Hi,
I get "Document has been altered or corrupted since it was signed" when signing with:
a) A specific smart card
b) A specific CSP (PKI middleware)
c) Latest Adobe Reader (19.012.20040)
d) A specific certificate signed with sha256-algoritm (Let's call it "Cert X")
### I can see from the CSP-log that I get two "hash rounds", maybe the PDF get's signed using an incorrect hash... (CSP was my first suspect)
But the strange thing is that it works perfect if i use:
a) The exact same card type as above
b) The exact same CSP (PKI middleware) as above
c) The exact same Adobe Reader as above (19.012.20040)
d) Another certificate but also signed with sha256-algoritm (Let's call it "Cert Y")
### This tells me that both the card and the CSP works well (Now the certificate itself is my suspect)
In both cases I have:
- Installed full trust via Windows trust store
- Configured timestamping via http://sha256timestamp.ws.symantec.com/sha256/timestamp
I can manage to fix signature with "Cert X" if I lower the hash-algoritm requirement from sha256 to sha1:
HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\Security\cPubSec\aSignHash = SHA1
But this is of cause not acceptable
I have compared the certificates and they are of cause not exacely equal.
But I can't find out what certificate field or content that gives me this behavior.
I have attached both PDFs and certificates. Does anyone have a clue?
Best regards
/Jonas
AdChoices