[Cialug] Document Signing Certificates
Todd Walton
tdwalton at gmail.com
Wed Oct 31 19:41:29 UTC 2018
Hey all,
I don't understand how this works. If I want to sign a PDF, in order
to let the person I give it to verify that it really came from me and
was not modified, then I need a document signing certificate that I
apply with whatever software I'm using. If I want to build an
application that will be generating PDF files and must sign them
before sending them out, then I need something automated.
1) Document signing needs its own special type of certificate, right?
2) Can one certificate be used to sign an unlimited number of
documents? The cert providers I've looked at don't seem to think so.
3) If I don't need FIPS compliance, can I just buy one certificate and
apply it and be done? (Until it expires, of course.)
There are essentially only two US-based companies that provide
document signing certificates for use with PDF files. One says their
cert will only sign 5000 documents. The other has a hardware token
you're supposed to use to periodically generate new certs, requiring
some kind of user input. But I'm not clear on whether that's only for
those requiring FIPS 140-2 compliance. (HITECH requires it, but we're
not subject to HITECH.)
--
Todd
More information about the Cialug
mailing list