Home>FAQ>Document E-signature and Encryption Services FAQs

Document E-signature and Encryption Services FAQs

  • 1. What is MeSign Trusted Identity Validation Service? Why we need to complete the identity validation for MeSign E-sign services?


    MeSign Trusted Identity Validation Service is a free service for Professional Edition users. It is a professional identity validation service compliant with international standards provides users who purchase Document D-signature Service and Contract E-signature Service. All users who have purchased one of the above service need to provide identity proof document to complete the identity validation. This is because:

    To make an electronic document trustworthy, a PDF file must also be digitally signed with a document signing certificate containing trusted identity information. Same, the relevant international standards and the Adobe Approved Trust List (AATL) require CAs to issue PDF signing certificates to the users who has been validated strictly in accordance with relevant international standards. Only the identity validation has been completed can the PDF signing certificate of the relevant validation level will be issued. In other words, if user want to use Adobe trusted Document D-signature Service, the user must complete the identity validation.

    To make the signed electronic contract document trusted and has legally effective worldwide, the document must also be digitally signed by the Adobe Global Trust document signing certificate containing trusted identity information. The relevant international standards the Adobe Approved Trust List (AATL) require CAs to issue PDF signing certificates to the users who has been verified strictly in accordance with relevant international standards. Only the identity verification has been completed can the PDF signing certificate of the relevant certification level will be issued. In other words, if user want to use Trusted Contract E-signature Service, the user must complete the identity validation with MeSign;

  • 2. What are the technical principles of digital signature? And what is the HASH of the file?


    Digital signature adopts the PKI digital certificate technology to generate a fixed length digital string of a file for the signer. This string is the HASH of the file, sometimes referred to as a "fingerprint". The algorithm for the HASH can ensure that the original content cannot be obtained from the HASH data, which ensures the safety of the original content. This character string is also an effective proof of the authenticity of the identity of the sender of the file. It is a signature similar to the signature written on paper, which implemented by using the public key encryption technology used for identifying the authenticity of the digital information. Digital signatures usually define two complementary computing, one is used for signature and the other is used for signature verification. The unicity of the HASH of the file determines that once this HASH data is solidified, it can effectively prove the authentic identity of the signer and the non-repudiation of the signature behavior.

    The signer identity needs to be validated by an authoritative third-party CA and issue a signing certificate containing the validated identity information for digitally signing the PDF files. Users can use PDF signing tool software (such as Adobe Reader, Adobe Acrobat, MeSign APP, MeSign e-Signature System, etc.) to generate the HASH for the file to be signed, to sign the HASH data with user’s private key of PDF signing certificate, to plus other data (such as timestamp signature data and LTV data) and finally to write these data into the PDF files in a certain format to complete the digital signature of PDF files.

    The verification of the signature is generally completed directly by the PDF reader. When the user opens the signed PDF file with the Adobe Reader, the Reader will read the signature data, the public key of the signing certificate, the timestamp data and the LTV data, etc. in the file. Then the reader will calculate the document HASH based on the original file, and then compare this HASH data with the HASH data parsed from the signed data. If the two HASH data are consistent, then it proves that the file has not been tampered with. At the same time, it can prove the authentic identity of the signer by verifying the public key of the certificate, and also can judge the credibility of the signer’s identity by validating the root certificate of the signing certificate. If the validation is passed, the approval signature will display "Signed and all signatures are valid", and the certifying signature normally display the identity information of the signer.

    As the brief introduction of the entire signing process and the signature validation process stated above, you can see:

    1. (1) The PDF signing certificate must be a certificate trusted by Adobe Reader (or other readers), otherwise the signature cannot be validated automatically. In other words, the certification authority that issued the PDF signing certificate must be a CA that trusted by the reader. It is imposable to trust the root manually, one reason is that it is impossible to require all users to manually trust a root certificate, more importantly, if anyone can trust the root certificate artificially, then the PDF reader cannot guarantee the authority of the signing certificate, and cannot prevent the signature to be counterfeited;
    2. (2) Signing the PDF file not only guarantees the authenticity of the signer’s identity, which is necessary for signing an electronic contract, but also guarantees the integrity of the PDF file, preventing signed contract from being illegally tampered with.
  • 3. What are the technical principles of timestamp signature? Why does contract signing and document signing all need attach the timestamp signature?


