Understanding digital signature validation states

A digital signature can be in three different states:

  • Valid: This state indicates that the document’s integrity is intact, the certificates are valid, and there is a trustworthy certificate path from the signature certificate to a trusted certificate.

  • Invalid: In this state, the document’s integrity has been compromised (e.g., it was modified after signing).

  • Indeterminate: When PSPDFKit encounters an indeterminate signature, it displays a yellow Emoji, banner, or similar indicator, along with the text “at least one signature has problems”.

Here are the most common reasons for this indeterminate validation state:

  • The signing certificate is self-signed. To understand the difference between a self-signed certificate and a certificate issued by a certificate authority (CA), refer to [Certificates for Signing][].

  • The signing certificate’s certificate issuer (CA) is not included in the PSPDFKit keystore. The keystore allows PSPDFKit to trust specific certificates.

To trust certificates, you can use the addTrustedCertificates() method. Note that, by default, our SDK will automatically add and trust those CAs already included in the Android device, but you’ll need to manually trust any other CA that issued your certificate.