Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: FalsiScan – Make it look like a PDF has been hand signed and scanned (gitlab.com/edouardklein)
770 points by linschn on April 8, 2020 | hide | past | favorite | 186 comments

Ha! My co-worker made one of these for the same reason. Some places still require "wet" signatures, and some people (us) like to stick it to bureaucracy and prove that they can't tell the difference.

For a one-liner, if you use any tool to generate a realistic version of your signature, or do what I do and actually scan a version of your signature once, and then have that as a PNG that you can drop on any PDF of your liking, here's a line to make it look nice and "scanned":

  convert "$1" -alpha Off -density 150 -colorspace gray -blur 0.5x0.5 -rotate 0.4 -level 40%,60% "scanned-$1"
Or for even more noise and poor quality:

  convert "$1" -colorspace gray \( +clone -blur 0x1 \) +swap -compose divide -composite -linear-stretch 5%x0% -rotate 1.5 scanned-$1.pdf

This is cool, although after playing with it and a bit and doing some Googling, I like:


Is that an invocation of the `convert` tool from ImageMagick?

Yep, it just uses ImageMagick's `convert` to take the PDF, rotate it a little bit, blur the text, and generally reduce the quality just like a scan would.

The OP also uses a few other flags like `+noise Gaussian` and `-attenuate 0.25` which you could toss in. Same concept, just wanted to share a one-liner you can use if you already have a PDF with a signature on it, and you need that nice "scanned" look.

Or just use Libreoffice and insert the image in the right place. Has worked for years.

In my organization we have a different problem. We heavily use signed pdf files for all our internal documents - if a document is not signed it's not valid (they are mainly signed with JSignPdf). A number of internal applications need such signed files in order to proceed with a workflow.

Checking if a PDF file has been digitally signed, how many signatures are there and if the signatures are all valid is not an easy task! Actually, I only know how to do it in java using bounty castle. To help non-java apps with this I've implemented a small java application that provides a REST (and form) api for uploading a signed PDF file and returning information about the signatures.

It works in my organization for more than 3 years and it's has saved us from hundreds of erroneously signed PDF files! I've open sourced it for anybody having similar requirements: https://github.com/spapas/pdf-sign-check.

This is cool, thanks for sharing.

Parsing a PDF file is in that list that nobody wants to write themselves. Next to writing a YAML parser.

Cool project. Micro SaaS opportunity :D

Mac’s pdf viewer Preview has a signature capture feature built in that’s pretty slick. I use it all the time and haven’t encountered an objection. Tbh I’d wonder why you need to fuzz up and fake scan the image. If someone’s requiring that the doc be “signed in ink” or some such, more power to you!

From the link:

"For bureaucratic reasons, a colleague of mine had to print, sign, scan and send by email a high number of pages. To save trees, ink, time, and to stick it to the bureaucrats, I wrote this script."

So yes, it does seem like there are situations where a "digital" signature is insufficient.

My bank sometimes requires a “wet” signature and have rejected digitally signed PDFs from MacOS Preview before. This tool will come in handy.

My bank used to reject scans but accept faxes... bureaucratic reasons.

I don't know directly, but I've heard that there are special laws regarding fraud via fax. Even though fax has no technical protection, it may have legal ones, that might give the counterparty some recourse if things went bad.

In Germany, a fax is legally considered an original copy, a scan/print is not, despite a fax often being a scan that’s then transmitted via fax protocols. Law hasn’t caught up with technology yet in that area.

You also get a confirmation from the recipient when using fax.

All the while we actually have a pretty good law about digital signatures since basically forever, but ~nobody supports those. (and they missed the chance of using the new ID cards to establish them more widely, which was really stupid)

> despite a fax often being a scan that’s then transmitted via fax protocols

...what's the alternative to that "often"? What is a fax machine, if not a scanner attached to a modem?

Dialup modems speak the protocol, or at least they used to, so it was possible to send or receive a fax without a physical copy of the document. Just by "printing" from word to the modem and entering a phone number. I remember writing an excel macro to iterate over a list of customers and send a personalized word document to them. (This was 20 years ago I think and not all of our customers had an email)

VoIP fax services. Webpage allows upload, sends the fax over voip, which ends up at another voip server, decodes back into a fax. Never turns analog.

Conventional fax machine transmits document while it scans it as it has (almost) no memory. Like analog TV camera, just much slower.

Sure, but that's still "a scanner attached to a modem." Nothing about a scanner implies that it must buffer the input, just like nothing about a printer implies that it buffers the output.

There are/were "line printers" doing "latch a character from the input line, print the character, unlatch" serial output (which were so common that Unix pipes are designed around the foibles of outputting to such devices.) Most POS thermal receipt printers are still line printers!

I don't know as much about scanners, but I can't imagine that the original (digital, attached to a computer) scanners weren't also "serial scanners"—i.e., rather than a 1D scan head with a long CCD strip that could latch an entire line at a time into a shift register, they would have had 2D scan-heads that would scan one pixel at a time, in a "read brightness, signal ready, wait for return line to unlatch" serial loop. No memory required, just terribly slow.

When the relevant laws were made, fax machines were purely analog devices, not a scanner attached to a modem. And once fax was legally privileged, it stuck around exactly because it was legally privileged - despite the change in technology.

Again, my question:

> fax machines were purely analog devices, not a scanner attached to a modem

Why would an analog scanner not still be a scanner? I'd call whatever component that's in even the oldest fax machines "a scanner." Even if it is "enitrely analog" (continuous brightness intensity read, like a tape head or record-player stylus) you'd still call the process of converting light from a sensor passing over a document, into electricity, scanning, and you'd still call the component that does that "a scanner." Just like speakers and microphones are still "speakers" and "microphones" whether they're just transducers attached to wires, or have a whole ADC+USB/Bluetooth signal path leading out of them. Am I wrong?

Yes, in the same sense that an analog telephone is recording you by translating your voice into electricity. But, at least to me, if it is voice -> electricity on wire -> speaker, it feels much less like recording than saving a buffer of voice in memory, packetizing, and then sending, even if they are both just electricity on a wire.

Everything has Colour, not just bits

I read on NH yesterday (or perhaps the day before) that in the USA HIPAA (Health Insurance Portability & Accountability Act 1996) carves our a special exemption to consider faxes ‘secure’.

It does.

Sounds like their document management system was tied to a fax line and they didn't want to bother upgrading. IT departments at banks have like, zero budget.

Faxes are considered secure.

I'm declaring myself as considered a Triceratops . Doesn't make it true.

If you pass a law stating you are a Triceratops, it would become 'true' in the legal sense... and since we are dealing with legality, it being declared 'secure' does matter

It depends on the threat model. If I need to prove to a court in the US, then I'm signing paper and faxing it. To do it differently would be more expensive to prove.

Right, the legal system considers it secure.

I'm talking about the technical sense. Where there is no encryption at all, anyone with a phone line splitter can listen in, and the machines are usually not in a secured area so anyone could just pick up the fax and walk away. Not secure at all.

I don’t think you need to argue that fax is not technically secure on HN. Pretty sure we are all on the same page there. What matters is legal precedent and existing policy in various countries.

> I don’t think you need to argue that fax is not technically secure on HN. Pretty sure we are all on the same page there.

dd36 and swixmix seem to be taking the other side of that argument.

If I were taking that side, I wouldn’t have qualified my statement. Gov’t and courts consider it secure. HIPAA compliant, etc.

It depends on what your threat model is. The attacks you're talking about are real, absolutely.

For the threat model of a physically local attacker with either the right timing (for grabbing an incoming fax) or the right knowledge (for the phone system equivalent of tcpdump), you're quite right that fax is insecure. Likewise for state sponsored adversaries or certain organized crime groups.

But if you just want to make it hard for people scanning the internet to see what juicy corporate espionage they can find and resell, without specifically targeting you, fax is probably less vulnerable to that threat model than, for example, an undermaintained email server. Likewise if you piss off script kiddies somewhere on the internet with botnets and exploit kits, your website is probably a bigger risk than your fax machine.

They're secure in the sense of being low-risk for active content shenanigans and a small surface area for vulnerabilities. Attacking a network through a .tiff of a fax is a lot harder than attacking it through an email, pdf, word doc, http session, etc.

Behold...the power of lobbyists. Fax industry sure got their money's worth that year that passed.

Schwab (the bank in the US) started rejecting my signatures, on the basis that several documents I submitted had identical signature images. I worked around that by making a new signature, but you could imagine them escalating to also complaining about the fact it was not wet ink.

I had an application to open a new bank account rejected because my signature was not close enough to the one they had on file. I tried resolving things over the phone, but no luck. So I closed all my other accounts and switched to a different bank.

I had a similar problem once at my bank while submitting some inconsequential form but for bureaucratic reason the signature in the form had to match with what they had in the file.

As I had opened account with them years back, I couldn’t recollect what I had signed then. The clerk at the desk helpfully turned her display for me to take a quick glance at the signature in the file which I copied in the form. Thanked her well.

Several years ago my bank had to store three signatures because I couldn't (and still can't) produce two identical ones. Last year I had to update some documentation and they had to store two more signatures, so now I have 5, but any other signature will be different anyway. The reason is likely that, as a leftie, since being a kid I had to suffer a few attempts to force me writing with the right hand, something I trained by myself much later in my 20s out of curiosity, but quickly forgot due to lack of practice. I never perfected my horrible handwriting and resorted to block capitals immediately after school; then computers and printers solved the problem. Unfortunately it seems there's no way to get rid of this archaic thing called signature that for me translates into wasting lots of time; I'd rather leave a blood sample on paper if I could:)

Interesting, but makes sense they check documents for that.

I love this feature of Preview, though I also sometimes have people that insist on receiving a wet ink signature...

Dropbox's "Scan Document" feature is great for getting around that. It turns a photo into what looks exactly like a scan. I just sign the document in Preview, and then use the Scan Document feature to just "scan" the document as its displayed on my screen. The result seems indistinguishable from a printed wet ink copy also scanned with Dropbox.

A scanner is just a really elongated camera so this is a pretty good way to emulate it

The reification of signatures and paper documents has to stop.

I can set up Apple Pay and use it across devices to make payments worth tens of thousands, but I can’t use the same technology to authenticate a document.

It really boils the blood.

I can't for the life of me understand why the only valid ways to save a signature image for Preview is (1) your computer's camera, and (2) scrawling on the touch pad.

I have a previously-scanned signature that I'd like to re-use. I'd love to simply import the file. Instead I have to print it out and then hold it in front of the camera, trying to get it aligned. It's madness. Is it supposed to be more secure for some reason?

Why do you need to print it? Is it so difficult to redo your signature? That shouldn't be so difficult for you...

Sometimes a printer is closer than a pen, unfortunately....

And, importantly, its location is more predictable.

Can't you just drop a .png on there? I think that works and adds it to the library. But I might recall that from somewhere else.

Every bank application I've done has required print + sign + scanned, I got refused when I tried sending them PDFs signed in Preview/Acrobat

thankfully over here they have to honor digital signatures, no exceptions.

Yep, and here the government even provides you with a free qualified certificate to sign.

That doesn't work for the US, because any constraints on use are politically unpalatable. Any capability that the government creates thus turns into a security vulnerability to be exploited by business.

For example, even just assigning everybody unique identifiers (social security number, drivers' license number) has allowed businesses to demand these identifiers to track customers in privately-held surveillance databases. This system has already grown out of control with little sign of stopping.

A "secure" e-signature token would lead to even more businesses demanding your "identity". Imagine having to pay twice as much for groceries for wanting to keep your purchases personal!

I'd much rather suffer the small work of (print, sign, scan, cache, burn) until I see some reigning in of private surveillance databases.

SSNs are problematic because they are expected to be both public and confidential. In reality, they're public.

The federal government refuses to issue actual public IDs, which would solve the problem nicely, for political reasons. They can't retract Social Security.

That is one reason they're problematic, but not the problem I described. Public IDs would make the problem I am describing worse, as even more businesses would unashamedly ask for them. People's feeling of "oh isn't that private" is one of the few things holding back everyday retail businesses from asking for them.

I don't think it would be any worse than the status quo. Some businesses might not ask for your SSN in particular, but adtech can identify you pretty uniquely regardless. And in the meantime, a million businesses have your sensitive, private SSN, and a relatively high risk of data breach.

have you considered adding a good PII protection laws to circumvent that? GDPR seems to work pretty well.

Yeah. but the signature will simply be a new layer on the PDF. So you can: 1) replace it easily. 2) Extract the signature without any jpeg noise.

Also, I like rasterized contracts / text, instead of a small pdf + an image, as it's easier to tamper with

I used that for some mortgage documents (pre-closing) that they could email me, but needed a 'wet' signature. I happened to be out of town so accessing a printer and scanner wasn't easy.

I used Preview for the longest time before they questioned 1 of the documents.

I only had issues so far when I accidentally didn’t convert the signed page back to an image.

I wonder if you can use "print to PDF" after the signature has been attached to the PDF.

This is what I do. However, my bank has occasionally rejected PDFs because all the signatures were identical, indicating the use of a digital stamp.

This is why,overtime, I have scanned few more versions of my signatures & converted them to a font.

I don't get the magical power of a signature at all. Everybody can write my name under a document.

This project basically allows you to forge your own signature. Is it still legally binding? Do these rules even remember the original intent?

I don't understand it either; as others pointed out as well, I can't do a consistent signature even if I tried to (I've always had trouble with writing, and I barely do anything outside of shopping lists and a paper calendar nowadays).

I've always thought that as long as you can recognize your own signature and declare in a court of law, under oath, that the signature is or is not yours then it's fine.

It's still not foolproof though. An ex of my GF forged her signature and took out a loan in her name. They're still on her ass about that one, despite her claims that the signature isn't hers. They're not taking it to court though, they probably don't have a case. Doesn't stop them from harassing though.

A signature has no magic power. It's very simple. If you sign your name on a document, you are stating that you agree with the document. It doesn't matter if you use a feather pen or this guy's script. If you sign someone else's name on a document, it's obvious that you are committing fraud by impersonating them. Again, the instrument used to sign has no bearing on that.

You seem to be of the opinion that since it is possible to forge a signature, it cannot be legally binding.

> Do these rules even remember the original intent?

You are describing bureaucracy.

There are plenty of people who work (and live) by rules that no longer make sense, but hey, they're the rules!

Just because something can be forged doesn't mean it's useless. Signature in isolation doesn't mean anything, the surrounding legal environment is what gives it its powers. That legal environment doesn't operate on boolean logic, but on probability theory. Signature is just an input to that.

Agreed, rules exist for a reason, and good changes are planned and executed safely over time..

But there's still a delta of time during which old rules continue to be applied in a manner that can feel senseless, while new processes are figured out. :-)

The act of marking the sig field shows your intent to bind to the contract. You can digitally sign but there are a couple extra steps to confirm the intent and identity that aren't hard but are just hard enough to make DocuSign a lot of money and leave everybody else to print/sign/scan their stuff.

So you're saying the signature itself is irrelevant? It's just an elaborate checkbox? The question then is how do you prove I was the guy who checked the box?

It’s sort of is actually. What really matters is the providence of the approval, the adult trail or whatever you want to call it. You are creating a record of when and that you agreed to something and the signature is an artifact of that agreement.

A signature is somewhat harder to take them and checking a checkbox and can be somewhat more easily traced back to the signatory, so it’s probably somewhat better than a checkbox.

So in hipster terms: it's a paper blockchain that isn't immutable and has no real identity ;-)

I mean it's just a paper record. It's existence alone doesn't necessarily prove anything on its own. It's when you're making a case to a judge that you didn't buy 1700 rolls of toilet paper they can say bring it out and say "Yes you did and we have your signature."

