When verifying a JAR signature, a KeyStore entry can be selected for verifying the entry certificates. In case there is no KeyStore selected, you can continue verification of the JAR signature without checking the existence of the certificates from the JAR entries in the KeyStore. An error will be displayed if KeyStore file could not be loaded or if the KeyStore password is wrong or the file is corrupt. A successful JAR file verification occurs if the signature(s) are valid, and none of the files that were in the JAR file when the signatures were generated have been changed since then. After the JAR signature verification operation, the messages that will be displayed are:

The embedded certificate(s) can be viewed, exported into an external file or directly imported into the active KeyStore.

When importing a selected embedded certificate into the active KeyStore, the certificate trust will be verified in the same way it is verified when importing a trusted certificate into the active KeyStore. If a Trust Path can not be established using the provided TrustStores and the Trust Path validation options (which can be set from Tools > Options > Trust Path Options), a message will be displayed informing about that and asking if the certificate should be displayed for user verification. If "No" is selected, or the dialog is closed, the import operation is aborted. If "Yes" is selected, the certificate details will be displayed, and the user will have the option to continue the import operation (by selecting the "Accept Import" button) or to abort it (by selecting the "Cancel Import" button).

XML signatures can be used as authentication credentials or as a way to check data integrity. XML signatures can be applied to XML file, HTML pages, gif files, XML-encoded data. When validating an XML signature, an XML file must be chosen first. If there is no certificate embedded, the certificate identified by the current selected entry is used to validate the XML signature.

After the XML signature verification process, the messages that will be displayed are:

If the certificates are embedded these will be shown under the "Certificates details" panel and details can be viewed or Certificates exported or directly imported into the active KeyStore.

When importing a selected embedded certificate into the active KeyStore, the certificate trust will be verified in the same way it is verified when importing a trusted certificate into the active KeyStore. If a Trust Path can not be established using the provided TrustStores and the Trust Path validation options (which can be set from Tools > Options > Trust Path Options), a message will be displayed informing about that and asking if the certificate should be displayed for user verification. If "No" is selected, or the dialog is closed, the import operation is aborted. If "Yes" is selected, the certificate details will be displayed, and the user will have the option to continue the import operation (by selecting the "Accept Import" button) or to abort it (by selecting the "Cancel Import" button).

The Portable Document Format (PDF) allows to digitally sign a document by inserting a cryptographic signature value in the file. A signature is in most cases represented by a signature field containing the name and other attributes of the signer. When verifying a PDF signature, a PDF file must be chosen first. The digital signatures CERTivity understands for PDF verification are the public/private-key encrypted document digest with the standard SubFilter values adbe.x509.rsa_sha1, adbe.pkcs7.detached, and adbe.pkcs7.sha1. The exact specified handler (the Filter value) is ignored when verifying the signature according to the PDF Reference “An application may substitute a different handler when verifying the signature, as long as it supports the specified SubFilter format.”

After verifying the PDF signature, a dialog called "Verification Results" is presented for the Document containing the global document status and details for each Signature found. The global Verification Status can be one of:

For each signature recognized in the document, you can see the signer details, such as name, location, reason, date, certificate, signature verification status and verification info. The embedded certificate of each signature can be viewed and even exported into an external file.

A Verbose text report can be analysed (Show Details) revealing the reason why, for example, some signatures are not valid, or revealing the value of the SubFilter/Filter. This is especially useful to observe the details for invalid cases as many information is logged. For example, according to the adbe.pkcs7.sha1 SubFilter the signature process involves two digests - the SHA1 digest of the byte range which is encapsulated in the PKCS#7 signed-data field with ContentInfo of type Data, and then this signed-data field is digested and signed according to the PKCS#7 standard. So there are two digest verified, and if one of these fails the validation fails, and this could be visible by inspecting the Details section, for example:

The calculated SHA1 Message Digest coincides with the encapsulated PKCS#7 signed-data field. Continuing the signature verification procedure. Digest Mismatch [message-digest attribute value does not match calculated value].

Although a signature may not be valid, the option View Certificate > Export Certificate > Import to KeyStore can be available in many situations (usually if preliminary validation passes) as long as the certificate is embedded according to the PDF standards. For example, in the case above where the second message-digest mismatch the embedded certificate can still be viewed/exported/imported to KeyStore.

When importing a selected embedded certificate into the active KeyStore, the certificate trust will be verified in the same way it is verified when importing a trusted certificate into the active KeyStore. If a Trust Path can not be established using the provided TrustStores and the Trust Path validation options (which can be set from Tools > Options > Trust Path Options), a message will be displayed informing about that and asking if the certificate should be displayed for user verification. If "No" is selected, or the dialog is closed, the import operation is aborted. If "Yes" is selected, the certificate details will be displayed, and the user will have the option to continue the import operation (by selecting the "Accept Import" button) or to abort it (by selecting the "Cancel Import" button).