Learn

What a digital signature actually proves

A valid digital signature on a PDF proves three things: the signed bytes haven't changed since signing, the signature was made with a specific private key, and the signing happened at or before the earliest trusted timestamp on the file. That's the whole list. It's a short list, but every item on it is provable with math rather than judgment, which makes it the strongest evidence a document can carry.

The trouble starts with what people assume gets proven alongside it.

What it does not prove

A signature doesn't prove the signer read the document. It doesn't prove the content is true. A signed lie is still a lie; the signature only proves the lie hasn't been edited since. It doesn't prove the signer was who the name says, unless the certificate behind it was issued by an authority that verified identity, and many aren't. And it doesn't prove the whole document is covered. A signature covers a defined span of bytes, and content added after that span is outside its protection.

The certificate question

Behind every signature is a certificate, and certificates differ enormously. A self-signed certificate proves only that someone holding a key signed the file; anyone can make one in a minute and put any name on it. A certificate from a commercial authority ties the key to a vetted identity. The signature math is identical in both cases. The trust is not. When a signature matters, the certificate chain is the first thing to read after validity.

Adobe signatures versus PAdES

You'll see two families of PDF signatures in the wild. The older Adobe style and the European-standardized PAdES style both do the same core job. PAdES adds stricter rules about timestamps and long-term validation, which matter when a document needs to verify years later, after certificates expire. For reading evidence today, the distinction that matters more is coverage: what span of the file each signature actually protects, and whether anything was appended afterward.

The signal hiding in plain sight

When a signed PDF is edited, the most common result isn't a broken signature. It's an intact signature plus an incremental update, new bytes appended after the signed span. Standard viewers often summarize this as "signature valid, document has been changed," and most readers see the word valid and stop. The second half of that sentence is the evidence. Something in this file arrived after the signing moment, and the file itself records it.

FAQ

Is an e-signature the same as a digital signature?

Usually not. Most e-signature platforms record consent, an image of a signature plus an audit trail held by the platform. A digital signature is cryptography embedded in the file itself, verifiable by anyone without asking the platform. Some platforms apply both. The embedded kind is what a forensic check can verify directly.

Can a digital signature be forged?

Forging the math requires the signer's private key. The practical attacks are softer: self-signed certificates with borrowed names, or edits appended outside the signed span. Both leave evidence in the file, which is exactly what an examination reads.