TU Berlin

ZE CampusmanagementAdvanced digital signatures

"das Wort tubIT in roter Schrift auf wei├čem Grund"

Page Content

to Navigation

Advanced digital signatures

For some time now, the TU Berlin has been promoting the securing of email traffic through the use of software certificates for encrypting and signing electronic messages. These digitisation efforts have gained additional weight against the background of the Corona pandemic and its effects (home office, etc.).

In addition, there is a need for a way to sign documents digitally in order to dispense with the classic form of signature on paper documents. At the TU Berlin, the corresponding certificates are now to be provided as so-called advanced signatures for the digital signing of documents and forms for internal use.

The software certificates used meet the requirements of an advanced signature:

  • They enable the detection of manipulation of data made in the document after signing (integrity).
  • It can be clearly assigned to a specific person.
  • In case of doubt, a person can prove that he or she has set the signature and that it complies with the corresponding security requirements.

Technically, the method works in a simplified way like this:
When digitally signing a document using the above method, an encrypted hash value (checksum) is deposited and stored in the document. When the recipient opens the document, this hash value is generated again and compared with the original hash value. In this way, the integrity of signed data can be determined and it can thus be recognised whether changes have been made to the data or the document after the signature was created.

Certification procedure

In order to use this procedure, TU employees must obtain such a certificate. This is done in the following steps:

1. Identification of an eligible person

Software certificates can be applied for from the Participant Services staff at the TU Berlin Trust Centre (TSM). The office hours and contact details of the TSM can be found at https://www.tu-berlin.de/?222608

  • Identification takes place with the help of a personal identification document with a picture, i.e. exclusively a valid identity card or passport.
  • It is recommended that you also carry your staff and/or student ID card.
  • The appointment must be attended by the person who wishes to apply for a certificate (substitution is not possible).

2. Application for a certificate

Software certificates are applied for online. The online application for software certificates requires prior identification every 39 months by an authorised participant service staff member of the Trust Centre (TSM).

The certificate can be applied for under the menu item "My Profile" > "My Certificates" > "Software Certificates" > "Download Software Certificates" > "Apply for a new software certificate online".

3. Approval of the certificate application by the ZECM.

As soon as the application is received by the ZECM, it is checked and processed by a TSM and the status is entered in the system. Applications are processed as quickly as possible, so please refrain from asking questions about the status of the processing. The ZECM informs applicants as soon as the approval has been given and the certificate can be downloaded.

4. Downloading the issued certificate

You can download the new certificate in the TU portal via the button "Download software certificate file" under the menu item "My profile" > "My certificates" > "Software certificates" > "Download software certificates".

Get started right away! The office hours and contact details of TSM can be found at https://www.tu-berlin.de/?222608

Use of the certificates

Embedding the certificates in Adobe Acrobat Reader (Windows)

  1. Download certificate (p12 file)
  2. Select the dialogue "Preferences" > "Signatures"
  3. Click on "Identities and trusted certificates" > "More...".
  4. Select "Digital IDs" on the left, then select the "Plus" to add.
  5. Select "My existing digital ID from:" and "A file":
  6. Select P12 file with software certificates, enter password:
  7. Confirm addition of ID.
  8. Load the document to be signed in Reader and select "Tools" > "Certificates" > "Digital Sign" and confirm the message with "OK"
  9. Select area and start signing process with "Continue"
  10. Enter the certificate password and save the signed document.

Instructions for embedding a certificate in Adobe Acrobat Reader

Embedding the certificates in Foxit (macOs)

  1. First you must import your software certificate into the certificate store of your operating system. Under MacOS, start under "Applications" > "Utilities" > "Key chain Management".
  2. Under "File" > "Import Objects", select the p12 file with your software certificate and enter your certificate password.
  3. After your certificate has been imported, close the key chain management.Now start Foxit Reader and load a PDF document.
  4. To sign, select the function "Sign & Certify" under "Protect".
  5. Then select "Place signature".
  6. Select the area where you want to place the signature and choose the digital ID you want to sign the document with.
  7. After entering the password for the key chain management, first create a new representation type (the default type is not suitable).
  8. Choose a name for the new representation format and set the ticks as shown in the picture (important: "Date" and "Excellent name" must be selected).
  9. Save the self-defined format and use it for signing in the future.
  10. Then choose a new file name for the signed document.

Instructions for embedding a certificate in Foxit Reader

Validation of digital signatures


The PDF programme shows you the information whether the digital signature is valid when you open the document.


Quick Access

Schnellnavigation zur Seite über Nummerneingabe