You're free to counter and say it's a forgery just as you would be to counter and say someone stole your private key. But the point of a signature in particular is that it's supposed to signal considered intent rather than mindlessly checking a box or being rushed and saying "sure sure whatever."

We pop up dialogs to ask users for confirmation before doing dangerous actions. What's wrong with the paper equivalent?

And is pretty easy to forge collisions.

Audit trail... see also companies like Jornaya that specialize in making any form interaction auditable for consent to receive marketing.

Actually yes. You can mark with an X, and that was somewhat common when the literacy rate wasn't as good as it is now. The answer to your last question is to have witnesses, either in person or proxied via a notary.

That's what a notary does; https://en.wikipedia.org/wiki/Notary

The willingness or need to enforce seems to correlate with the measures a company requires you to take on signing.

* TOS - a simple checkbox - or even just a "continue button" * Moderately large purchase - type your name * Larger purchase - draw your name * Major contract - use this widely recognized signature flow

It's like how you have to type a whole word into a box to delete a repo on github.

That's really just a defense against deleting the wrong repo. If you're typing in the whole repo name, including the account it's under, you're very likely to know which repo you are deleting when you hit the button. (Consider the horror scenario where you both own an org repo and have a personal fork, and you mean to delete your personal fork but delete the main repo instead.)

Signing something, in the same way, is a defense against someone claiming that they really didn't mean it.

Life-or-death contract - write out 2048-bit DSA private key from memory; no, you cannot import a key file instead

The moment you write out the private key it's no longer secure. Anyone who sees it (and has a good enough memory) could copy the key to another contract.

You'd need to perform the DSA algorithm in your head on the content of the contract, using your memorized private key, and write out the resulting signature block.

I have great difficulty maintaining a consistent signature, even when having to sign multiple times on the same page at the same time. A mediocre forger could probably do a better job replicating my signature than I can—if they could find a sufficiently median example of it.

In a way I don't think it's possible to forge one's own signature. What's the diference of my signature from the forgery of the signature I did myself? Signature on a piece of paper says "I read this and agree with what's written so I've put a unique piece of ink there to show my agreement" doesn't really matter what you put there if all parts agree on its validity.

But what if you aren't the one who forged your own signature? How are you going to prove that someone else scribbled something on a PDF?

The forging of a signature has always been a possibility, which is why witnesses are required for the important stuff.

On the other hand, you would be right in thinking that there is a somewhat anachronistic element of theater in having signatures on electronic documents.

In some ways, the theater is the point: the more elaborate the “production”, the easier it is to demonstrate that the required “meeting of the minds” took place.

Someone might blithely—-or accidentally—-click continue, but you can’t really sleepwalk your way through signing a document or lining up witnesses to the signing.

> The forging of a signature has always been a possibility

Yes, but it used to be difficult. If you can lift an image off one piece of paper and print it on another it becomes easy.

It’s no different than paper currency. If it’s easy to forge, then the real money becomes worthless.

>Is it still legally binding?

Not in the EU country I live in.

1. We have digital signatures we can use to sign documents and they are legally binding for gov. organizations and optionally every organization that accepts em.

2. For internal documents, metadata is sufficient after organization issues an order.

3. Between orgs, metadata is sufficient if you address that within contract.

At least I remember it being that way few years ago.

This pdf viewable signature stuff is void. Only to make feel some people better.

The question is, can you forge your own signature? If both parties agree that the document is legally binding it seems a bit unlikely that the document would fall under the forged label.

Though I am not a lawyer.

It's also worth noting that digital signatures throughout the european union have legal status.

Digital signatures also have legal status in the US.

Until society catches up and uses cryptographic primitives provided by a national ID smart card (such that Estonia has) for authorizing intents, this is a satisfactory method to make document execution less painful.

This project is already doing the easy part (“place pretty signature picture here”). Depending on your jurisdiction and their tolerance, you could also render a true crypto signature in ascii-armored format to assist in proving legitimacy (perhaps generated as a small print signature line under the signature).

Sidenote: Some transactions require a "wet" signature (as in, actual ink on actual paper from an actual pen). This doesn't get around those transactions unfortunately.

All the more baffling why some countries are moving away from national identification and other digital signing initiatives to prove identity. E.g. the UK that introduced and then subsequently dismantled a national ID card and database (apparently it was a "privacy" issue for the government to have a record of citizens?). Imagine this, a first world country, living in the dark ages essentially when it comes to identity.

Many people in the USA believe a "national ID" card is the work of actual Satan:


>These ID cards are, however, preparing the way. The more people get used to some new government regulation, restriction, or provision, the more they tolerate it and eventually just learn to live with it. What may at first seem unthinkable and raise howls of protest, later becomes accepted by a few, then many, then most. And that’s how the Antichrist and his agents will capitalize on these compulsory ID cards to prepare the world for what’s next.

I think "many" might be overselling it a bit relative to a population of ~330M.

People who believe that have incredible influence in our flawed political structure.

Translation: Hi, I'm from New York or California, or maybe Seattle.

Huh? There are a lot of devout Christians in the US. The vast majority of them are not "end-times" truthers.

The ones with political power are. It is exceedingly naive to claim otherwise.

Google the term "Dominionism."

