Advanced Signature properties: PAdES Signature Level

New Here ,
May 13, 2022 May 13, 2022

Copy link to clipboard

Copied

When I create a PAdES signature with Acrobat and open the Advanced Signature Properties, I see 4 properties: Creator, Hash Algorithm, Signatue Algorithm, and PAdES Signature Level.

I would like to know how the PAdES Signature Level is populated (i.e. what part of the Signature Dictionary is being read).

I have a PAdES signature that was created outside of Acrobat.  It shows as LTV enabled in the signature pane, but in the advanced properties it's missing the entry for PAdES Signature Level.

What info is Acrobat looking for to populate this information?

Sample signed document is here.

TOPICS
Security digital signatures and esignatures

Views

127

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Engaged , May 15, 2022 May 15, 2022

First of all, the PAdES signature level you mention refers to the PAdES BASELINE profiles according to ETSI EN 319 142-1. To understand what Adobe Acrobat should look for to determine that PAdES signature level, please study that norm. You can download it e.g. at https://www.etsi.org/deliver/etsi_en/319100_319199/31914201/01.01.01_60/en_31914201v010101p.pdf

 

Concerning your sample signed document: There are errors in the embedded signature container of your PDF signature as far as PAdES BASELINE

...

Likes

Translate

Translate
Engaged ,
May 15, 2022 May 15, 2022

Copy link to clipboard

Copied

LATEST

First of all, the PAdES signature level you mention refers to the PAdES BASELINE profiles according to ETSI EN 319 142-1. To understand what Adobe Acrobat should look for to determine that PAdES signature level, please study that norm. You can download it e.g. at https://www.etsi.org/deliver/etsi_en/319100_319199/31914201/01.01.01_60/en_31914201v010101p.pdf

 

Concerning your sample signed document: There are errors in the embedded signature container of your PDF signature as far as PAdES BASELINE specifications are concerned.

 

  1.  It contains both the ESS signingCertificate and the ESS signingCertificateV2 attributes. While RFC 5035 in 2007 allowed this to ensure compatibility with legacy applications, it already mentions possible issues resulting from that. PAdES BASELINE consequentially requires exactly one of those attributes.
  2. It contains the signingTime attribute. PAdES BASELINE forbids the use of this attribute. The claimed signing time shall be put into the signature dictionary M entry.

 

So the signature in your document does not follow the requirements for PAdES BASELINE signatures. Consequentially, Adobe Acrobat should not claim any PAdES signature level.

 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines