PDF sign

Report · Jun 30, 2023

Hi

I have signed a pdf file using a certificate installed in the windows. I am sure the certificate is valid because I have used it to sign XML files.

After signing the pdf (using SecureBlackBox from NSoftware) and trying to open the pdf using Acrobat Reader the problem with signature appears. If I move the certificate to "Trusted" area (using Reader to so so) the signature become valid. In other words, in my computer the pdf seems OK but when I send it to another user it become invalid. I have contacted NSoftware that told me the process of signing is correct and it seems the Adobe Reader does not "like" the certficate. Is there something I can to to solve this problem ?

You can contact me at eduardo@hpro.com.br and the pdf signed is attached.

Report · Jun 30, 2023

Hi @José Eduardo307953688hwr

Hope you are doing well.

We get the first and second parts, where a signature is valid at your end but when its sent out it becomes invalid.

What we have trouble understanding is the exact process of signing the pdf and how it has been shared with other users.

You probably need to validate your signature and set the Acrobat's preferences accordingly.

Reader this document carefully and make the suggested changes in preferences. https://helpx.adobe.com/acrobat/using/validating-digital-signatures.html#verificationPreferences

Follow the steps depending on the Acrobat UI you have. If it's current or new

Thanks,

Akanchha

Report · Jul 14, 2023

Hi

Sorry for delay. I am signing using NSofware signer techniques. I am a software developer using Delphi and have created an application to sign pdf. After that it is sent to other users. When those users receive the signed PDF the process of signature validation fails. Is it right ? Each user must trust my certificate ? Is there a way to add my digital certificate to Adobe AATL globally and every user that receive PDF created with my software understant it correctly ?

Regards

Report · Jul 15, 2023

How do I check my signature cause I discovered that I can't sign exactly
the way I do on a paperwork 🤷🤷

Report · Jun 30, 2023

If you open the signature properties and look at the signer certificate in the certificate viewer, you'll see this:

In particular you can read here that The selected certificate has errors: Invalid policy constraint.

This means that the trust anchor in your certificate chain has been added to the AATL (Adobe Approved Trust List) with the restriction that only those certificates issued by this certificate authority shall be trusted which contain a certificate policy identifier from a given set of IDs and that your certificate does not contain an identifier from that set.

Specifically in your case the trust anchor is the root certificate of the chain, Autoridade Certificadora Raiz Brasileira v5, for which the certificate viewer shows this on the "Policies" tab:

If one looks it up in detail, one sees that the set of allowed policy identifiers consists of the two ranges 2.16.76.1.2.3.1 through 2.16.76.1.2.3.138 and 2.16.76.1.2.4.1 through 2.16.76.1.2.4.58.

Looking at your certificate, though:

one sees that your certificate has the policy id 2.16.76.1.2.1.96 which is not in the set of trusted identifiers in your CA.

Thus, if you want to sign PDFs with a certificate issued by Autoridade Certificadora Raiz Brasileira v5, you should ask your CA for a certificate with a policy ID from the ranges 2.16.76.1.2.3.1 through 2.16.76.1.2.3.138 and 2.16.76.1.2.4.1 through 2.16.76.1.2.4.58.

(Beware, those policy identifiers usually have a meaning and imply requirements; e.g. such a policy might imply that the identity of the certificate owner has been thoroughly verified or that the private key is located on a secure signature creation device, e.g. a smart card. You, therefore, may have to go through a specific procedure to get such a certificate, or you may use it only with a smart card.)

Report · Jul 14, 2023

Hi

Sorry for the delay but thank you very much for your support.

Regards

PDF sign

Photos