How to Verify eIDAS PDF Digital Signatures Online
A comprehensive guide to verifying Advanced and Qualified Electronic Signatures (AdES & QES) under European Union Regulation No 910/2014.
Upload your digitally signed PDF to pdfsigncheck.com. We will compute cryptographic hashes, validate PKCS#7 structures, and check the validity in seconds — 100% in-memory with zero file retention.
1. What is an eIDAS Compliant Digital Signature?
The eIDAS Regulation (Electronic Identification, Authentication and Trust Services) is an EU regulation on electronic identification and trust services for electronic transactions in the European Single Market. Established in 2014, it replaces the EU Directive 1999/93/EC and creates a unified legal framework for secure electronic transactions across all 27 EU member states.
Under eIDAS, signatures are categorized into three levels, each offering different degrees of security, technical verification, and legal weight.
2. The Three Levels of Electronic Signatures Under eIDAS
Understanding the technical distinction between signature levels is critical for regulatory compliance:
- Simple Electronic Signature (SES):The most basic level. Examples include scanning a handwritten signature, clicking an “I Accept” button, or signing with a stylus on a screen. SES does not use cryptographic binding and is highly susceptible to modification or forgery.
- Advanced Electronic Signature (AdES): Cryptographically bound to the document data and the signer. An AdES must be uniquely linked to the signer, capable of identifying the signer, created using signature creation data that the signer can use with sole control, and linked to the document in such a way that any subsequent change to the file is detectable. Technically, this is achieved using PKCS#7/CMS cryptographic wrappers.
- Qualified Electronic Signature (QES): The gold standard. A QES is an Advanced Electronic Signature that is created by a Qualified Signature Creation Device (QSCD)—such as a secure hardware security module (HSM) or smartcard—and based on a Qualified Certificate issued by an accredited EU Trust Service Provider (TSP). QES carries the exact same legal value as a physical, wet-ink signature in all EU member states.
3. What is the EU Trusted List (EUTL) and LOTL?
To establish public trust, the European Commission publishes the **List of Trusted Lists (LOTL)**. Each member state compiles a national **Trusted List (EUTL)** containing information about the supervised and accredited Trust Service Providers (TSPs) within their jurisdiction.
When a PDF is signed with an eIDAS-compliant certificate, the verifying software checks the certificate chain against these lists. If a PDF reader (like Adobe Acrobat) has not synced its European Union Trusted List cache, it may display a yellow warning question mark (⚠️), stating the signer's identity is unknown, even if the signature is cryptographically valid.
4. Step-by-Step: How to Verify eIDAS Signatures on pdfsigncheck.com
PDF SignCheck provides a zero-setup, completely browser-based validation mechanism to check your EU-signed documents:
- Upload the PDF: Drag and drop your signed PDF document into the verification upload box on the homepage.
- Extract Cryptographic Metadata:The system parses the PDF layout, extracts the embedded PKCS#7 signature block, and decodes the signer's X.509 certificate.
- Verify Integrity & Timestamps: It computes the SHA-256 hash over the signed byte ranges to ensure the file has not been modified since the signature was applied. It also validates the embedded cryptographic timestamp.
- Check Certifying Details: Review the Common Name (CN), certificate issuer details, validity dates, and country of origin.
5. Legal Standing & Mutual Recognition of QES in Europe
According to Article 25 of the eIDAS Regulation (Regulation EU No 910/2014):
“An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures.”
Critically, a Qualified Electronic Signature (QES) has the equivalent legal effect of a handwritten signature and is mutually recognized across all 27 EU member states, meaning no national authority can reject a QES signed in another member state.
6. Common Troubleshooting & FAQs for eIDAS PDFs
Zero-Knowledge Privacy
Files are processed strictly in secure memory modules inside your local browser. No server storage.
Cryptographic Standards
Fully compliant with IETF RFC 5652 (CMS), Adobe PDF specs, eIDAS, and Controller of Certifying Authorities (CCA).
Verify Anonymously
No personal registration or document tracking is required. Verify up to 2 files daily as guest.
Detailed Audit Trails
Generates downloadable, verified PDFs with structural signature stamps and trust summaries.
Edge Sandbox Security
Verification executes inside sandboxed browser modules to ensure isolated document handling.
Zero Data Logging
Absolutely no logging of files, names, email contents, or signature details. Pure privacy.