Copy link to clipboard
Copied
Hello -
I work for a GOV agency and we use Common Access Cards/Smart Cards to login to our PC's and we subsequently use them to digitally sign PDF documents.
We have just recently switched to Adobe Acrobat 9.x Pro. Before this, we had Adobe 7.x Pro and had no troubles digitally signing documents, clearing those digital signature to reuse old documents, etc.
We first got Acrobat 9.x and had issues with digital signatures right away. We had to import this into the registry, which I believe I found on adobe forum.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c4974BB0C5EBA7AFE0254EF7BA0C695C609807096]
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c4974BB0C5EBA7AFE0254EF7BA0C695C609807096\cAdobe_OCSPRevChecker]
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c4974BB0C5EBA7AFE0254EF7BA0C695C609807096\cAdobe_OCSPRevChecker\cURL]
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c4974BB0C5EBA7AFE0254EF7BA0C695C609807096\cAdobe_OCSPRevChecker\cURL\c0]
"sValue"=hex:68,74,74,70,3a,2f,2f,6f,63,73,70,2e,64,69,73,61,2e,6d,69,6c,00
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c4974BB0C5EBA7AFE0254EF7BA0C695C609807096\cAdobe_OCSPRevChecker\cURLToConsult]
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c4974BB0C5EBA7AFE0254EF7BA0C695C609807096\cAdobe_OCSPRevChecker\cURLToConsult\c0]
"iValue"=dword:00000001
Lately we've had trouble verifying signatures. Once we sign a document and then click the signature, we get the attached error.
Error during signature verification
Error encountered while validating
Error encountered while BER decoding
When we started to notice this we were on Acrobat 9.2. I think we may have went from 9.0 to 9.1.3 and then to 9.2 pretty quick. I removed it and installed our base load of Acrobat 9.0 and everything was working fine. I then updated to 9.1, 9.1.1, 9.1.2, 9.1.3 and none of them worked or fixed the issue. We have recently approved the update to 9.3, but that didn't fix it either. Because of this BER decoding issue, we cannot right click the signature field and clear a signature as well. Even after updates I could clear a signature field signed under Adobe 9.0.
Adobe, what should I do? Do we have a problem elsewhere, outside of Acrobat?
Again, we use smart card's to sign the documents, thus cannot change certificates.
Thanks, Nick
Copy link to clipboard
Copied
Looks like someone beat me to the punch in posting this. I am in the exact same situation with the exact same result. I have created forms and have to create another reset button to erase the signature only. It's not a desirable way to workaround the problem but until Adobe comes out with a fix, it helps.
Does Adobe even read or respond to the problems that users post? They have yet to address or fix the issue with the last row of thumbnails not showing on documents without shrinking thumbnail size small enough to display every page at once and they have had several updaes to Acrobat 9 already.
Copy link to clipboard
Copied
Hi Nick,
When you mentioned that upgrading to 9.3 didn't fix the problem, did you mean when creating a new signature in Acrobat/Reader 9.3 or did you mean opening a previously signed file and doing the signature verification?
If you meant the later, no version of Acrobat will be able to decode the signature if it was created incorrectly, which is what I fear you are referring to. What happened was Acrobat 9.0 changed the default digest method from the older SHA-1 to the the new SHA-256, but if the device that encrypts the digest (the actual signing operation) cannot handle the larger digest Acrobat is supposed to fall back to the older, smaller SHA-1 digest. There was a bug where Acrobat wasn't re-computing the digest if the smart card couldn't handle SHA-256 and creating a corrupt signature. Once this corrupt signature is written out to the PDF file there is no getting around it. Update 9.3 fixes the problem at signature creation and you should be able to successfully sign using your CAC card, but sadly there is no fixing the existing corrupt signatures.
Steve
Copy link to clipboard
Copied
Steve,
I am using Acrobat 9.3 and created a new pdf file this morning and added a
digital signature to it. After I saved the file, I right clicked on the
signature and the option to clear the signature was still not there and there
was an error validating the signature (same error as in subject of email).
Robert S. Miller, CDIA+
Document Automation Project Manager
DAPS Port Hueneme
4231 San Pedro Road
Port Hueneme, CA 93043
805-982-3783 (Work) 805-982-3370 (Fax)
Copy link to clipboard
Copied
Hi Robert,
By any chance are you using an ActivCard smart card reader? If so do you know the version? There was a recent update to version 6.2 and if you are not using an earlier version could you give 6.2 a try?
Thanks,
Steve
Copy link to clipboard
Copied
Steve,
We installed the hotfix for ActiveClient 6.2 just after I sent your email and
that was in fact the issue. This hotfix corrects the problem with the
signatures.
Robert S. Miller, CDIA+
Document Automation Project Manager
DAPS Port Hueneme
4231 San Pedro Road
Port Hueneme, CA 93043
805-982-3783 (Work) 805-982-3370 (Fax)
Copy link to clipboard
Copied
Hi Robert,
That's good news!! With a little luck this will solve Nick's problem too.
I know it looks like it's Acrobat's fault, but all we do (when using a smart card) is compute the hash over the byte range to be signed and send it to the card OS for encryption (a digital signature is just using your private key to encrypt the hash). It's the card software that manages access to the private key (Acrobat never gets access to a private key when it's stored on a hardware device) and if there is a breakdown in the key operations Acrobat gets garbage back from the smart card. In all probability nothing came back and there is no signature, which is why you can't clear it.
Steve
Copy link to clipboard
Copied
Steve,
Thanks for your help and your quick response. I spoke with Nick and this also
solved his problem. As far as previously signed documents, I just created a
reset button to reset just the signature and once that was done I deleted the
new button and the form was back to normal.
On a different note, has Adobe come up with a solution to the issue with the
thumbnails not showing the last row? This occurs when the row isn't
completely filled up and has been an issue since the release of 9.0.
Robert S. Miller, CDIA+
Document Automation Project Manager
DAPS Port Hueneme
4231 San Pedro Road
Port Hueneme, CA 93043
805-982-3783 (Work) 805-982-3370 (Fax)
Copy link to clipboard
Copied
This problem existed in Adobe Acrobat 9.4.3 for me when paired with ActivIdentity 6.2.050. Applying the latest hotfix from ActivIdentity brought the version to 6.2.108 and fixed the problem. The signatures are now verifying in Adobe Acrobat and I no longer get the BER decoding error.