For more than 150 years, the U.S. Government Publishing Office (GPO) has been the official disseminator of Government documents and has assured users of their authenticity.
The adoption of digital technology has changed the ways products are created, managed, and delivered to users. Electronic documents pose a special challenge to the verification of their authenticity because they can be altered, which could lead to unauthorized versions of government content. GPO must assure users that publications available from GPO websites are as official and authentic as publications that have been printed and disseminated by GPO for many years and that trust relationships exist between all parties in electronic transactions.
To help meet the challenge of the digital age, GPO has begun implementing measures that establish GPO as the trusted information disseminator, but also provide the assurance that an electronic document has not been altered since GPO disseminated it.
The visible digital signatures on online PDF documents serve the same purpose as handwritten signatures or traditional wax seals on printed documents. A digital signature, viewed through the GPO Seal of Authenticity, verifies document integrity and authenticity on GPO online Federal documents.
How Does it Work?
GPO uses a digital certificate to apply digital signatures to PDF documents. In order for users to validate the certificate that was used by GPO to apply a digital signature to document, a chain of certificates or a certification path between the certificate and an established point of trust must be established, and every certificate within that path must be checked.
How do I verify GPO's digitally signed PDFs?
The recommended way to verify GPO’s authenticated PDFs is to open the file using Adobe Acrobat or Reader software. Many browsers today open PDFs automatically within the browser without using your computer’s Adobe software. If you are not using Adobe Acrobat or Reader, the digital signature validation process may not occur.
*Note: You can adjust the default PDF open behavior on your computer to open in the Adobe software instead of the browser. Each browser has its own settings to control how PDFs open from a web page. Follow these instructions for your specific browser to change the display settings.
How do I highlight or add comments to PDF documents that have been digitally signed?
There is a workaround that will allow you to annotate digitally signed PDFs by printing as an Adobe PDF to create a new PDF file that can be annotated.
- Open the PDF file in either Adobe Acrobat or Reader *Note: Make sure to open the file using the Adobe software and not in your web browser (Internet Explorer, Chrome, etc.)
- Once the file is open in the Adobe software, go to the top menu, click "File" then click "Print." A screen will pop up with print options. In this screen, click the dropdown box next to Printer and select "Adobe PDF." Click the dropdown box next to Comments & Forms and select “Document” (instead of “Document and Markups.”)
- Click "Print." You will then be able to Save the file with a different file name than the original or to a different location on your computer. You will be able to highlight and add comments to this new file.
Note: The new files created using this method will still display the GPO Seal of Authenticity, but will no longer be digitally signed.
I want to quote an authenticated document I downloaded from govinfo. Do I have to retype the text?
Users can select text from a digitally signed and certified PDF file, then copy and paste it into a new document. The digital signature will not be transferred with the text.
What does it mean when GPO says a file is authenticated?
GPO authenticates documents on govinfo by applying digital signatures to official content after its validity has been confirmed. The technology used to certify these documents allows GPO to secure the data integrity, and provides users with assurance that the content is unchanged since it was disseminated by GPO.
In addition to certifying a document, GPO uses digital signature technology to add a visible Seal of Authenticity to authenticated and certified PDF documents. When GPO signs and certifies a document, a blue ribbon icon appears right beneath the top navigation menu and also in the Signature Panel within Adobe Acrobat or Reader. When users print a document that has been signed and certified by GPO, the Seal of Authenticity will automatically print on the document, but the ribbon will not print.
What are validation icons?
Validation icons appear in Adobe Acrobat or Reader to notify users of the content's validity status. These are several icons that are used by Adobe to convey information about digital signatures:
What certificate information should I expect to see in a file digitally signed and certified by GPO?
An electronic file that has been digitally signed and certified by GPO should include the following information:
Document certification is valid, signed by Superintendent of Documents firstname.lastname@example.org.
Reason for Signing: GPO attests that this document has not been altered since it was disseminated by GPO.
How can I tell if a signed and certified file has been changed?
If the content of a PDF file certified by GPO is altered, the certification will be invalidated. Users will know this by the appearance of the yellow warning icon in the Adobe software.
If I save a digitally signed and certified file from govinfo on my own computer, is the signature still valid?
As long as the file is not changed, the electronic signature will remain valid. Users can save PDF files that have been digitally signed and certified by GPO for later use or email them to other users without affecting the digital signature.
I opened a digitally signed and certified document that I saved on my computer several weeks ago. How can I be sure it has not been corrupted?
You can check the validity of a signature at any time. To do so, open the document in Adobe Acrobat or Adobe Reader. Click the Signature Panel icon then click “Validate All” then “OK”. The software will run a validation check to see if the digital certificate used to sign the document is valid.
I have a PDF document that has been changed. Is there any way to see the signed version?
If changes are made to the signed version of a document, Adobe Acrobat and Reader provide the capability to view the signed version. To access this feature, Click the Signature Panel icon then select and expand the signature, and choose “Click to view this version.” If multiple versions are available, users will have the ability to select this option.
Can I see some examples of changed files?
This file was signed, but not certified, and has been changed (PDF). You will notice the ribbon validation icon has been replaced with a yellow warning icon and you can see the signed version of the file.
Where can I get more help using digitally signed and certified PDF files?
Additional help information is available on Adobe’s website.
- Authentication FAQs
- Authentication definitions and acronyms (PDF)
- GPO Document Authentication Workshop - June, 18, 2010
- GPO Authentication Initiative Documentation
- Overview of GPO’s Authentication Program (PDF)- June 13, 2011
- Authenticity of Electronic Federal Government Publications (PDF)- June 13, 2011
- Final Authentication White Paper (PDF)- October 13, 2005
- Draft Authentication White Paper (PDF)- June 23, 2005
- Authentication Briefing Paper (PDF)- Spring 2005 DLC Meeting
- For Further Reading
- Introduction to Public Key Technology and Federal PKI Infrastructure (PDF) National Institute for Standards and Technology, 2001
- Electronic Authentication Guideline Recommendations of the National Institute of Standards and Technology (PDF) National Institute for Standards and Technology, 2011
- Status of Federal Public Key Infrastructure Activities at Major Federal Departments and Agencies (PDF) General Accountability Office, 2003
- Public Key Infrastructures - Federal PKI