Digital signatures: document has been altered when bEnableCryptoComplyLibrary is set to 1

New Here ,
Apr 12, 2022 Apr 12, 2022

Copy link to clipboard

Copied

Hi,

 

we are currently signing PDF documents with ECDSA signatures through custom sofware (= that makes use of iText). When I open a signed document on a 'consumer' version of Adobe Reader all signatures are valid. When I open the same document on an 'enterprise' version of Adobe Reader the signature is invalid (= the document has been altered). Documents signed with RSA do not have issues.

 

We finally found the registry setting that is causing this: HKEY_CURRENT_USER\SOFTWARE\Adobe\Acrobat Reader\DC\Security\bEnableCryptoComplyLibrary. When it is set to 0 on an 'enterprise' system, there there is no issue.

 

I did a search on that bEnableCryptoComplyLibrary setting but was not able to find any information about it. Can anyone help me with this? What is the implication of disabling/enabling it?

 

Thank you

TOPICS
Security digital signatures and esignatures

Views

161

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Apr 14, 2022 Apr 14, 2022

Copy link to clipboard

Copied

Hi @davidurt ,

 

Apologies for the inconvienece.

CryptoComply is the new library support added in Adobe Acrobat/Reader.

More details can be found here :- https://helpx.adobe.com/in/acrobat/using/whats-new/2021-june.html

Can you please share the affected files with us so that we can replicate the issue on our end.

 

Reagrds,

Abhinav Sethi

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 14, 2022 Apr 14, 2022

Copy link to clipboard

Copied

Hi @absethi

Thank you for your response.

You can find enclosed a document that has been signed three times:

  • Rev. 1: signed by me, making using of iText, with an 'old' Belgian eID card that uses SHA1withRSA.
  • Rev. 2: signed by a colleague, also making using of iText, with a new Belgian eID card that uses SHA384withECDSA
  • Rev. 3: signed by the same colleague, this time with Adobe Acrobat Reader, with the same (new) Belgian eID card.

So, when we disable the 'SafeLogic CryptoComply' feature, all signatures are valid.

When we enable the 'SafeLogic CryptoComply' feature, signature Rev. 2 is invalid. Rev. 1 and Rev. 3 are valid.

Regards, David

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Apr 19, 2022 Apr 19, 2022

Copy link to clipboard

Copied

LATEST

Thanks @davidurt for sharing the file.

We have logged a bug for it and are working on it.

 

Regards

Abhinav Sethi

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

Make content for your business needs with Adobe Express.

Get started easily with free templates: