Not entire verification information stored with digItal signature?

Report · Feb 12, 2021

I am using Reader DC to add digital signatures to PDFs. I have activated the option that verification information is added to the PDF at the time point of signing. However, when I chose Add verification information from the menu linked to the signature on the left of the application, the PDF still further increases in size. My understanding is that the option and the manual function do the same. Am I wrong?

How can I check if all verification information has been added to a signature to assure long term validity?

I'm also using external timestamps.

Report · Feb 16, 2021

Hi @thorstent58086077

You can check all the Verification Information by going to Show Signature properties in LHP -> Show Signers Certificate -> Details Tab

Regards,

Abhinav Sethi

Report · Feb 21, 2021

I think my problem is a different one or I misunderstood your answer.

My Reader is configured to use the CAdES equivalent signature format and to include verification information when saving a signed document.

When I create a new signature the extended signature properties dialog says it is "PAdES Level B-T" (note that I have German Reader so translation may vary slightly). Shouldn't it be immediately Level "B-LT", because the verification information was said to be added to the PDF?

Now if I reopen the same signed document and select add validation information from the signature menu and save the document again:

it becomes "B-LT".

Why isn't the signature immediately level B-LT after its initial creation?

Thanks for your support!

Report · May 29, 2021

The options for adding verification info in Acrobat are somewhat problematic.

First of all, under Signatures -> Creation and Appearance Preferences you need to disable option "Include signature's revocation status" since this option adds Adobe proprietary verification info, which is not compliant with PAdES/CAdES ETSI standards:

https://acrobat.uservoice.com/forums/590923-acrobat-for-windows-and-mac/suggestions/42170878-digital...

In Signature Verification Preferences, you have the option "Automatically add verification information when saving signed PDF". However, this option adds verifination info only for previous signatures (if the document contains any), but not for the last signature you just created. Moreover, due to caching, the verification info is usually older than timestamp of the signature, and thus useless for qualified signature verification.

https://acrobat.uservoice.com/forums/590923-acrobat-for-windows-and-mac/suggestions/42170815-acrobat...

Thus, if you want to create PAdES B-LT, you need to disable both of the above options, sign the document, close Acrobat to purge its OCSP cache, open the document in new Acrobat instance and and verification info via Add Verification Information in context menu. To upgrade it to PAdES B-LTA, you need to add timestamp as the last step.