Search code examples
pdfadobepdfboxacrobatelectronic-signature

Verify Electronic Signatures with PDFBox


My company has requested a Java web service implementation of extracting data from PDF forms to initiate straight through processing capabilities for client operations using Apache PDFBox. Easy enough. The tough part is that forms are being submitted from clients of my firm on behalf of end customers, but the end customer signature has to be validated.

The business case for signing these forms is through informal electronic signature (digital representation of a wet signature) processes like the signature "stamp" in Adobe Reader with an image of the customer's signature, or touch screen drawing on an iPad. So far, I have been unable to consistently validate this type of signature, and even been unable to consistently maintain the PDF state such that it can still be read by PDFBox after this type of signature ceremony.

Validating signatures through the digital signature form field is trivial, and I have communicated that to our business. However, since the signer in those cases is typically the owner of the digital cert on whatever machine is being used and the assumption is that most of these interactions will take place in the client office.

I've got a few choices here:

  1. Figure out how to identify electronic signatures consistently and reproduce the lossless signing ceremony for client education.
  2. Make a change to the digital signature form field if possible to accept electronic signatures, if that's even possible.
  3. I have a slight workaround using the most recent release of Acrobat in putting an image form field over the signature area, which works great except for one thing: all the software I've tried reads this form field type as a button. Is there any way to force it to recognize an image, or any PDF reading software that is more up to date and can detect those fields?

I would like to upload a couple sample PDFs, but of course they're all company proprietary information. Suffice it to say that we don't have any wizards doing amazing things with the forms... they are all your basic AcroForms and I'm trying to figure out how to configure the signature area.

Thank you.


Solution

  • Concerning your actual question:

    I have a slight workaround using the most recent release of Acrobat in putting an image form field over the signature area, which works great except for one thing: all the software I've tried reads this form field type as a button. Is there any way to force it to recognize an image, or any PDF reading software that is more up to date and can detect those fields?

    Any PDF reading software that recognizes those fields as a button is up-to-date, at least in that respect, because... there are no "image form fields" in the PDF file format!

    Some PDF creators emulate image form fields using a button form field which by means of JavaScript gets the behavior of an image form field. This emulation is incomplete, of course. In particular the image in such a field is not the value of the form field but merely its appearance.

    Thus, if you want to implement reading the value from such an emulated image form field, you have to extract the appearance of the button.


    Some remarks on the whole scenario:

    ... the end customer signature has to be validated.

    The business case for signing these forms is through informal electronic signature (digital representation of a wet signature) processes

    In contrast to certificate based digital signatures you can hardly do anything with such signatures that deserves to be called "Validation".

    Ok, you can look for an image in the PDF in some emulated image field, but you have no guarantee that the person whose wet signature can be seen on that image backs the data in that form let alone has indeed signed it personally. Just as likely someone else simply has scanned that person's signature from some different hand-signed document and filled the form using that scan...

    So far, I have been unable to consistently validate this type of signature

    It should be possible to extract most such wet signatures

    • either as bitmap images added directly or indirectly to the page content,
    • or as bitmap images added directly or indirectly to some annotation appearance (e.g. a button),
    • or as an InkList or Path of an Ink annotation,
    • or as the Vertices or Path of a PolyLine annotation.

    In case of bitmap images don't forget to also extract the image mask if applicable. Numerous applications fill the base image with the pen color and contain the actual signature graph in the mask.

    and even been unable to consistently maintain the PDF state such that it can still be read by PDFBox after this type of signature ceremony.

    That sounds like a misbehavior of the software that executed that signing ceremony. Unless you share examples for that, though, one can hardly help you analyze the problem.