In May 2021, researchers published two attacks on certified PDFs, which enabled unintentional and fraudulent modifications to be applied to signed documents. Here we provide a brief summary of the attacks and explain why documents that are digitally signed using Cryptomathic Signer and its WYSIWYS technology is not susceptible to these attacks.

New technical standard to harmonise the requirements for the quality of Qualified Electronic Signatures

The EU standard (EN 419241-2) has just been published and will be used to evaluate quality and compliance with the legislation of the entities used in the activation of remote electronic signatures. This is the first of its kind in Europe and is targeted at the Qualified Trust Service Providers who deliver and store European electronic signatures. Cryptomathic has participated in the development of the standard and has thus ensured influence on the requirements.

With support for signing XML documents in its WYSIWYS solution, Cryptomathic now provides the means to offer the much desired What You See Is What You Sign (WYSIWYS) feature for both PDF documents and XML files. With WYSIWYS, it is possible to demonstrate that signatory’s intent was provided for, with a well-specified UI, thereby strengthening non-repudiation of online transfers or other signature operations. The new feature is now available as part of the latest Cryptomathic Signer product version, released in November 2018.

What You See Is What You Sign (WYSIWYS) refers to the part of any signature process, where you read a document you intend to sign, and ensure that you only sign it once you know it is the right document and agree with its terms. When you read something in your web browser, how can you be sure that the text you read is genuine, from the right source, and agree on the content it displays?