EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PDF Signing

Posted: 08/29/2014 01:59:07
by Ernest Moskal (Basic support level)
Joined: 08/20/2014
Posts: 4


I got a question about signing pdf file with certificate (pfx). Im using TinySigner from samples. There is a problem with signature, which is not valid because certificate is not trusted. Certificate authority is on Adobe Approved Trust List so it should be automatically recognized as trusted. When im signing pdf with this certificate in Adobe everything is fine. Can you give me some advice?
Posted: 08/29/2014 02:10:07
by Ken Ivanov (Team)

Hello Ernest,

Please set the PublicKeyHandler.CustomName property to 'Adobe.PPKLite' to get use of Adobe Reader's built-in certificate infrastructure. The property is currently set to 'Adobe.PPKMS', which makes Adobe Reader use global Windows-wide certificate infrastructure when validating the signature.

Posted: 08/29/2014 02:22:55
by Ernest Moskal (Basic support level)
Joined: 08/20/2014
Posts: 4

Nothing changed, same result.
Posted: 08/29/2014 03:03:43
by Ken Ivanov (Team)


It could be that you also need to put an intermediate CA certificate to the signature. Such certificates are normally included to PFX file together with the signing certificate itself. Please try to load the PFX straight into a TElMemoryCertStorage object with its LoadFromStreamPFX() method (instead of using the TElX509Certificate's LoadFrom*() method) and assign the storage to the handler's CertStorage property.

If the above doesn't help, could you please post a sample signed document to the helpdesk so that we could have a look into it? The helpdesk is confidential so your document will only remain accessible to our engineers.

Posted: 08/29/2014 03:44:23
by Ernest Moskal (Basic support level)
Joined: 08/20/2014
Posts: 4

I got something like this, still no change.

PublicKeyHandler.SignatureType := pstPKCS7SHA1;
if rbFileCert.Checked then
Cert := TElX509Certificate.Create(nil);
// loading certificate
CertF := TFileStream.Create(editCert.Text, fmOpenRead or fmShareDenyWrite);
CertStorage.LoadFromStreamPFX(CertF, editCertPassword.Text);
Cert := WinCertStorage.Certificates[comboCertificate.ItemIndex];
PublicKeyHandler.SignatureType := pstPKCS7SHA1;
PublicKeyHandler.CertStorage := CertStorage;
PublicKeyHandler.CustomName := 'Adobe.PPKLite';
Posted: 08/29/2014 03:58:44
by Ken Ivanov (Team)

OK, could you please post the resulting document to the helpdesk for investigation?
Posted: 08/29/2014 04:46:26
by Ernest Moskal (Basic support level)
Joined: 08/20/2014
Posts: 4

Ok I created a support ticket with sample files attached.
Posted: 08/29/2014 07:20:42
by Eugene Mayevski (Team)

For future readers - the problem was caused by missing CA certificates.

Sincerely yours
Eugene Mayevski



Topic viewed 935 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!