17.3.2016

Introduction

In a recent article I showed how to add a digital signature to a PDF document using PDFMU. In this article I will demonstrate how to find out, given a PDF document, who signed the document. I will show two methods of achieving this:

  1. Using Adobe Acrobat Reader DC
  2. Using PDFMU

More specifically, I will show how to find out the CN component of the distinguished name (DN) of the document's signer. Before I describe the procedure, let me describe how information is organized in a PDF signature.

What information is stored in the signature?

Every signature in a PDF document contains a certificate chain. The certificate chain is a list of one or more certificates. Each of these certificates belongs to a specific person or organization. A certificate chain typically proves that some certification authority believes that the signer's certificate actually belongs to the entity it identifies. In such case, as long as I trust the certification authority and the signature is valid, I can be sure that the document was signed by the entity identified by the signer's certificate.

When we are trying to find out who signed a document, we are most interested in the signer's certificate. This is the first one in the chain and is present in every signature.

A distinguished name (DN) is a text string that identifies an entity (for example a person or an organization). Every certificate contains two DNs: Subject and Issuer. The Subject DN identifies the owner of the certificate, so the Subject DN of the signer's certificate identifies the signer.

A DN is a structured string, for example:

CN=William J. Blazkowicz,O=Office of Secret Actions,L=Milwaukee,ST=Wisconsin,C=US,E=b.j.blazkowicz@example.com

A DN consists of several named attributes. If the DN describes a person, the attribute CN (common name) typically contains the person's full name.

To review, the information is organized hierarchically in the following manner:

PDF document -> list of signatures -> a signature -> certificate chain -> signer's certificate -> Subject DN -> CN

In the following sections we will look at ways how to find the Subject DN and specifically CN of the signer's certificate. We will use the document signed.pdf for demonstration purposes; feel free to follow the steps we take.

Using Adobe Acrobat Reader DC

  1. Download and install Acrobat Reader
  2. Open signed.pdf in Acrobat Reader
  3. Open the Signature Panel: View -> Show/Hide -> Navigation Panes -> Signatures

The Signature Panel lists all the signatures in the document along with the corresponding revision numbers. Each signature description contains the Subject CN, so you can quickly check the CN directly in the Signature Panel.

How can you view the complete signer's DN?

  1. Right click the signature of interest in the Signature Panel
  2. Select the option Show Signature Properties...
  3. Press the button Show Signer's Certificate
  4. Select the tab Details
  5. Select the item Subject

You can see the complete DN in the text box.

Using PDFMU

  1. Download and build PDFMU
    • Follow the instructions in README
  2. Run pdfmu inspect signed.pdf
    • Make sure that the program PDFMU is available under the name pdfmu. In Windows, you can achieve this by adding the directory "pdfmu/target/exe" to the environment variable PATH.

A common output looks like this:

[...]
Number of signatures: 1
Number of document revisions: 1
Signature field name: Signature1
  Signature covers the whole document: Yes
  Document revision: 1 of 1
  Signature metadata:
    Name is not set.
    Reason: 
    Location: 
    Date and time: Fri Mar 04 14:59:29 CET 2016
  Certificate chain:
    Number of certificates: 2
    Certificate 0 (the signing certificate):
      Type: X.509
      Self-signed: No
      Subject:
        Common name: William J. Blazkowicz
        Email address: b.j.blazkowicz@example.com
        Organization: Office of Secret Actions
        Locality: Milwaukee
        State or province: Wisconsin
        Country code: US
      Issuer:
        Common name: Office of Secret Actions CA
        Organization: Office of Secret Actions
        Locality: London
        Country code: GB
    Certificate 1:
      Type: X.509
      Self-signed: Yes
      Subject:
        Common name: Office of Secret Actions CA
        Organization: Office of Secret Actions
        Locality: London
        Country code: GB
      Issuer:
        Common name: Office of Secret Actions CA
        Organization: Office of Secret Actions
        Locality: London
        Country code: GB

The attributes of the signer's DN, including the signer's CN (common name), can be found in the section Certificate 0 (the signing certificate) -> Subject.

Conclusion

I have shown two ways of determining the identity of the signer of a PDF document. Adobe Reader is especially suitable when we need to determine the signer using a computer that already has Adobe Reader installed. PDFMU is especially suitable when we want to process the signer's identity automatically or when we prefer working in the terminal. It is, however, necessary to keep in mind that PDFMU does not verify the validity of the signature or the certificate chain.

Hobrasoft s.r.o. | Contact