Digital signatures are widely used in India for signing important documents such as GST returns, income tax filings, MCA forms, and government documents.
But how do you verify whether a digitally signed PDF is valid or has been tampered with?
Modern PDF readers such as Adobe Acrobat automatically perform several cryptographic validation checks using Public Key Infrastructure (PKI) to confirm that the document is authentic and has not been modified after signing.
This guide explains how to verify a digital signature in a PDF step-by-step.
Quick Answer
To verify a digital signature in a PDF:
- Open the signed PDF in a PDF reader such as Adobe Acrobat.
- Locate the signature panel or signature field.
- Click the signature to view details.
- The PDF reader verifies the document hash.
- The reader validates the Digital Signature Certificate (DSC).
- The certificate chain is checked up to the trusted Certifying Authority (CA).
- The system checks certificate revocation using CRL or OCSP.
If all checks pass, the signature is displayed as Valid.
Step 1: Open the Digitally Signed PDF
Open the signed document using a trusted PDF reader such as:
- Adobe Acrobat Reader
- Foxit PDF Reader
- Government eOffice PDF viewer
Once opened, the reader automatically detects that the document contains a digital signature.
A notification bar usually appears showing the signature status.
Step 2: Locate the Signature Panel
The signature is typically visible in one of two ways:
- A visible signature block on the document
- A signature indicator in the PDF reader toolbar
Click the signature to open the signature validation panel.
Step 3: Check the Signature Status
The PDF reader performs several verification checks and displays a status message.
| Status | Meaning |
|---|---|
| Signature Valid | The document has not been modified and the certificate is trusted |
| Signature Unknown | The signing certificate is not trusted |
| Signature Invalid | The document has been modified after signing |
| Certificate Revoked | The digital certificate has been revoked by the Certifying Authority |
Step 4: View Certificate Details
You can click Signature Properties to view details of the Digital Signature Certificate (DSC).
The certificate information usually includes:
- Name of the signer
- Organization
- Certificate serial number
- Certificate validity period
- Issuing Certifying Authority
This certificate is issued by a licensed Certifying Authority regulated by the Controller of Certifying Authorities (CCA) in India.
Step 5: Verify the Certificate Chain
Digital signatures rely on a chain of trust.
Signer Certificate
↓
Intermediate CA
↓
Root Certifying Authority
The PDF reader verifies that each certificate is signed by the authority above it and that the Root Certifying Authority is trusted.
Step 6: Check Certificate Revocation Status
The PDF reader also checks whether the certificate has been revoked.
This is done using two mechanisms:
CRL (Certificate Revocation List)
A list published by the Certifying Authority containing revoked certificates.
OCSP (Online Certificate Status Protocol)
A real-time verification request sent to the Certifying Authority.
If the certificate appears in the CRL or OCSP response, the signature becomes invalid.
Step 7: Verify Document Integrity
The PDF reader checks whether the document content has changed after signing.
This is done using cryptographic hash verification.
During signing:
- A hash of the document is created using algorithms such as SHA-256
- The hash is encrypted using the signer’s private key
When verifying:
- The document hash is recalculated
- The stored signature is decrypted using the public key
- Both hashes are compared
If they match, the document has not been modified.
Legal Validity of Digital Signatures in India
Digital signatures are legally recognized under the Information Technology Act, 2000.
Digital Signature Certificates issued by licensed Certifying Authorities can be used for:
- Income tax filing
- GST returns
- MCA filings
- Government e-office systems
- Secure document signing
Common Reasons Why Signature Verification Fails
- The document was modified after signing
- The certificate has expired
- The certificate has been revoked
- The issuing Certifying Authority is not trusted
- The system cannot access CRL or OCSP servers
Conclusion
Verifying a digital signature in a PDF ensures that the document is authentic and has not been altered.
The verification process uses Public Key Infrastructure (PKI), digital certificates, certificate chains, and cryptographic hash algorithms to confirm the validity of the signature.
This is why digital signatures are widely used in secure digital transactions and government systems.