cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

Timestamp always uses SHA1 for hash algorithm and ignores HashAlgo settings

refraktor
New Here ,
Mar 22, 2017 Mar 22, 2017

Copy link to clipboard

Copied

After SHAttered we are attempting to change the default hash algorithm for timestamps in Adobe Reader DC 2015.020.20042 from SHA1 to SHA256.

All attempts to override the default setting have failed and the resulting hash for the timestamp signature as displayed in Signature Properties, Advanced Properties is always SHA1.

I've used the following registry settings according to the documentation in HKCU\Software\Adobe\Acrobat Reader\DC\Security\cASPKI\cAdobe_TSPProvider with several different timestamp servers:

sHashAlgo

iHashAlgo

If I set an invalid value Acrobat displays an error message "Unsupported hash algorithm" which indicates that the settings are being read.

Appreciate any help,

Nick

TOPICS
Security digital signatures and esignatures

Views

1.3K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Andrea Valle Adobe Employee
Adobe Employee , Apr 05, 2017 Apr 05, 2017

Hi Nick,

Adobe Acrobat already adopts SHA256 as the default hash algorithm for both regular digital signatures and timestamp signatures, including Document timestamp (e.g. according to ETSI EN 319 142-1 §5.4.3 and ETSI TS 119 142-3).

Also other hash algorithms can be set by means of registry settings using the sHashAlgo key.

There is currently an issue with the user interface which always shows SHA1 being used although it is actually SHA256 or other algorithm. You may be able to verify this by anal

...

Votes

Translate

Translate
replies 1 Reply 1
latest latest Jump to latest reply
Andrea Valle Adobe Employee
Adobe Employee ,
Apr 05, 2017 Apr 05, 2017

Copy link to clipboard

Copied

LATEST

Hi Nick,

Adobe Acrobat already adopts SHA256 as the default hash algorithm for both regular digital signatures and timestamp signatures, including Document timestamp (e.g. according to ETSI EN 319 142-1 §5.4.3 and ETSI TS 119 142-3).

Also other hash algorithms can be set by means of registry settings using the sHashAlgo key.

There is currently an issue with the user interface which always shows SHA1 being used although it is actually SHA256 or other algorithm. You may be able to verify this by analyzing the CMS package that is inside the signed or timestamped PDF file.

We are sorry for this issue, which we are going to fix in our next possible release.

Regards

Andrea Valle

Sr. Product Manager, Adobe Document Cloud

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
About Adobe Acrobat
Adobe Acrobat Learn & Support
Adobe Inc
Whats new in Acrobat DC
Adobe Inc
Plan and Pricing
Adobe Inc
Adobe Acrobat features and tools
Adobe Inc
Adobe Acrobat Feature & Workflow
Edit PDFs
Edit Scanned PDFs
PDF Forms
Sign a PDF
FAQs
How to Edit Scanned or Secured document
Rotate | move | delete and renumber PDF pages
Acrobat download and installation help
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices