How secure is Penneo?

Is it safe to use digital signature for signing important documents?
At Penneo, we place security as our absolute first priority

The security issue surrounding Penneo can be divided into two main categories: the technical safety of the signature and the operational safety of Penneo. The technical safety concerns the principles and technologies used to produce the signed document while the operational security concerns security in hosting, data processing and internal security procedures.


The Signature's Technical Security

To be valid, a signature, digital or physical, must meet 3 basic requirements:

  1. Security of the signatory's identity
  2. Security for the integrity of the content
  3. Security against the signatory’s ability to refuse (non-repudiation)


Security of the signatory's identity

This requirement stipulates that we shall be assured that we can be sure exactly who has signed. In Denmark, NemID is the most secure way of attaching a digital signature to a physical person as it is issued by the state on the basis of the CPR registry. When a document is signed with Penneo, it is printed on the undersigned's name, as recorded in the NemID used (and thus also in the CPR registry). To further enhance security, a unique PID, or RID, is also applied when employee signature is used. Should there be any doubt about the identity of the signatory,can NemID provide information on the PID and the CPR number together with information on the CPR number of the presumed signatory.

This ensures that you’ve got the identity of the signatory.


Security of Content Integrity

It is of course crucial that the content of a signed agreement can not be changed once it has been signed. A digital signature consists of two parts: the signature itself and the content that is being signed.

When a digital signature is inserted with Penneo, the document is first printed on a unique ID as a watermark in the right side margin, after which a so-called “Checksum” is created check based on the document content including the Watermark. This unique checksum is part of the signature's "content" itself, which makes it possible to see if the signed document has been modified subsequently. Once the digital signature has been submitted to a document, the entire package is signed by Penneo. One could say that Penneo acts as a kind of notary on the signed document. This ensures that there is no change in the document or signatures, and it also makes it extremely easy to verify whether the content of your agreement has been changed. This feature is actually built into many PDF readers. For example, Acrobat Reader displays the following message if everything is correct.


Security against the signatory’s ability to refuse

No matter how secure the technical evidence of a signature may be, you can still imagine a situation where a signatory subsequently refuses to have signed.

Penneo protect against this in two ways: First, a Penneo signature can only be applied to a document through Penneo's signature platform. This ensures that the user has been informed of the consequences of his actions and that the user has had the opportunity to read that document.

For the other part, the more legal side of the proof is that the user as part of the NemID process receives the following statement: "With my signature, I confirm the content and all dates in the following documents identified by their document key and cryptographic hash value . "The statement also contains an overview of the documents that are signed, as well as the role that you sign as.

This statement is stored as part of the signature itself and thus serves as further proof of the validity of the signature. Thus, NemID also guarantees the documents that are signed.


Standards and Recommendations

Why can a digital signature only be used on PDF documents? This is mainly due to the fact that in a large number of organizations it has been agreed to standardize internationally around the PDF format as the filing standard for legal documents.

In the European single market, digital signatures are governed primarily by the eIDAS Regulation electronic IDentification (Authentication and Trust Services). This Regulation is broadly based on ensuring common requirements for electronic signatures, e-commerce and other digital communications.

eIDAS requires that an approved eID be able to be used for digital signing as well as access to public and financial self-service solutions. It takes place through a number of document standards that allow signature of PDF documents.

In the Nordic region, however, it should be mentioned that NemID in Denmark and BankID in Sweden and Norway are local implementations of the eIDAS regulatory framework.

In the EU, the standards for digital signing of documents are governed primarily by the ETSI Institute (European Telecommunications Standards Institute,, primarily through the PAdES standard. PAdES defines a specific structure of the cryptographic evidence in the PDF document, in order to fulfill as described above.

In addition, specific attention has been paid to the document's long-term sustainability (LTV) so that the document's cryptographic evidence can be verified even after the platform that created the document has become inaccessible.

In other words, PAdES is the best-defined standard for digitally signed documents, so it must also be considered the most durable. Therefore, Penneo is built on PAdES.


Portability / Validity?

In order to ensure that the document never loses its legal validity, the technical proof of the signature is stored as a form of attachment in the completed PDF. This means that your signed document already contains everything you need to verify the validity of the signature. This can be done through Penneo's validator, but also through any other PAdES-compliant validation platform.