Friday, February 17, 2017

How to verify my digital professional seal on an engineering plan

For the past decade my engineering plans have been digitally signed. This means that the official copy of all plans I seal is the digitally signed PDF file.

My Signing Procedure

When I print a plan or a report from AutoCAD or a word processor to PDF, the printout has a circular seal. This is an unsigned PDF. To make a signed PDF, I open the PDF and add a digital signature to the file. For a minimal form of visual indication that a hard copy comes from one of my digitally signed PDF files, I configure my digital signature to also "place" a timestamp inside the circular seal.

Verification Level 1: Hard copy

The first level of verification that I have sealed a plan is to check the hard copy for a timestamp inside the circular seal. I always place the timestamp in my standard way. So the timestamp should always be in the same location.

Verification Level 2: PDF

The second level of verification that I have sealed a plan is to open a copy of the PDF and look for an indicator in you viewer that you are looking at a digitally signed file.

Verification Level 3: Check Digital Signature

The third level of verification that I have sealed a plan is to validate the signature in your viewer and try to verify that it came from an email address you know belongs to me.  Since I have not always used independent certification authorities, the level of rigor in this step varies. But ideally the signature would be certified by a third party you trust.

Verification Level 4: Ask Me or an Expert

The fourth level of verification that I have sealed a plan is to email it to me and ask me as you would with a hand signature: "Is this really your signature". Or show it to an expert who can pin it on me as you would do with a hand signature.

No comments: