Validating embedded AES

<< Click to Display Table of Contents >>

Navigation:  Validating electronic signatures >

Validating embedded AES

A signature applied from a signature service provider not supporting the PAdES format directly may be added to the document in a special manner (see figure below).



Embedded third party signature


In this case the PDF document is signed by the Service (Signant) on behalf of the Signatory, and will appear and validate as a native PAdES document in the PDF reader. The hard evidence of the actual Signature by the Signatory, is attached in the same PDF document as an embedded signature contained in the Document Information Dictionary entry “Signant.AttachedFiles” in the signed PDF document.


The “Signant.AttachedFiles” contains the Signatory signature over the hash value of the original document in the format (e.g. SAML assertion, XMLDSIG) delivered by the e-ID vendor during the signature ceremony. In case of iDIN the “Signant.AttachedFiles” will contain the ‘statement by the Issuer’ (the SAML assertion) as signed by the Issuer. This signature may be extracted by an external tool if necessary.


In order to provide a more available and readable proof of the underlying signature by the Signatory, you will find information related to the Signatory in the Signant Signatures Reason field, and in the visible document widget.

For each Signatory you will find a signature node in the Signature panel, a corresponding time stamp, and a visible widget.