EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PDF signing problem

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#928
Posted: 08/02/2006 03:57:57
by Ram Cohen (Standard support level)
Joined: 06/28/2006
Posts: 26

Here is a summary of what I did:
1.
a. Imported the private key to the local machine store using mmc, marking the private key as 'exportable'
b. Used either pstPKCS7SHA1 or pstX509RSASHA1
c. Signature came out OK

2.
a. Imported the private key as #1 but did not make the private key exportable
b. When using pstX509RSASHA1 closing the document throws a "Signing fail' exception
c. When using pstPKCS7SHA1 signing 'succeeds' but Acrobat reports the 'invalid BER' error

Bottom line is that since making the private key exportable is not a realistic demand when talking about security oriented applications (and more so if the prvate key is stored in an HSM) signing does not currently work.
#933
Posted: 08/02/2006 11:24:02
by Eugene Mayevski (EldoS Corp.)

Can you please do one more test and sign the file using our test certificate (located in <SecureBlackbox>\Certificates folder.

BTW are you using the latest build (sorry for asking, but we must be sure)? Old builds had this problem, but it was solved long time ago.


Sincerely yours
Eugene Mayevski
#943
Posted: 08/03/2006 05:20:48
by Ram Cohen (Standard support level)
Joined: 06/28/2006
Posts: 26

I imported the key using mmc as non exportable
it bahevs exactly the same as with my key when it is non exportable (ber error or Signing faled exception)
I'm using 4.4.0.91
#945
Posted: 08/03/2006 13:21:34
by Eugene Mayevski (EldoS Corp.)

it would be nice if you upgraded to the latest version. we will test on our side too


Sincerely yours
Eugene Mayevski
#958
Posted: 08/06/2006 03:10:27
by Ram Cohen (Standard support level)
Joined: 06/28/2006
Posts: 26

Checked it with build 94 - same result
#959
Posted: 08/06/2006 04:12:11
by Eugene Mayevski (EldoS Corp.)

Unfortunately, I could not reproduce your issues. I've imported our test certificate with non-exportable private key to Windows Certificate Storage and then used it to sign the document using visible signature.
Everything went without problems - the signature was validated fine by Acrobat Pro 6.0 and Reader 7.07.

You can send us unsigned and signed versions of your document, so that we try to sign it. Please send the documents to support@eldos.com or use HelpDesk ( http://www.eldos.com/support/ticket_list.php ).


Sincerely yours
Eugene Mayevski
#960
Posted: 08/06/2006 05:15:01
by Eugene Mayevski (EldoS Corp.)

BTW are you signing using MDP signatures? Are you using Timestamping? If you do any of these, then the reason is in these operations. With timestamping you need to be careful about the timestamping server and MDP signatures are not recommended for use (even by Adobe itself) since they are obsolete.


Sincerely yours
Eugene Mayevski
#961
Posted: 08/06/2006 07:13:56
by Ram Cohen (Standard support level)
Joined: 06/28/2006
Posts: 26

Used an invisible signature, no timestamp
I will post the files on the help desk
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 22545 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!