Invalid signatures after Adobe Reader update (2022.001.20085)

Report · Apr 20, 2022

Hello,
I have a problem with signatures in PDF since Adobe Reader DC update (v. 2022.001.20085),
and the latest patch (v. 2022.001.20117) did not help as well. All my documents started to show errors with certification and signature. Firstly, I had to add my cert as trusted in Adobe, that worked fine, documents were certified. But still documents are showing errors with signature validation, and I cannot invalid it again. There is only an infrormation that "signature is invalid" and that "The document has been altered or corrupted..."

All my signatures are generated by iText library.

Please see attachment.

Thanks in advance.

Report · Apr 21, 2022

Hi

Same probleme since last version of acrobat DC

signature with itext ..

All the documents are set as" The document has been altered or corrupted" if a timeStamp is applied

if we don't add a timestamp , All the signatures are OK.

All old documents are considered as incorrect

See atachment with the old version of Acrobat , and with the new version

Thanks

Report · Apr 28, 2022

@steffr979 Did you find any other solution than remove timestamp?
Does anyone from Adobe may let us know that you are aware of this problem, and it could be fixed in the future?

Report · Apr 28, 2022

Hi

the solution could be : not put this option in the scealing signature

//NOT WORKING ON NEW ADOBE UPDATE

sap.setCertificationLevel( PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED);

// WORKING

sap.setCertificationLevel( PdfSignatureAppearance.CERTIFIED_FORM_FILLING_AND_ANNOTATIONS);

no response from Adobe Support

Report · May 04, 2022

@steffr979 , @Blazej24118193lsc8

please share example documents illustrating the issue.

From my own experience I know that iText generated signatures do not generally fail verification in Adobe Acrobat, but there are some special cases. Maybe your documents are from such special cases...

Report · May 10, 2022

@MikelKlinkhi, thanks for your response.

Please find pdf document in attachemnt. I prepared a prototype version of our document, but there is same error.

Report · May 10, 2022

@Blazej24118193lsc8

Thanks for providing the example document.

The issue here is that you used iText in a way that is not allowed. Unfortunately iText does not reject this usage but lets you run into issues. And also unfortunately Adobe Acrobat used to accept signatures created this way which was a serious bug.

Your PDF has two signatures, the first one in the field Signature1, the second one in the field Signature2.

The first signature is an approval signature and is ok.

The second signature is a certification signature, and it by itself is ok, too.

But the combination of both is not ok: If a PDF has multiple signatures (except usage rights signatures) and one of them is a certification signature, this certification signature must be the first one!

Thus, please fix your signing code and only apply certification signatures (i.e. signatures for which you set the CertificationLevel to a different value than NOT_CERTIFIED) if the document is not yet signed (except with a possible usage rights signature).

I assume you wanted to lock the document with the second signature. You cannot use certification signatures (i.e. signatures with DocMDP transforms) for that, but since PDF 2.0 (or PDF 1.7 plus an Adobe extension) you can use special approval signatures, signatures with FieldMDP transforms. For some details have a look at the iText eBook "Digital Signatures for PDF Documents", in particular section 2.5.5 Locking fields and documents after signing.

Report · May 18, 2022

Thank you very much for your response. I will check it and let you know 🙂

Report · Mar 16, 2023

thanks , after reading this documentation, i finaly change the code , only the 1st signature can be certified , however, only the latest release of acrobat reveal this problem.