Is it possible to add a CRL to the Acrobat cache (the \AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache directory )? I have the CRL file I nedd and I can copy it to the directory. What I need is to change its name, but I don't know how to find the correct name - every file in that directory has name looking like a hash (it is not a hash of the file). Any ideas ?
OK. Problem solved. The name of the file is the hash (SHA1) of the CRL distribution point from the signer's certificate.
hi! can you privide a way to populate my crlcache in offline mode please? when i say offline mode means no internet, no proxy, i downloaded the crl files in a central store server, but i need to make the transformation to populate my crl cache with correct filenames.crl . thanks in advansed!
Is the transformation to populate the CRL Cache with correct file names ocurring at the central store server or in another computer?
In which operating system are you trying to execute this task?
And are you also looking for a way to delete the cache and perform CRL Cache updates automatically?
sure. First You need to find the full path for the CRL (from CDP in certificate). For example - http://www.somedomain.pl/crl/mylist.crl . Then You need to calculate SHA-1 hash of this string (you can use https://passwordsgenerator.net/sha1-hash-generator/) and You get 636ECEE4AA3A6BB838BF91CDA1F634C9701D0341 .
Then You need to rename the file from mylist.crl to 636ECEE4AA3A6BB838BF91CDA1F634C9701D0341.crl and copy it to the C:\Users\username\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache
I know it is deprecated, I was even using a tool to create two different PDF files with the same SHA1 hash. But in this case the SHA1 is used just to create the correct name for the file in the CRLCache. That souldn't be a problem because if you put a false CRL file, the application will not accept it.
And what is most important - It is not my idea, this mechanism is built in the Adobe Acrobat (I could not find the description of it, so I was doing some tests and I found the correct answer).
The current state of cryptanalysis against the SHA-1 algorithm allows for collisions, but not for pre-images.
This means that SHA-1 is not secure anymore for digital signatures and other security applications, but it remains acceptable for integrity verification and file indexing (like this use case).