    For e-commerce applications, such as electronic contract signing, electronic document signing, etc., there is a need to prove the contract signing time and document signing time, but the time on user’s desktop, mobile phone or server can be modified randomly. If users sign the contract with these time sources that cannot be trusted, then the credibility of the contract signing time cannot be guaranteed. Therefore, contract signing and document signing need a reliable and non-repudiation timestamping services provided by an authoritative third party.

    MeSign Contract E-signature Service and Document D-signature Service provide users with Adobe's global trusted timestamping service for free. The MeSign timestamping service is to bind a reliable date and time signed by the timestamp server with the specific electronic data to provide the trusted proof of time for PDF signature. Please refer to “MeSign Timestamping service introduction” for more details for the working principle of timestamp signature.

  • 4. How does MeSign E-sign Service guarantee the signed document can is still valid after the signing certificate expires?


    This question has been answered by Adobe, that is, LTV technology (Long Term Validation). With LTV technology, the signature can be valid for a long time. That is to say, as long as you can check that the signing certificate has not been revoked at the time of signing, then write the result of the certificate revocation query to the PDF file according to the LTV technical standards. Adobe Reader can verify this LTV data, although the signing certificate has been expired. If there is no issue with the signature, it will be displayed "Signature is LTV enabled".

    All PDF files signed with MeSign Service already support LTV. In addition, the document signing function, contract signing function and co-signing function provided by the MeSign APP, and the E-sign API Call Service, the deployment of MeSign e-Signature System all support LTV. This is very important, because the life cycle of the document must be longer than the validity period of the signature certificate. For all long-term valid documents, some electronic licenses (such as graduation certificates), contracts with a validity period of more than 3 years, etc., LTV must be supported, to ensure the signed document is valid for a long time even if the signing certificate has been expired.

  • 5. If the PDF file signed by MeSign E-sign Service has been tampered with illegally, what will the Adobe Reader display about this?


    One of the biggest functions of digital signatures is to prevent the signed document be illegally tampered, such as the amount of money on the electronic invoices being illegally tampered with or other important document contents being modified illegally. The PDF documents and electronic contract documents signed by MeSign Service all adopt the digital signature technology to ensure the authenticity of the signer's identity and to prevent illegal tampering. Once the document has been tampered with illegally, a big red cross will be displayed at the position of the electronic signature and it will prompt "At least one signature is invalid". Click here to download the signed PDF file has been tampered to see how this is displayed in Adobe Reader, only one byte of the signed file you download has been modified, and the content has not been modified.

  • 6. Does MeSign E-sign Service welcome any forms of marketing cooperation?


    Yes, we are welcome the marketing cooperation with various office automation software developers, various management system developers, supply chain management developers, system integrators, cloud service providers and other related manufacturers. Just adding a digital signature step in the process of generating the PDF files from the system and sending them directly to the user, then the entire business can completely realize the paperless. This step is very important. Without this step, there is no guarantee that the PDF identity generated by the business system is trusted, and that it cannot be counterfeited or tampered with.

    There are many ways to adding the step of digital signature of a PDF file to the existing business system process. It can be implemented by API calls which is a pay-as-needed service. Just submit the HASH of the file to be signed to MeSign Service System, to protect the confidential information of end users' documents effectively. If the user does not understand PDF programming, you need to purchase the MeSign e-Signature System to achieve the document signing locally.

    There are many unique technical advantages of using MeSign E-sign Service to realize the digital signature of PDF files. For details, please refer to the second core Q & A question. There are two most fundamental core advantages: first, protecting the privacy information on your customers’ documents, because, MeSign does not require users to submit the documents to be signed to MeSign e-Signing Service System. The second advantage is that all digital signatures are all signed by the Adobe global trusted PDF signing certificate and are attached the Adobe global trusted timestamp signature, to ensure the documents are global trusted and have legal effect globally.

    Cooperating with MeSign, because we have various solutions to meet the different needs of users. There must be a solution to meet your customers' needs. We can not only offer the best cooperation price to our partners, but also have the best signature technology and the best technical support, please contact us to jointly develop this vast market in Document E-Signature.