The University of Queensland (UQ) provides 2015 and 2016 graduates with an eTranscript, a digitally signed electronic version of the graduate’s Official Academic Transcript. This is a progressive roll out of eTranscript functionality, involving only those graduates who were conferred in 2015 and 2016.
What is a digital signature?
A digital signature is a cryptographic hash which creates a "fingerprint” unique to both the document (e.g. PDF eTranscript) and the document’s signer. Digital signatures ensure the authenticity of the signer and the integrity of the document’s content. Any change, no matter how small, made to the PDF after it has been digitally signed invalidates the signature, thereby protecting against signature forgery and document tampering.
UQ is committed to ensuring the integrity of the eTranscript. It is relatively easy to obtain a digital certificate that can be used to sign a PDF, but only a high assurance certificate, which is in the Adobe Approved Trust List, will provide a certificate with a signature that can be trusted by the relying party, eg an employer. The certificate issued to UQ by the Certificate Authority, QuoVadis, is a high assurance certificate that is trusted by the Adobe Approved Trust List.
Digital signatures should not be confused with electronic signatures which
Benefits of Public Key Infrastructure (PKI) digital signatures
By providing digitally signed eTranscripts to graduates, relying parties can immediately verify the authenticity of this type of academic record issued by The University of Queensland and easily check whether it was modified after it was signed.Digitally signed eTranscripts are also portable and convenient. Because digital signatures are based on PKI, they are a practical and more convenient substitute than obtaining certified true copies of academic records from notaries. Now, potential employers and other relying parties can immediately check the authenticity of digitally signed eTranscripts issued by UQ whenever graduates (from 2015) apply for jobs or further education online.
How can a relying party verify the digital signature?
To verify the authenticity of a digitally signed eTranscript, simply open the PDF file with Adobe Reader, Adobe Acrobat or other compliant PDF reader. An Internet connection is required the first time the PDF file is viewed to enable all the signatures in the certificate chain to be checked and validated – a process which occurs automatically in the background.
If the digital signature is valid, it will display a blue bar at the top of the PDF which states that it is “Certified by The University of Queensland”. This blue bar is only visible when the PDF is viewed online and cannot be seen when the file is printed.
If the blue bar contains a yellow triangle then no reliance should be made on the academic record without further checking. This warning may be present if the relying party is attempting to view the PDF for the first time without an internet connection; or if the automatic update of the Adobe Approved Trust Certificates is disabled in Adobe Reader.
If the blue bar contains a red cross, then this means that the PDF file was modified after it was signed and should not be trusted as authentic or accurate.
Please note that because validation of the digital signature in an eTranscript can only occur online, no reliance on any signature or details within the eTranscript should be made if viewing a printed copy of this eTranscript by itself.