Copy link to clipboard
Copied
Hi all,
we're using on OSX an application that interfaces with the local keychain and intercepts the signature request issued from Acrobat (like a click on a signature field).
When testing this with ECDSA keys of the common secp family and different lenghts we noticed a strange behaviour, Acrobat always use the SHA384 hash algorithm indepentently from the actual key length.
To be more clear, for signatures we expected on the "keychain side" a digest fit for an "optimal cryptography", that is something like:
- key secp256 -> digest SHA256
- key secp384 -> digest SHA384
- key secp521 -> digest SHA512
Insetad we got:
- key secp256 -> digest SHA384
- key secp384 -> digest SHA384
- key secp521 -> digest SHA384
So, is possible that there is a bug somewhere and on OSX Acrobat tries to use incorrectly only the ecdsaSignatureDigestX962SHA384/ecdsaSignatureMessageX962SHA384 methods?
Copy link to clipboard
Copied
One more bit: we probably have undestood that Acrobat on Mac always choose the digest algorithm "looking" at the one that was used to sign the user certificate.
I.E., having a user certificate with secp256 keys that is signed by the RootCA with a "SHA384ECDSA" algortihm, when trying to make a signature the digest algorithm chosen by Acrobat will be "SHA384" (and not the expected "SHA256", as from the user's key length), thus will be based on the RootCA signature alg....
Copy link to clipboard
Copied