What does 'signature covers this revision of the document' mean?

PDF digital signatures use incremental saves — when a document is modified after signing, the original signed content remains in the file alongside the new changes. Validation reports which revision the signature covers: 'signature covers the current version' means no changes were made after signing; 'signature covers an earlier version' means the document was modified after this signature but the signed content at that revision remains intact and verifiable.

Can I validate signatures on PDFs signed with self-signed certificates?

Yes — signature integrity (hash verification) works regardless of certificate type. A self-signed certificate signature will validate as 'integrity intact — document not modified' but will show 'certificate not trusted' because the issuing CA (the signer themselves) isn't in any standard trust store. This distinction is important: cryptographic validity confirms the document hasn't changed; certificate trust confirms the signer's identity was verified by an authoritative third party.

OmniToolsKit

Validate Signatures

Name: Validate PDF Signature
Rating: 5 (2 reviews)
Author: OmniToolsKit

Verify the digital signatures and integrity of your PDF documents.

Verify SignatureTrust Chain CheckSigner IdentityBrowser-based

Validate Document

Upload a signed PDF to verify its signatures

Drop files here or

Maximum file size: 50MB • Files: 0 / 1

Accepted file types: .pdf

Download Result

Download your validate signatures document

No files available for download. validate signatures file to generate your result.

About this tool

Verify the cryptographic validity of digital signatures in PDF documents — confirm document integrity, signer certificates, and detect any post-signature modifications. Validation runs entirely in your browser.

About

Cryptographic Signature Validation: Integrity and Trust Verification

Validating a PDF digital signature involves three distinct checks: integrity verification, certificate validation, and trust chain evaluation. Integrity verification re-computes the hash of the signed byte range using the algorithm specified in the signature (SHA-256, SHA-384, or SHA-512 in modern PDFs) and decrypts the signature value using the signer's public key from their certificate. If these match, the document hasn't been modified since signing. Any change — even adding a single space — produces a different hash and fails verification.

Certificate validation checks that the signing certificate was valid at the time of signing (or at the current time if no embedded timestamp is present), was not revoked (via OCSP or CRL check), and chains up to a trusted root CA. For offline validation, the certificate chain and revocation data must be embedded in the PDF (LTV — Long Term Validation).

Trust evaluation determines whether the root CA that issued the signing certificate is trusted by the validator's trust store. Adobe uses the Adobe Approved Trust List (AATL); browsers use OS trust stores. A signature can be cryptographically valid (integrity intact, certificate mathematically correct) but still show as 'unknown trust' if the issuing CA isn't in the validator's trust store.

Common Use Cases

Verify received contract signatures

Confirm a signed contract hasn't been modified after signing and that the signer's certificate is authentic.

Compliance audit of digitally signed records

Validate that archived signed documents still pass integrity and certificate validity checks for regulatory compliance.

Detect tampering in disputed documents

Use signature validation to determine whether a signed document has been altered after the signature was applied.

How to Use

1
Upload the signed PDF
Select the PDF with digital signatures you want to validate. The tool identifies all signature fields and their associated byte ranges.
2
Run signature validation
Click Validate Signatures to perform hash verification for each signature — checking that the signed document content matches the embedded signature hash.
3
Review validation results
See detailed results for each signature: integrity status (document unchanged / modified after signing), certificate validity, and signer identity from the certificate's Subject field.

Features

Cryptographic hash verification
Recomputes the document hash over the exact signed byte range and verifies it against the decrypted signature value for definitive integrity proof.
Modification detection
Identifies precisely whether the document was modified after each signature was applied, and which revision the signature covers.
Certificate chain inspection
Displays the full certificate chain for each signature alongside validity status and expiration details.
Multi-signature document support
Validates all signatures in multi-signer documents individually, reporting each signer's integrity and certificate status separately.

Frequently Asked Questions

Found this tool useful?

Share your experience and help others discover it.