Signature validity is determined by checking the authenticity of the signature’s digital ID certificate status and document integrity. Depending on how you have configured your application, validation may occur automatically.

Set Signature Verification Preference

By default, Foxit PDF Reader will verify signatures when the document is opened, and will check the certificate revocation status while verifying signatures. If you want to change the setting, please go to File > Preferences > Signature, and click Change Settings in the Signing & Verifications group to control how and when signatures are verified.

Set the Trust Level of a Certificate

The signature of a certified or signed document is valid if you and the signer have a trust relationship. The trust level of the certificate indicates the actions for which you trust the signer.

To set the trust level:

·  Choose File > Preferences > Signature.

·   Click Change Settings in the Signing & Verifications group, and check the option(s) in Windows Integration group  to trust all root certificates in the Windows Certificate Store when validating signatures and certified documents.

Tip: You can specify the trust level for a specific certificate in Foxit PDF Reader Trusted Certificates list while adding and managing the trusted certificate. Please refer to Add Trusted Certificates and Manage Trusted Certificates for more information. If you configure different settings for the same certificate, settings with higher permissions will prevail. Remember that checking trust options may compromise security. Please make sure that you trust all the root certificates before enabling the features.

Check the validity of a signature

By default, Foxit PDF Reader verifies signatures when the document is opened. An icon appears on the left top of Signature Validation Status message box to indicate the signature status. The signature state appears in the Signature Panel.

• The question mark icon  indicates the signature is not validated.

• The check mark iconindicates that the signature is valid.

• The iconindicates that the signature is invalid. The document has been altered or corrupted since the signature was applied.

• The caution triangle icon  indicates the document was modified after signature was added; however, the signature is valid.

• The iconindicates the signature validity is unknown because the signer’s certificate isn’t in your list of trusted identities.

If you do not choose to verify signatures automatically when the document is opened in the Signature preferences, you can do any of the following to validate a signature manually:

• Choose Protect > Validate.

• Right-click the signature with Hand command, choose Validate Signature from context menu.

•  Select Hand command on toolbar and click the signature.

When you have checked “When document has valid but untrusted signatures, prompt to review and trust signers” option in Signature preferences with procedure-related notification message enabled, a notification message will be displayed on the document pane for you to review and trust signers if the signature (not including certified signatures) in your document is verified as valid but is applied by an untrusted signer with a certificate that doesn’t chain up to a trust anchor. To add the signer to your list of trusted certificates and trust all future signatures from the same signer, click Manage Trust on the notification message, and then choose Trust Signer for Future Signatures in the Manage Signature Trust dialog box. To manage your trusted signers in your trusted certificate list, please refer to “Trusted Certificate”.

If you open a certified PDF file with notification-related message enabled, Foxit PDF Reader will display a notification message informing you that the document is certified. You can click Signature Panel on the notification message to check the details about the document certification and signatures in the Digital Signatures panel. 

Long-term signature validation

Many business or other practical applications need digitally-signed documents to be verifiable for months or years after signing. However, the signed document can be no longer verifiable if the signer’s certificate has expired or been revoked, or with some other reasons. To reduce chances for error or fraud, Long Term Validation (LTV) is introduced for digital signatures in PDF, which is in compliance with Part 4 of the ETSI TS 102778-4 PDF Advanced Electronic Signatures (PAdES) standard.

When LTV is enabled, the document can be validated at any time in the future. To achieve long-term validation, the following are required:

 1.       The signature is verified using the secure time provided by a timestamp or at which the signature was applied.

 2.       The signed PDF has not been altered and the certificate has not been revoked or expired.

 3.       The certificate revocation status is embedded in the signed PDF. Embedding certificate revocation information can occur when the document is signed and saved. 

From the Signature panel, you can check whether the signature is LTV enabled or not after validation. In some cases, the certificate revocation information may not be embedded successfully in the document when you sign the document (especially when you are offline) and you will be informed the signature is not LTV enabled. You can right-click the signature and choose Add verification information to add the information to the signature.

