different hash of the document and therefore failing the digital signature verification.

The Digital Signature stored in the Blockchain supplies a timestamp of the registration, as well as a tampering proof storage where information can not be tampered, and the original document can be verified at any time using a simple web interface and uploading the file for verification.

Do you want to know more about our Data Protection solutions? Contact us.

Author

Sebastian Zdrojewski

Sebastian Zdrojewski

Director

Worked for 25 years in the IT industry facing cyber security, privacy and data protection problems for businesses. In 2017 founds Rights Chain, a project aiming to provide resources and tools for copyright and intellectual property protection for Content Creators, Artists and Businesses.

More information

Would you like more information about the content of this page or about our services and solutions?

Are you looking for a partner for your business who can help you better manage your intellectual property or creativity?

Contact us without obligation and we will be happy to provide you with all the information you need.