Skip to main content
S
Seamountain
Participating Frequently
October 22, 2021
Question

Digital Signature. document changed, invalid signature.

  • October 22, 2021
  • 1 reply
  • 19821 views

Hi, I have a problem when I digitally sign a document in Reader.

Reader states that "the document has changed after signing" but no changes have been made.

I use Reader DC 2021 007 20091 and Windows 10 20H2.

 

Why does Reader say so and state that the signature is invalid?

    1 reply

    Amal.
    Amal.
    Legend
    October 22, 2021

    Hi there

     

    Hope you are doing well and sorry for the trouble. As described, when I digitally sign a document in Reader.  Reader states that "the document has changed after signing.

     

    Is this a behavior with a particular PDF file or with all the PDFs that you digitally sign? Please try with a different PDF file and check.  If the file is stored on a shared network drive, please download it to your compouter first and try signing it and check.

     

    You may also try to sign the PDF file online via Document Cloud https://documentcloud.adobe.com/link/home/ and see if that helps.

     

    Regards

    Amal

    S
    SeamountainAuthor
    Participating Frequently
    October 22, 2021
    556 / 5000
     

    Översättningsresultat

    Hi Amal,
    It does not matter if the document is stored locally on my computer or on a network device, I get the same problem with Adobe saying that the document has been modified, with the result that the signature is invalid.
    I did not test to sign online because it is not an alternative for me.
    I have seen some posts from 2017 about SHA1 and SHA256 and if I change the windows registry so that Adobe will use SHA1, I will not get the error that the document has been changed.
    So what is it that makes Adobe think the document has changed if I use SHA256?
    S
    SeamountainAuthor
    Participating Frequently
    October 26, 2021
    quote

    What you write seems logical and I think I found where I turned off the embedding of validation information and the document became very much smaller.

     

    Yes, your new example indeed is without the validation information, without the embedded giant CRL.

     

    quote

    But unfortunately the signature is still invalid with the same error message.

     

    Indeed. The signed hash again is incorrect. So while this simplified the use case, it didn't fix the error.

     

    I'm afraid I cannot analyze the issue further without having a similar setup myself, and as I don't have such a Swedish card, that's not possible.

     

    I would propose some tests that would allow you to narrow down the possible cause of the issue. But that would be narrowing down only, not solving the issue:

     

    1. Create a self-signed soft-token (using "Create a new Digital ID") with a 2048-bit RSA key and use it to test signing with SHA256. If this doesn't work, something is broken in your Adobe Reader (or operation system crypto routines it may use).
    2. Install Adobe Reader and smart card drivers on a different computer and test with your card.
    3. If you have a different card (by a different manufacturer with a different driver), try signing with that card, too, on both test computers.

    Hi,

    Thanks for all the answers!
    I must admit that I did not know that PDF files are so advanced and complicated 🙂

    I have saved my PDF as a full PDF (I hope), it does not say "Linearized" in the first paragraph when I open files with Notepad.

    I have tried to sign the full PDF but unfortunately I still get the same error. I have not found any older version of Reader to test with but I have gained access to Adobe Acrobat and tried to sign the same PDF and it works, the signature is valid.

    I do not know if my conclusion is correct but since Acrobat can sign, there "should" be nothing wrong with my set of Smart Card, driver, Smartcard client, OS and so on.
    I have also tried to sign the PDF with a Digital ID created in Reader and it also works.

    So the problem seems to be related to Reader and when Reader will Hash the signature from my smartacard. So what makes Reader different from Acrobat because it works with Acrobat?

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices