8 Replies Latest reply on Apr 12, 2016 2:10 PM by lrosenth

    Error during signature verification

    Yan Kliaver Level 2

      Hi,

       

      We have implemented our custom signature handler.

      After signing the document with it when trying to validate the signature we get an error:

       

      Error during signature verification.

      Error encountered while validating:

      Internal cryptographic library error.

      Error Code: 0x2711

       

      Anyone has an idea what is wrong?

       

      Thanks!

        • 1. Re: Error during signature verification
          lrosenth Adobe Employee

          This is the type of situation where you are best off filing a formal report with developer support.

          • 2. Re: Error during signature verification
            SlavaV

            Where is this support?

            • 3. Re: Error during signature verification
              wdougspencer Level 1

              Contact:

              Customer Service

              Identit-E, LLC

               

              Veronika Drake
              Kundendienst
              Identit-E, GmbH

              vdrake@identit-e.com

              • 4. Re: Error during signature verification
                titus_tid Level 1

                It seems that those errors with errocode 0x2711 or 0x20C occur if a digital signature using either ECC or PSS padding is embedded in the pdf document.

                This let me assume that Adobes signature verification routine cannot handle elliptic curves or if using RSA as signature algorithm the newer PSS/RSAPSS padding.

                I only get the error mentioned by you if I try to validate signatures using ECC.

                 

                When verifying a signature using with PSS padding the signature is verified as invalid. The reason than would be the use of an unknown format in digital signature. So the pss padding could be the unknown format.

                 

                Titus

                • 5. Re: Error during signature verification
                  lrosenth Adobe Employee

                  The current draft of the ISO 32000-2 standard, which Acrobat implements, only supports a limited set of ECC curves – so make sure that you are using a support curve type.

                   

                  In addition, PSS/RSAPSS padding is also not currently supported by the standard – however that is something currently being discussed for addition before the finalization of PDF 2.0 – so hopefully it will make it.   But, at this time, since it is not part of the standard, Acrobat doesn’t support it.

                   

                  Remember, Adobe doesn’t own PDF anymore (and hasn’t since 2007).  All decisions are made by the ISO committee (which is FREE for anyone to join & participate!)

                  • 6. Re: Error during signature verification
                    titus_tid Level 1

                    Hi Irosenth,

                     

                    thanks so much for your answer. And yes I have read that it will be probably added in PDF 2.0. But is there already a date when PDF 2.0 will be released?

                    Is there a list or a paper with all supported elliptic curves supported in ISO 32000? In PDF 32000:1-2008 you wont find any hint about that. But the paper refers to RFC 2315, PKCS #7: Cryptographic Message Syntax, which does not refer to ECC indeed.

                    But besides the fact that most of the decissions are now made by the ISO committee unfortunatly we as a manufacturer of software for digital signatures have to follow the requirements and specification for that. So unfortunately some trustcenter and companies offer smartcards which are using ECC as signature algorithm. So we are facing more and more of the questions why Adobe Acrobat ends up in the mentioned error. Also PSS-Padding is recommended to replace the old padding scheme PKCS#1 v1.5. This recommendation took place in the RFC 3447 for RSA Cryptography Specifications Version 2.1 in year 2003.

                     

                    So hopefully it will make it to PDF 2.0

                     

                    Kindly regards

                    Titus

                    • 7. Re: Error during signature verification
                      titus_tid Level 1

                      And I found the RFC which defines the usage of ECC in digital signatures.

                      https://tools.ietf.org/html/rfc5758

                      It was published in 2010 so it is newer than the definition of PDF ISO 32000:1-2008 which explains the lack of support of elliptic curve digital signature algorithms.

                      • 8. Re: Error during signature verification
                        lrosenth Adobe Employee

                        No official date for PDF 2.0 at this time.  The committee is hopeful to complete the work and achieve ratification by end of 2016, early 2017.

                         

                        ISO 32000-1 does not support ECC at all.  PDF 2.0 supports a limited set of curves, which are fully documented there.

                         

                        It is unfortunate the there has been a disconnect between the crypto community and the PDF community – but each clearly have different goals – especially since PDF is concerned about ensuring that technology choices aren’t just “the choice of the day” but are really things that have been seen to already “withstand the test of time” and should be incorporated.