EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PDF Signing

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
Posted: 08/29/2014 01:59:07
by Ernest Moskal (Basic support level)
Joined: 08/20/2014
Posts: 4


I got a question about signing pdf file with certificate (pfx). Im using TinySigner from samples. There is a problem with signature, which is not valid because certificate is not trusted. Certificate authority is on Adobe Approved Trust List so it should be automatically recognized as trusted. When im signing pdf with this certificate in Adobe everything is fine. Can you give me some advice?
Posted: 08/29/2014 02:10:07
by Ken Ivanov (EldoS Corp.)

Hello Ernest,

Please set the PublicKeyHandler.CustomName property to 'Adobe.PPKLite' to get use of Adobe Reader's built-in certificate infrastructure. The property is currently set to 'Adobe.PPKMS', which makes Adobe Reader use global Windows-wide certificate infrastructure when validating the signature.

Posted: 08/29/2014 02:22:55
by Ernest Moskal (Basic support level)
Joined: 08/20/2014
Posts: 4

Nothing changed, same result.
Posted: 08/29/2014 03:03:43
by Ken Ivanov (EldoS Corp.)


It could be that you also need to put an intermediate CA certificate to the signature. Such certificates are normally included to PFX file together with the signing certificate itself. Please try to load the PFX straight into a TElMemoryCertStorage object with its LoadFromStreamPFX() method (instead of using the TElX509Certificate's LoadFrom*() method) and assign the storage to the handler's CertStorage property.

If the above doesn't help, could you please post a sample signed document to the helpdesk so that we could have a look into it? The helpdesk is confidential so your document will only remain accessible to our engineers.

Posted: 08/29/2014 03:44:23
by Ernest Moskal (Basic support level)
Joined: 08/20/2014
Posts: 4

I got something like this, still no change.

PublicKeyHandler.SignatureType := pstPKCS7SHA1;
if rbFileCert.Checked then
Cert := TElX509Certificate.Create(nil);
// loading certificate
CertF := TFileStream.Create(editCert.Text, fmOpenRead or fmShareDenyWrite);
CertStorage.LoadFromStreamPFX(CertF, editCertPassword.Text);
Cert := WinCertStorage.Certificates[comboCertificate.ItemIndex];
PublicKeyHandler.SignatureType := pstPKCS7SHA1;
PublicKeyHandler.CertStorage := CertStorage;
PublicKeyHandler.CustomName := 'Adobe.PPKLite';
Posted: 08/29/2014 03:58:44
by Ken Ivanov (EldoS Corp.)

OK, could you please post the resulting document to the helpdesk for investigation?
Posted: 08/29/2014 04:46:26
by Ernest Moskal (Basic support level)
Joined: 08/20/2014
Posts: 4

Ok I created a support ticket with sample files attached.
Posted: 08/29/2014 07:20:42
by Eugene Mayevski (EldoS Corp.)

For future readers - the problem was caused by missing CA certificates.

Sincerely yours
Eugene Mayevski
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.



Topic viewed 706 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!