Dominionism is not a clearly defined practice/group/sect/etc. The most inclusive definition is basically just "people with strong beliefs want to run the democracy they live in according to those beliefs", which doesn't seem like a surprising way for anyone to behave.

Yet, take even the most expansive and uncharitable definition, and still "dominionism" =/= "the end times are at hand and there are signs everywhere of the coming anti-christ, such as national ID cards".

You're lecturing to someone who grew up around these people, and who, paradoxically, has only watched their influence grow over the last thirty years.

So, yeah, thanks for that.

If you support national ID systems, please do your part to advocate for such systems whenever possible (as well as the necessary privacy and oversight controls). Progress is a function of effort. I'm working on the US side.

> (apparently it was a "privacy" issue for the government to have a record of citizens?)

That's because there's a 95% chance they'll sell it to the likes of Equifax and Experian - what minister could resist the temptation to 'make the system pay for itself' while 'reducing fraud' and 'working with the private sector' - and a 100% chance one of them will then lose it in a breach.

Just for what it's worth, a big part of the backlash against the national ID is that firstly we have a couple of decent proxies, for example driving licence and passport, and secondly we were being asked to pay for the privilege.

> national ID smart card

National ID systems are an incredibly bad idea. You can already get the entire authentication benefit from using decentralized ID systems (your bank authenticates you with your bank card, your employer authenticates you with your employee ID), so all a national ID adds is the ability for corporations to correlate all your different identities without your knowledge or consent, which is nothing but a privacy-invasive misfeature. Note that without a centralized ID they could still do it with your knowledge and consent by having you authenticate using multiple decentralized IDs.

Centralized identity is also a huge single point of failure and compromise. It would attract far higher resources from attackers than non-monoculture ID systems do, have far reaching consequences when vulnerabilities are discovered, and take far longer to respond when changes are necessary because of the scope of use.

I think you're forgetting the part where those existing so-called "decentralized" ID systems are by-and-large using a centralized system (your SSN) which is magntitudes worse than a cryptographic card.

Your bank knows that you are the same John Smith as your employer has on record, because you needed to use the same SSN for both. The status quo is that any service which requires identity validation is requiring you to provide your SSN, which in internet terms is like authenticating with only a username (no password) on all websites, AND you have to use the SAME username for every different site.

Now compare that to public-key encryption. Not only is it better assuming you only have access to a single private key (because you are still authenticating with the output of the key, not the key itself as with SSN), but also because a cryptographic card could store MULTIPLE private keys, allowing you to authenticate with a different "identity" to different providers, making it impossible for them to cross-reference you in that way.

> I think you're forgetting the part where those existing so-called "decentralized" ID systems are by-and-large using a centralized system (your SSN) which is magntitudes worse than a cryptographic card.

It's orders of magnitude worse at authentication because that's not what it's for and everyone should immediately stop trying to use it for that. For that matter it would be better if they would stop using it for anything other than its original purpose as a tax ID.

> Now compare that to public-key encryption. Not only is it better assuming you only have access to a single private key (because you are still authenticating with the output of the key, not the key itself as with SSN), but also because a cryptographic card could store MULTIPLE private keys, allowing you to authenticate with a different "identity" to different providers, making it impossible for them to cross-reference you in that way.

But that's exactly the point. That isn't a national ID, it's ordinary public key cryptography which anyone can use right now already. You don't need a national ID for this, just create a new public-private key pair whenever you first interact with a new entity and use it to authenticate yourself to that entity going forward.

> Your bank knows that you are the same John Smith as your employer has on record, because you needed to use the same SSN for both.

But there is no good reason they need to know this, because having a bank account has really nothing to do with having an employer. All your employer should need is your bank account number so they can deposit your paycheck -- or not even that, just to give you a signature authorizing their bank to transfer money to you, where "you" means the person who can prove they hold the private key corresponding to a public key you gave your employer.

Banks shouldn't even need to know your name if things were being done securely, much less your SSN. Having them is nothing but a liability because someone who doesn't know what they're doing could mistake them for an authentication method.

You do need the SSN to match up with the name and other personal information like age, gender, address, etc. In that way, it's a bit like authenticating with a common username and a password that is publicly available with the username obfuscated (except in the case of data leaks).

Instead of a unique ID like a SSN, we should be using an identity provider to support such use cases. Imagine instead that you would authenticate with https://login.gov (ideally with your credentials and a hardware 2FA device), which would then attest to whatever service you were logging in to that you are you.

You can't rotate a social security number with reasonable effort, and we can longer treat it as a secret, because it isn't one. It's time to move past it as an identifier.

Now imagine that for whatever reason you suddenly become persona non grata, and https://login.gov/ refuses to attest that you are you to any of the services you have come to depend on.

Or just imagine https://login.gov/ passively collecting information about all the services you're logging into.

I wouldn't be opposed to common login protocol—preferably a distributed or federated one—where the government and other parties can add their own signatures to attest that a particular identity belongs to a certain real-world person, and you can choose which of those signatures you present to any given service. However, having the login itself go through a government server would be an incredibly bad idea.

We're already at that point (driver's licenses, passports) and it hasn't happened yet. Yes, you can get blacklisted by the TSA for air transport, but they have an exception process for that (redress control number).

Proper functioning of democracy and government requires eternal vigilance (apologies to Jefferson).

