cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Verfication information of digital signature not saved in PDF as expected due to configuration?

thorstent58086077
New Here ,
Feb 24, 2021 Feb 24, 2021

Copy link to clipboard

Copied

I'm using Acrobat Reader DC for digital signature. Signature format CAdES equivalent. I have also activated the option for automatically adding verification information when the PDF is saved. I am also using external timestamps.

 

When I create a digital signature with my certificate, it is displayed as verified. Now I save the document and open it again. The advanced properties dialog of the signatures says that it is a PAdES B-T signature. Shouldn't it be a PAdES B-LT signature if the verification information is saved with PDF?

 

Now I can manually add the verification information via the context menu of the signatures in the bar to the left of the document. Now the signature is PAdES B-LT. 

 

Why isn't the signature immediately and without manual interaction  PAdES B-LT if the corresponding option to add verification information when saving activated?

TOPICS
Security digital signatures and esignatures
Preview
49 KB
Preview
36 KB

Views

574

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 2 Replies 2
latest latest Jump to latest reply
MikelKlink
Enthusiast ,
Feb 26, 2021 Feb 26, 2021

Copy link to clipboard

Copied

 You are aware that there are different profiles for embedded digital signatures in PDFs, the good ol' ISO 32000-1 interoperable signatures and the ETSI EN 319 142 / ISO 32000-2 PAdES signatures.
 Both profiles allow validation related information (VRI) to be stored in the signed PDF for validators to use during signature validation. But the profiles differ in details, in particular where and when such information are to be stored:

  • In case of ISO 32000-1 interoperable signatures that information is stored in a signed attribute in the embedded CMS signature container. As it's a signed attribute, the information must already be present before signing to be embedded.
  • In case of PAdES, in particular PAdES BASELINE signatures, such information must be embedded in an incremental update of the signed document, i.e. after signing.

 Most likely "the option for automatically adding verification information when the PDF is saved" refers to the former profile and the adding of VRI in a signed attribute. For a signature to be considered PAdES B(ASELINE)-LT, though, the VRI must be present as specified for the latter profile.
 Adobe Acrobat as a validator accepts VRI according to either profile, even a mixture thereof, but (if I remember correctly) it only declares a signature PAdES B-LT if the VRI are present according to the latter profile.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
md555
Explorer ,
Mar 19, 2021 Mar 19, 2021

Copy link to clipboard

Copied

LATEST

Option "Automatically add verification information when saving signed PDF document" works only for previous signatures, i.e. if you're the second or third person signing the same document, this option will add VRI data for all previous signatures, but not for the last signature (yours). Thus it's better to turn it off, since it doesn't help for documents signed by single person and produces mixed results for documents signed by multiple persons.

 

To be PAdES compliant, it's also necessary to turn off option "Include signature's revocation status" as this adds Adobe-proprietary revocation data not compliant with PAdES - see

https://acrobat.uservoice.com/forums/590923-acrobat-for-windows-and-mac/suggestions/42170878-digital...

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
About Adobe Acrobat
Adobe Acrobat Learn & Support
Adobe Inc
Whats new in Acrobat DC
Adobe Inc
Plan and Pricing
Adobe Inc
Adobe Acrobat features and tools
Adobe Inc
Adobe Acrobat Feature & Workflow
Edit PDFs
Edit Scanned PDFs
PDF Forms
Sign a PDF
FAQs
How to Edit Scanned or Secured document
Rotate | move | delete and renumber PDF pages
Acrobat download and installation help
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices