EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PDF Signing

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#30533
Posted: 08/29/2014 01:59:07
by Ernest Moskal (Basic support level)
Joined: 08/20/2014
Posts: 4

Hello,

I got a question about signing pdf file with certificate (pfx). Im using TinySigner from samples. There is a problem with signature, which is not valid because certificate is not trusted. Certificate authority is on Adobe Approved Trust List so it should be automatically recognized as trusted. When im signing pdf with this certificate in Adobe everything is fine. Can you give me some advice?
#30534
Posted: 08/29/2014 02:10:07
by Ken Ivanov (EldoS Corp.)

Hello Ernest,

Please set the PublicKeyHandler.CustomName property to 'Adobe.PPKLite' to get use of Adobe Reader's built-in certificate infrastructure. The property is currently set to 'Adobe.PPKMS', which makes Adobe Reader use global Windows-wide certificate infrastructure when validating the signature.

Ken
#30536
Posted: 08/29/2014 02:22:55
by Ernest Moskal (Basic support level)
Joined: 08/20/2014
Posts: 4

Nothing changed, same result.
#30537
Posted: 08/29/2014 03:03:43
by Ken Ivanov (EldoS Corp.)

Ernest,

It could be that you also need to put an intermediate CA certificate to the signature. Such certificates are normally included to PFX file together with the signing certificate itself. Please try to load the PFX straight into a TElMemoryCertStorage object with its LoadFromStreamPFX() method (instead of using the TElX509Certificate's LoadFrom*() method) and assign the storage to the handler's CertStorage property.

If the above doesn't help, could you please post a sample signed document to the helpdesk so that we could have a look into it? The helpdesk is confidential so your document will only remain accessible to our engineers.

Ken
#30538
Posted: 08/29/2014 03:44:23
by Ernest Moskal (Basic support level)
Joined: 08/20/2014
Posts: 4

I got something like this, still no change.

CertStorage.Clear;
PublicKeyHandler.SignatureType := pstPKCS7SHA1;
if rbFileCert.Checked then
begin
Cert := TElX509Certificate.Create(nil);
try
// loading certificate
CertF := TFileStream.Create(editCert.Text, fmOpenRead or fmShareDenyWrite);
CertStorage.LoadFromStreamPFX(CertF, editCertPassword.Text);
finally
Cert.Free;
end;
end
else
begin
Cert := WinCertStorage.Certificates[comboCertificate.ItemIndex];
CertStorage.Add(Cert);
PublicKeyHandler.SignatureType := pstPKCS7SHA1;
end;
PublicKeyHandler.CertStorage := CertStorage;
PublicKeyHandler.CustomName := 'Adobe.PPKLite';
#30539
Posted: 08/29/2014 03:58:44
by Ken Ivanov (EldoS Corp.)

OK, could you please post the resulting document to the helpdesk for investigation?
#30540
Posted: 08/29/2014 04:46:26
by Ernest Moskal (Basic support level)
Joined: 08/20/2014
Posts: 4

Ok I created a support ticket with sample files attached.
#30541
Posted: 08/29/2014 07:20:42
by Eugene Mayevski (EldoS Corp.)

For future readers - the problem was caused by missing CA certificates.


Sincerely yours
Eugene Mayevski
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 744 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!