jaakristioja
commented
1 year ago This is a valid issue.
And in practice it is sometimes not even possible to verify the documents after signing them. I once asked a bank to provide me the documents I had already signed via their internet bank portal together with my digital signatures to verify them, but they did not comply. So this is not like only having to trust them with all my money, but closer to a situation of signing blank pieces of paper.
When creating a signature in a browser only the hash is sent to the client. It's not cryptographically backed which document the user is signing. As a result it's not only possible for the user to sign a different document, but the user actually has no means to know what is he signing. Providing the document before signing and .asice after signing in the web page UI does not solve the problem as the user may not have trust that the website provides correct files.
When creating a signature the whole document should be sent to the client, the hash should be produced on the client and UI should allow the user to see what is he signing.