Digital signature: does it really work for electronic documents?

Organizations of almost all sizes are discovering the value of "going digital" by converting their office documents to electronic documents. Many of these documents, including financial information, while papers, legal documents, and external communications, require expensive review and mark-up by internal and external workgroups. The main motivations or using PKI (public key infrastructure) in business environment (e.g., e-commerce) is to streamline workflow, by enabling human to digitally sign electronic documents, instead of manually signing paper ones. However, this approach fails if adversaries can construct electronic documents whose viewed contents can change in useful ways, without invalidating the digital signature. In this paper we have examined the space of such attacks, and have described how many popular electronic document formats and PKI packages permit them.