Understanding digital signature validation states

A digital signature can be in three different states:

• Valid — This state indicates that the document’s integrity is intact, the certificates are valid, and there is a trustworthy certificate path from the signature certificate to a trusted certificate.

• Invalid — In this state, the document’s integrity has been compromised (e.g., it was modified after signing).

• Indeterminate — When Nutrient encounters an indeterminate signature, it displays a yellow Emoji, banner, or similar indicator, along with the text “at least one signature has problems”.

Here are the most common reasons for this indeterminate validation state:

• The signing certificate is self-signed. To understand the difference between a self-signed certificate and a certificate issued by a certificate authority (CA), refer to [certificates for signing][].

• The signing certificate’s certificate issuer (CA) is not included in the Nutrient keystore. The keystore allows Nutrient to trust specific certificates.

To trust certificates, read the signature validation section of this guide to learn how to use the PDFSignatureManager API to do exactly that.