Adding a CRL file to the cache

Explorer ,
May 20, 2020 May 20, 2020

Copy link to clipboard

Copied

Is it possible to add a CRL to the Acrobat cache (the \AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache directory )? I have the CRL file I nedd and I can copy it to the directory. What I need is to change its name, but I don't know how to find the correct name - every file in that directory has name looking like a hash (it is not a hash of the file). Any ideas ?

TOPICS
How to , Security digital signatures and esignatures

Views

1.0K

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Explorer , May 22, 2020 May 22, 2020

OK. Problem solved. The name of the file is the hash (SHA1) of the CRL distribution point from the signer's certificate. 

Likes

Translate

Translate
Explorer ,
May 22, 2020 May 22, 2020

Copy link to clipboard

Copied

OK. Problem solved. The name of the file is the hash (SHA1) of the CRL distribution point from the signer's certificate. 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 29, 2022 May 29, 2022

Copy link to clipboard

Copied

hi! can you privide a way to populate my crlcache in offline mode please? when i say offline  mode means no internet, no proxy, i downloaded the crl files in a central store server, but i need to make the transformation to populate my crl cache with correct filenames.crl . thanks in advansed!

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
May 29, 2022 May 29, 2022

Copy link to clipboard

Copied

Just curious,

 

Is the transformation to populate  the CRL Cache with correct file names ocurring at the central store server or in another computer?

 

In which operating system are you trying to execute this task?

 

And are you also looking for a way to delete the cache and perform CRL Cache  updates automatically?

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
May 30, 2022 May 30, 2022

Copy link to clipboard

Copied

LATEST

Hi,

sure.  First You need to find the full path for the CRL (from CDP in certificate). For example - http://www.somedomain.pl/crl/mylist.crl   . Then You need to calculate SHA-1 hash of this string (you can use https://passwordsgenerator.net/sha1-hash-generator/) and You get 636ECEE4AA3A6BB838BF91CDA1F634C9701D0341 .

Then You need to rename the file from mylist.crl to 636ECEE4AA3A6BB838BF91CDA1F634C9701D0341.crl and copy it to the C:\Users\username\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache

Bartek

 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
May 22, 2020 May 22, 2020

Copy link to clipboard

Copied

Hi barthmaul,

 

Just a word of advice , SHA1  is basically deprecated.

 

Consider these notes:

 

https://isc.sans.edu/forums/diary/SHA1+Phase+Out+Overview/20423/ 

 

 

https://en.m.wikipedia.org/wiki/SHA-1 

 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
May 23, 2020 May 23, 2020

Copy link to clipboard

Copied

I know it is deprecated, I was even using a tool to create two different PDF files with the same SHA1 hash. But in this case the SHA1 is used just to create the correct name for the file in the CRLCache. That souldn't be a problem because if you put a false CRL file, the application will not accept it. 

And what is most important - It is not my idea, this mechanism is built in the Adobe Acrobat (I could not find the description of it, so I was doing some tests and I found the correct answer). 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
May 18, 2021 May 18, 2021

Copy link to clipboard

Copied

The current state of cryptanalysis against the SHA-1 algorithm allows for collisions, but not for pre-images.

This means that SHA-1 is not secure anymore for digital signatures and other security applications, but it remains acceptable for integrity verification and file indexing (like this use case).

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines