Skip to main content
D
defaulthh050p9axzhq
Participant
May 13, 2022
Answered

Advanced Signature properties: PAdES Signature Level

  • May 13, 2022
  • 1 reply
  • 1560 views

When I create a PAdES signature with Acrobat and open the Advanced Signature Properties, I see 4 properties: Creator, Hash Algorithm, Signatue Algorithm, and PAdES Signature Level.

I would like to know how the PAdES Signature Level is populated (i.e. what part of the Signature Dictionary is being read).

I have a PAdES signature that was created outside of Acrobat.  It shows as LTV enabled in the signature pane, but in the advanced properties it's missing the entry for PAdES Signature Level.

What info is Acrobat looking for to populate this information?

Sample signed document is here.

This topic has been closed for replies.
Correct answer MikelKlink

First of all, the PAdES signature level you mention refers to the PAdES BASELINE profiles according to ETSI EN 319 142-1. To understand what Adobe Acrobat should look for to determine that PAdES signature level, please study that norm. You can download it e.g. at https://www.etsi.org/deliver/etsi_en/319100_319199/31914201/01.01.01_60/en_31914201v010101p.pdf

 

Concerning your sample signed document: There are errors in the embedded signature container of your PDF signature as far as PAdES BASELINE specifications are concerned.

 

  1.  It contains both the ESS signingCertificate and the ESS signingCertificateV2 attributes. While RFC 5035 in 2007 allowed this to ensure compatibility with legacy applications, it already mentions possible issues resulting from that. PAdES BASELINE consequentially requires exactly one of those attributes.
  2. It contains the signingTime attribute. PAdES BASELINE forbids the use of this attribute. The claimed signing time shall be put into the signature dictionary M entry.

 

So the signature in your document does not follow the requirements for PAdES BASELINE signatures. Consequentially, Adobe Acrobat should not claim any PAdES signature level.

 

1 reply

MikelKlink
MikelKlinkCorrect answer
Participating Frequently
May 15, 2022

First of all, the PAdES signature level you mention refers to the PAdES BASELINE profiles according to ETSI EN 319 142-1. To understand what Adobe Acrobat should look for to determine that PAdES signature level, please study that norm. You can download it e.g. at https://www.etsi.org/deliver/etsi_en/319100_319199/31914201/01.01.01_60/en_31914201v010101p.pdf

 

Concerning your sample signed document: There are errors in the embedded signature container of your PDF signature as far as PAdES BASELINE specifications are concerned.

 

  1.  It contains both the ESS signingCertificate and the ESS signingCertificateV2 attributes. While RFC 5035 in 2007 allowed this to ensure compatibility with legacy applications, it already mentions possible issues resulting from that. PAdES BASELINE consequentially requires exactly one of those attributes.
  2. It contains the signingTime attribute. PAdES BASELINE forbids the use of this attribute. The claimed signing time shall be put into the signature dictionary M entry.

 

So the signature in your document does not follow the requirements for PAdES BASELINE signatures. Consequentially, Adobe Acrobat should not claim any PAdES signature level.

 

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices