Counter-signing is the action of signing data that includes another signature. Counter-signing requires that signatures have a precise sequence in which they can be deletedwithout invalidating the other signatures. Adding the first signature to a set of data signs the data itself. Adding a second signature does not sign the data in the form, but instead signs the first signature. Each additional counter-signature signs the previous signature. If the signed data itself is tampered with, only the first signature in the list becomes invalid; the status of the rest of the counter-signatures remains unchanged. If the data stored with a particular signature (in the Signature element) is tampered with, such as the comments or nonrepudiation information for that signature, then that signature and the following signature become invalid. For a specific set of signable data, only the last signature in the list can be deleted without affecting any of the others. For a set of signable data configured for counter-signatures, no other signatures can be added after a signature with the status other thanValid. That signature must be deleted before additional counter-signatures can be added.
When you enable digital signatures for an entire form, the form users must enter all the data they require before they sign the form. After the first signature is added, all controls in the form and the form's XML Document Object Model (DOM) become read-only, and the text [Signed] appears in the title bar. Other users who open the form cannot enter data; they can only add, remove, or verify counter-signatures.