Problems in signature verification since march update?

Question

Hello,

We have noticed two different problems with PDF signature verification since latest update (march).

First problem (less severe): If we open a perfectly valid signed PDF with the latest Reader / DC, the signature panel shows that the signature is valid, but there is always a warning indicating "changes have occurred". Clicking re-validation removes the warning. This is merely annoyance, but indicates that something has changed in Reader. No such warnings have been displayed with previous versions.

Second problem (more severe): Signature may be validated correctly with latest OSX version of the Acrobat Reader, but fails to validate with latest Windows version. This is absolutely unacceptable. I cannot provide an example document because we cannot reproduce the problem and those few examples we have contain sensitive data. However, the problem is real and we have seen already two separate instances of this problem since March.

Windows:

OSX:

We are now confused where to continue debugging this issue. Any ideas? I can see that the first issue is also happening with other signed PDF files too, not the ones that were have created and signed by ourselves.

MikelKlink · Answer

There have been a few other posts pointing out changes in signature validation in the 2022 updates of Adobe Acrobat. Chances are that Acrobat signature validation code has been hardened against some signature forgery strategy, and some more signed documents with similar structures (even though not used for forgery purposes) also now are rejected.

Without examples, though, one cannot say whether these extra rejects are really false hits or whether they actually contain structures allowing forgery.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded