Signing a PDF can mean very different things depending on the tool and method used — from simply drawing your signature with a mouse, to a full cryptographic signature that can prove tampering after the fact. Here's what actually happens at each level.
Levels of "Signing" a PDF
1. Visual Signature (Image or Drawing)
The simplest approach: you draw your signature, type it in a script font, or upload a scanned image of your handwritten signature, and it's placed onto the page. This is visually convincing but provides no technical guarantee — it's essentially the same as printing a document, signing it by hand, and re-scanning it. Anyone could copy that same image onto a different document.
2. Electronic Signature With Basic Audit Trail
Some signing tools add metadata alongside the visual signature — a timestamp, the signer's IP address, or an email confirmation trail. This adds some accountability but still doesn't cryptographically bind the signature to the document's exact content.
3. Digital Signature (Cryptographically Verifiable)
A true digital signature uses public-key cryptography:
- A hash (a unique fingerprint) of the document's content is generated at the moment of signing.
- That hash is encrypted using the signer's private key, producing the digital signature.
- Anyone with the signer's public key (or a certificate chain vouching for it) can verify that the signature matches the document's current content.
If even one byte of the document changes after signing — including edits, or something as simple as a lossy compression pass — the hash no longer matches, and PDF readers will flag the signature as invalid.
Step-by-Step: Signing a PDF
- Upload the PDF you need to sign.
- Add your signature — draw it, type it, or upload an image, depending on what the tool supports.
- Position it on the correct page and location (typically a signature line or designated block).
- Apply and finalize the signature.
- Download the signed PDF.
Practical Considerations
- Sign after all edits and compression are complete. Since any post-signing modification can invalidate a cryptographic signature, finalize the document's content first, then sign last.
- Check what level of signature you actually need. For casual internal approvals, a visual signature is often sufficient. For contracts, legal filings, or anything requiring proof of authenticity, a cryptographic digital signature provides much stronger guarantees.
- Keep a copy of the signed version. Once signed, treat that exact file as the authoritative copy — don't re-edit and re-save over it if the signature needs to remain valid.
Verifying a Signature You've Received
If you receive a digitally signed PDF, most modern PDF readers display a signature panel showing whether the signature is valid and whether the document has been altered since signing. If a reader flags a signature as invalid, treat that as a signal the document may have changed after it was signed — worth confirming with the sender before relying on it.