You don't need your driver's license or passport to log in to your e-mail or Facebook account and communicate with your friends, or to buy groceries. Revoking your driver's license and passport affects your ability to travel long distances and not much else, at least in the short term. It's bad enough that you need a current government ID for domestic flights; we don't need to make it mandatory for everything.

> Proper functioning of democracy and government requires eternal vigilance

Indeed, and part of that vigilance is pushing back against government involvement in areas they have no business in, such as authentication for non-government services.

Nobody is proposing a system where you need to authenticate with some national ID in order to do any of the things you mentioned.

We are talking about having better authentication (both more privacy-aware and more flexible) for situations where it's needed. You don't need to validate your identity for email, facebook, or groceries, so obviously this wouldn't apply there. This would apply to things where some ID auth is already taking place (e.g. anything that asks for your SSN, KYC processes in general, etc).

It was, of course, never intended to be used as an authenticator, nor a secret in any way.

It's interesting to see a mention of the ability "to correlate all your different identities" as a feature, which probably illustrates fundamental conceptual differences in different legal/social systems.

In European continental civil law (as opposing to common law e.g. USA and UK, as far as I understand UK law) there's no such legal concept as "different identities" or legal aliases - you have one identity, and that's it. You must have an official identity (it's a crime for adults to not have that official ID registered/issued) and you can't have more than one. There's no right to assume or use a different identity, doing so for any benefit is fraud or forgery. If you change your name, then that must be published so that it's trivial for anyone to link these "identities", or, more accurately, know that the same identity used a different name until a particular day.

That has some disadvantages (e.g. lack of pseudonymity - either you're not identified at all, or you're fully identified) and some advantages e.g. in commerce it's generally useful to have a strong identification of your counterpart rather than a weak one; and it eliminates a whole class of "identity confusion" for people with matching names and other features - there's a single "source of truth" for identity, and it can reliably distinguish all the different John Smiths.

If we're looking at the risk of compromise, it's worth noting that the whole concept of 'identity theft' is widespread in countries with weak ID systems like USA and not widespread in places with strong centralized IDs like continental Europe. A chain is as strong as its weakest point; if it's plausible that you might be using some weak form of ID (or even just 'something you know' like social security number/mother's maiden name/etc), then someone else can pretend to be you using that weak form of ID.

You have to realize that the entire concept of "identity theft" comes from having centralized identity to begin with, otherwise there is nothing to "steal".

Suppose you want to take out a mortgage on a house. If you take it out in someone else's name, this is a problem. But suppose that didn't even enter into it. Instead you prove title to the house, i.e. you authenticate to the city title office as owner of that property using the authentication method you established when you bought it, and that proves to the bank that you own the property. You, having authenticated to the city, approve the bank to take a lien out on the house. They accept the lien as collateral for the mortgage loan, and you get a mortgage loan. Your name doesn't enter into it at all, so nobody could use your name to take out a loan. If you don't pay the loan, they don't care one bit what your name is, they just foreclose on your house.

You realize there is a centralized identity here: The house, or whatever identifies it e.g. street and number.

Also, as a counterpoint, most countries have much stronger centralized identities than the USA, and much less trouble with identity theft.

That's one identity, but the owner of the house would have other identities. The fact that you know that the owner of the house approved the lien would not automatically tell you that, for example, the person living in the house approved the lien. Or that a certain employee of a certain company approved it. These would all be separate identities, even if they all refer to the same person.

Even in countries with unique, centralized identities, you don't go around handing your government ID to everyone you meet. You use it for official legal business only. In other contexts you still have less formal identities which remain separate from your official identity.

You seem to be conflating the two different, incompatible meanings of "digital signatures" here.

This article is about digital signatures as in digital pictures of a signature. There's some support of them in, for example, some PDF tools. These do not have a legal status in EU.

And there are "digital signatures" as in cryptographic digital verification of documents using private/public key cryptography. This is the type of digital signatures for which EU has a legal status, and in many countries a support for verifying identity - for example, I can cryptographically sign documents using the chip on my gov't ID card, and if I receive such a document, then I can securely verify the identity of the signer without needing any preexisting relationship with them. But this has nothing to do with the pictures of signatures that this article is talking about, that seems to be more like a USA thing.

The Uniform Commercial Code [1] in the United States says that:

> A signature may be made (i) manually or by means of a device or machine, and (ii) by the use of any name, including a trade or assumed name, or by a word, mark, or symbol executed or adopted by a person with present intention to authenticate a writing.

IANAL but I would think that this program would fall under "by means of a device" and thus be considered valid.

[1] https://www.law.cornell.edu/ucc/3/3-401

Signatures being meaningful is a downright American tradition. The country was founded based on signatures. It is never going away.

Crytographic protocols can be added to verify signing, but until every civilian practices perfect opsec (never gonna happen), in-person signatures in front of a notary will always be the way business is done.

Better technology (this program, Photoshop, deepfakes, quantum prime factorization) may actually increase the need for in-person wet signatures.

Post-quantum digital signature algorithms based on lattices are starting to get secure, efficient and based on simple mathematical constructs.

