![]() They revoke the Certificate from January, and the signature is no longer valid. Company B signs a PDF in April, and in September finds out their identity.They revoke the Certificate from April, but the document signature remains valid the digital identity was un-compromised at the time of signing. Company A signs a PDF in January, and in September finds out their identity.Usually when working with Certificates we're interested in their current state, but for a signed PDF we're actually interested in what the state of the Certificate was at the time of signing. But they have been largely superseded by OCSP, which allows the status to be verified in real-time. A CRL (Certificate Revocation List) is, amazingly enough, a list of revoked Certificates, published at semi-regular intervals by the party that signed them. However, even this isn't enough once you consider Certificate Revocation.Ī certificate can be revoked at any time, and there are two common methods to check if this has happened. ![]() This means that the Certificate is signed by another Certificate, and so on up the chain until we reach a trusted root - a self-signed Certificate which we consider trusted and have in our KeyStore. The more technically minded will validate the signature, which confirms that the signature is unaltered, and that is signed by a Certificate which we trust. When presented with a digitally signed document, most will probably just accept it at face value. ![]()
0 Comments
Leave a Reply. |