Note: To use secure time for verification, after clicking Change Settings for Singing & Verifications in File > Preferences > Signature, select the Time at which the signature was created, or Secure time (timestamp) embedded in the signature if a trusted timestamp is embedded.

Check certificate revocation status

By default, Foxit PDF Reader will check the certificate revocation status while validating a signature if the certificate used to sign a PDF file chains up to a certificate designated as a trusted anchor. Revocation checks are performed based on the revocation information embedded in the digitally signed PDF document, the digital signature, or the Certificate Revocation List (CRL). To view the certificate revocation information, please do the following:

 1.   Do one of the following:

•   Choose Protect > Sign & Certify > Trusted Certificates, and double-click the certificate.

•   In the Digital Signatures panel, right-click the signature, choose Show Signature Properties, and then click Show Certificate.

2.  In the Certificate Viewer dialog box, click Revocation tab to view the revocation information, and click Singer Details to get more information on the source of the revocation information.

3.  (Optional) If you do not check Require certificate revocation checking to succeed whenever possible during signature verification option in Signature preferences, you can click Check Revocation in the Revocation tab to perform revocation check manually.

View Signed Versions of a Digitally Signed PDF

A signed version will be automatically saved each time you sign a PDF with a digital signature. If a digitally signed document was modified, you can still view the signed version without the modification. For a document digitally signed several times, you can view each signed version without the changes made after each signature was applied. All signed versions along with their corresponding digital signatures are listed in the Digital Signatures panel.

To view a signed version of a digitally signed PDF, do as the following:

1.   Open the signed document with Foxit PDF Reader.

2.   In the Digital Signatures panel in the navigation pane, select and expand a signature, and choose Click to view this version. Or right-click the signature in the document pane with the Hand command and choose View Signed Version from the context menu.

3.   Then this version will be opened in a new tab in the application window, with the title of “filename.pdf-Signed Version”. (Note: If the document has not been modified since the selected signature was applied, a prompt appears saying you are already viewing the version covered by the selected signature.)

4.   (Optional) Following each signed version in the Digital Signatures panel lists the changes made to the signed version. Clicking on one of the changes will jump to the related area in the document.

View Signature Properties

Signature Properties dialog box provides basic information about the signature, including the signer, reason, date, location validity summary and details of certificate, etc.

1.   Select the hand command.

2.   Right-click the signature, and choose Show Signature Properties from context menu.

3.   In Signature Properties dialog box, you can get the information as follows:

• Signed by – shows the signers that sign the document.

• Reason – displays the reason that you create the signature.

• Date – shows the date time when you signed the document.

• Location - shows which page the signature is located on.

• Validity Summary - checks whether the document was modified after it was signed, and other information.

• Show Certificate – Click it to open the Certificate Viewer dialog box. Click Show Certificate in the Certificate Viewer dialog box to view the details of the signature certificate (such as the validity of certificate and certificate path) and add the certificate to the Trusted Certificates list. See also Add a trusted digital certificate to the Trust Certificates list.

• Advanced Properties – Click it to open the Advanced Signature Properties dialog box where you can view the details about the signature and the embedded time stamp (if any). For the time stamp, you can click Show Certificate… in the Advanced Signature Properties dialog box to add the time stamp server to the Trusted Certificates list. See also Add a trusted digital certificate to the Trust Certificates list.
  

Note: If the status is unknown, click Show Certificate in the Signature Properties dialog box, then click Show Certificate in the pop-up Certificate Viewer dialog box to view the details of the certificate. Check whether the certificate has been included in your list of trusted identities. If your certificate is not trusted, click Install Certificate to install it to the trusted Windows Certificate Store. If you use a self-signed digital ID, confirm that the certificate details are valid. If the certificate isn’t valid, a valid certificate from signer is requested.