One year ago, we received a contract as a PDF file. It was digitally signed. We looked at the document - ignoring the "certificate is not trusted" warning shown by the viewer - and asked ourselfs: "How do PDF signatures exactly work?" We are quite familiar with the security of message formats like XML and JSON. But nobody had an idea, how...