IIRC, the basic construction is you generate a lattice trapdoor matrix R, such that A*(Rt + e) ~= t. Finding an input p with small coefficients, for some t such that Ap = t reduces to one of lattice reduction problems, since it requires a finding "good" basis for the lattice (if you invert A you'll have huge coefficients, so you can't forge it. Having the trapdoor R to make p = Rt + e lets you use the trapdoor to find the preimage, and the gaussian vector e smudges it so that an attacker can't collect signatures to decipher R (this is learning with errors, another problem that reduces to lattice basis.) So the signature is easy to verify, and the trapdoor matrix is relatively small and efficient to compute (iirc a couple megs and <1s)

Disclaimer: not a cryptographer, just a hobbyist.

Are there any widely analyzed implementations that I can use today? Got any links? I'm interested, but I don't think I'd understand without seeing code.

It's a pretty bleak landscape, code-wise. The PALISADE crypto library is an implementation of many of these primitives in C++, but it will be nearly impossible to understand it without reading the papers. I recommend "Trapdoors for Lattices: Simpler, Tighter, Smaller, Faster" [0] and the many papers that build on it. That paper was fairly accessible to a layperson like myself. if you're interested you could play around with it in Sympy or Mathematica.

0. https://eprint.iacr.org/2011/501

i think its possible to analyze signatures in various ways that are hard to replicate. but a copy is always just a copy. What i beleive the thing here is that there are court proven ways to analyze writing styles in signatures and some more forensic methods to analyze paper and pen.

as a side note: every time i get a new passport or id card i get told that my signature is not ok as it is (apparently not enough recognizable characters) but when confronted with the question how they would like me to change my signature as seen on all previous documents signed by me they shut up. I think its funny because it probably makes it even more unique.

Forging signature is crime, that's why signature has magical power.

It can be used to claim that I didn't sign it either.

Unless it's a master forger. I could look at the document and figure out that the signature wasn't mine.

That I can tell you in just one word ... tradition!

Questions about the reproducibility of signatures reminds me of this case https://en.wikipedia.org/wiki/Howland_will_forgery_trial in which Charles and Benjamin Pierce were brought in as expert witnesses. There's a good account in https://en.wikipedia.org/wiki/The_Metaphysical_Club:_A_Story....

It's not a false signature, this kind of thing is standard practice for digitally signing documents. DocuSign even allows you to insert a computer-generated signature that looks nothing like your "real" one. What matters is the audit trail.

This is legally binding the same way clicking the "Buy" button on Amazon is.

Yes yes that's all nice and good until the person you're signing the document for tell you "I don't care what someone on Hacker News thinks is good enough, I need this signed in ink".

I've encountered this before myself, and so have many other people, and we're all already aware of what you're saying.

Can I have your phone number, I need you to explain this to my HR department and to the HR department at my last job and of my roofing contractor and dozens of other people who demand wet ink signatures.

I have to do this quite often. I end up using a scanned image of my signature with Gaussian noise added in Photoshop. You can add Gaussian monocromatic noise to the whole page (and rotate it slightly, for good measure) to make it look like you killed a tree.

(HBO) Silicon Valley Reference: That looks like the Gavin Belson signature.

This is kind of useful though, I was in shock and horror when I realized one PDF my Adobe Fill & Sign app couldnt... fill and sign, an actual IRS tax form. I don't know why they let you fill most of it out but force you to sign the damn thing. What's even more confusing is other forms don't restrict this, it's just one of the ones I tried (can't remember which one but it was a while ago).

I think there's a much less niche thing it might be referencing.

The shell scripts depend on a "convert" cli command – that command doesn't exist on my machine, and I can't find any reference to it in the documentation, does anyone know where that command comes from?

Convert is an alias to "magick convert" which is a command built into ImageMagick. Installing ImageMagick is pretty easy, usually just `[packagemanager] install imagemagick`

This comes from imagemagick.


convert is part of imagemagick: https://imagemagick.org

I'll add installation instructions to the Readme tomorrow, thanks for pointing that out.

I usually do the same thing, manually. I have a set of about 10 signatures that I vectorized (so that they scale with no visible artifacts). I apply one of those signatures to the PDF documents in an editor that can edit PDFs (currently using Affinity Designer or Publisher, they're excellent).

Then I take pride in outputting the cleaniest PDF possible. Never received any complaint. Most people on the receiving end probably print them out, and they appreciate the clean result, compared to what you get when you re-scan it (or intentionally blur it).

That said, for 27 pages (!!) that tool would prove a lifesaver.

Last time I had to do this was for a two page document which required a signature on the second page. Even though I thought it was silly, I did sign the second page in ink and scanned it. It was rejected because I didn't also scan the first page despite it requiring no changes. At that point I just concatenated the original first page to my initial signed scan and sent it back and it was all fine.


One thing I did think about, though, is the legal aspect. Fraud is a serious crime and I wonder if such a thing, however silly, might just be considered fraud. In that case it might not be worth fighting the bureaucracy.

Nice example signature

For bureaucratic reasons...

I feel that pain. When your only tool is bureaucracy everything looks like a nail. Or something like that.

I once had what I think was a document for a mortgage application refused because I'd printed it, signed it and took a photo on my phone to email back. Apparently it had to be done with a scanner and a camera was unacceptable.

I didn't have a scanner, so I chanced my arm, desaturated and thresholded the image then resubmitted it. I was thanked and it was accepted.

I was thinking of doing something like this the day before yesterday! I love your implementation! Extremely useful.

I actually wrote about the laborious effort to create a pseudo 'false document' by manually using Gimp on my blog; I wrote a very naive back-of-a-napkin pseudo algorithm... I was actually thinking about learning Gimp's Script-Fu to generate the signature with the Ink Tool.

From this scripts, it looks like this doesn't convert to black and white, so this might work with Hanko (Japanese stamp seal) too?

If it doesn't, please do not hesitate to open an issue and I'll look into it :)

I could use a mobile app to do that.

In my country, to leave your home to do shopping in this period, you are required by military ordnance to fill a form stating the reason of leaving your home. You can show it on your mobile phone, but you have to print it, sign by hand and take a picture of it.

What if you don’t have a working printer at home? Do they just let you starve?

You can write the thing by hand.

Has anyone had any experience trying to prove the authenticity of a signature? I remember reading somewhere that there are only three universities in the world, that have a department specializing in detecting signature forgery.

Financial department wanted me to turn in a signed document after lockdown. I have an HP 3 in 1 but it no longer prints. So I scanned my signature, extracted it with gimp, and added it to the document. The result was excellent.

This is great, thanks for sharing!

Does it support multipage pdf documents and doing multiple signatures per document?

Related to this, perhaps a UI for marking all the spots where signatures are required would make this tool extremely powerful!

Thanks, It does support multiple page, it will add a randomly chosen signature at the same place every page.

The ui is going to be a lot more complicated to code. Maybe I'll give it a try someday.

Immigration documents often need to be hand signed and scanned. This looks cool and everything but not sure if I'd risk getting an immigration application rejected :p

Will try on other less official stuff though ha

The Preview app that lets you very easily sign PDFs is a piece of software I very dearly miss on Linux. There are solutions on Linux but none as smooth and universal as Preview.

This is at least one place where JPG compression helps. In PDF Xchange, I drop in my scanned clear signature (a font), then merge & pdf print the page as 50% jpg quality.

TIL about the WTFPL license ;) http://www.wtfpl.net/about/

I love the idea. Is there any way to programmatically distort a digital signature so that I can avoid printing the signature pdf too?

that would be forgery, i’ll say

If it's your own signature, by definition it cannot be a forgery.

I just printed the pages I needed to sign, signed them, scanned them, and then stitched them into the original PDF.

kentonv was looking for something like this late last year! https://twitter.com/KentonVarda/status/1199022850369146880


I've been doing this manually by adding my signature in GIMP and taking a photo of my laptop screen.

Well, this is the greatest open source project ever. Time to close for the reason, internet.

Is anyone aware of an actual court case where the validity of a DocuSign doc was held up?

DocuSign is valid by statute: https://en.wikipedia.org/wiki/Electronic_Signatures_in_Globa...

Their security implementation or the authenticity mechanism they have for recording is not even really up for scrutiny, so long as they can provide some kind of proof that the signing occurred and that the counterparty signed with an understanding that the electronic signature was the same as a real signature.

I doubt there are any that hinge on that.

I strongly suspect there are many thousands of cases in which a contract that was signed via them was simply treated as legitimate by both parties, though.

Very nice, just wondering the security implications of having those nice PNGs stealed, someone can sign anything in your behalf...

Adding some known pattern to the signature that can be recognized later in the print would be nice if you need to prove that it was not actually signed by you. But if you get to this point it is already a big mess...

Interesting idea, but to me, the output just doesn't look like a scanned document.

This is cool! Now someone make an app out of this please :)

Did you note that the example signature is a phallicism?

More of these in "Signature_example.pdf".

In my opinion, this is a bit childish. But on the other hand, the whole scan-and-sign procedure is also a bit childish if you ask me.

It would not work for us, but I appreciate the spirit of trying to save trees from pointless markings. Love it.

Pretty dope.

Why is this a thing? Why not sign it with a proper digital certificate? In my country we can sign documents with our id card.

The USA doesn't have a national ID card.

Some Americans have CACs, which will do the trick.

But that's a narrow circumstance.


That's not actually not an ID card dumb as it seems. It's an IOU that says that a collection of documents that are enough to prove your identity to the government were produced to an agent. It's a cert.

Assuming the "standard path" in the US the pieces of your ID are your birth record, any court ordered name changes (like if you got married), your social security card, and a previous cert that ties the name to a photo.

I know it's pedantic but god damn it's annoying as hell that a passport doesn't actually prove anything or else you could always do $old_valid_passport + $valid_photo = $new_passport but nope. Sometimes you hit special cases that drop you into having to prove your identity from your ID documents all over again.

Not everybody has a passport. A Passport costs more than a hundred dollars. Not everybody is eligible to a passport. For having a passport you need nationality, and you need to be able to have contracts with non national persons.

Your comment about nationality seems interesting - it's a fundamental human right to have nationality (https://www.ohchr.org/EN/Issues/Pages/Nationality.aspx); what do you mean by "non national persons" ? The common mass cases e.g. illegal immigrants are not non-national persons, they're just nationals of some other country. There are certain edge cases that result in stateless people, but the general solution for that is for states to work to assign nationality, it's definitely reasonable in many countries to not be able to have standard contracts with such people until they get their identity documents issued.

I might live in in a country I'm not a national, so I don't have a local passport.

Illegals often cross borders without papers, so they don't have any passports to sign anything.

Sorry I'm brief, but I'm super busy today :P


> That means 42 percent of Americans hold a passport, a growth of 15 percent since 2007. In 1990, only four percent of Americans had one.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact