Skip to main content
thorstent58086077
thorstent58086077
Participant
February 12, 2021
Question

Not entire verification information stored with digItal signature?

  • February 12, 2021
  • 1 reply
  • 991 views

I am using Reader DC to add digital signatures to PDFs. I have activated the option that verification information is added to the PDF at the time point of signing. However, when I chose Add verification information from the menu linked to the signature on the left of the application, the PDF still further increases in size. My understanding is that the option and the manual function do the same. Am I wrong? 

How can I check if all verification information has been added to a signature to assure long term validity? 

I'm also using external timestamps.

This topic has been closed for replies.

1 reply

A
Adobe Employee
absethi17096557
Adobe Employee
February 16, 2021

Hi @thorstent58086077 

You can check all the Verification Information by going to Show Signature properties in LHP -> Show Signers Certificate -> Details Tab

 

 

Regards,

Abhinav Sethi

thorstent58086077
thorstent58086077Author
Participant
February 21, 2021

I think my problem is a different one or I misunderstood your answer.

 

My Reader is configured to use the CAdES equivalent signature format and to include verification information when saving a signed document. 

When I create a new signature the extended signature properties dialog says it is "PAdES Level B-T" (note that I have German Reader so translation may vary slightly). Shouldn't it be immediately Level "B-LT", because the verification information was said to be added to the PDF? 

 Now if I reopen the same signed document and select add validation information from the signature menu and save the document again:

  it becomes "B-LT".

 Why isn't the signature immediately level B-LT after its initial creation?

Thanks for your support! 

M
md555
Known Participant
May 29, 2021

The options for adding verification info in Acrobat are somewhat problematic.

 

First of all, under Signatures -> Creation and Appearance Preferences you need to disable option "Include signature's revocation status" since this option adds Adobe proprietary verification info, which is not compliant with PAdES/CAdES ETSI standards:

 

https://acrobat.uservoice.com/forums/590923-acrobat-for-windows-and-mac/suggestions/42170878-digitally-signed-documents-are-not-conformant-to-e

 

In Signature Verification Preferences, you have the option "Automatically add verification information when saving signed PDF". However, this option adds verifination info only for previous signatures (if the document contains any), but not for the last signature you just created. Moreover, due to caching, the verification info is usually older than timestamp of the signature, and thus useless for qualified signature verification.

 

https://acrobat.uservoice.com/forums/590923-acrobat-for-windows-and-mac/suggestions/42170815-acrobat-adds-unusable-ocsp-to-documents-with-long

 

Thus, if you want to create PAdES B-LT, you need to disable both of the above options, sign the document, close Acrobat to purge its OCSP cache, open the document in new Acrobat instance and and verification info via Add Verification Information in context menu. To upgrade it to PAdES B-LTA, you need to add timestamp as the last step.

 

 

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices