PDF Signing Error - Your signature device does not support the required hashing algorithm SHA256

Report · May 03, 2017

We've been receiving calls to our helpdesk recently with users seeing an error when signing a PDF file: "Your signature device does not support the required hashing algorithm SHA256. Do you want to continue using the deprecated SHA1 algorithm or cancel the signature?" The user can still sign the PDF but gets the error so more of an annoyance.

The timing of this error appears to coincide with an update of Acrobat Reader to v11.0.20 on Win 7, and Acrobat DC to v15.6.30306 on Win 10 machines. According to Adobe's website, these updates came out on 4/11/17.

I've not found any specific reference on Adobe's site to this error. The SHA1 vs. SHA256 on the signature hints at possibly an out of date driver issue based on some googling I've done but why that would start occurring based on an updated software version is odd. Any ideas? Anyone else seeing this? Thanks

Rick

Report · May 08, 2017

The same error: "Your signature device does not support the required hashing algorithm SHA256. Do you want to…") occurred with two people here this morning. I could not resolve the first one right away. The second person just happened to be here in the shop. We removed all of her certs from IE and then using Active Client recalled them from her CAC. The error still popped up but she was able to successfully digitally sign the pdf file. She said that the problem began, for her, about a week ago. Guess we need to wait for another update from Adobe.

Report · May 15, 2017

Dear rickfray,jjmar56,

Thank you for reporting the issue.

We have introduced a update in Acrobat/Reader where we issue an warning message to users signing with SHA1 algorithm.

The SHA1 algorithm is deprecated and no longer secure to use. Please read Applying a digital signature using the deprecated SHA1 algorithm warning message for more details.

The default signing algorithm for Acrobat /Reader is SHA256 which is not supported by the devices in these cases.

So it signs using SHA1 but throws the warning message.

Thanks and regards,

Report · May 15, 2017

Okay, I'm very familiar with the SHA1 deprecation issue. So by "signing

device" then does this mean the smartcard reader? And that it may need a

driver update? Thanks

Rick

Report · May 15, 2017

Sorry, I replied before reading the article - please disregard. It looks

like it answered my questions, although I'll be checking it out in my lab.

Thanks

Rick

On Mon, May 15, 2017 at 06:00 Rick Fray (Gmail) <therickfray@gmail.com>

Report · May 15, 2017

OK, after further review of the articles linked, I see the screen shot of the error message in the Adobe article, Applying a digital signature using the deprecated SHA1 algorithm warning message , is not the same that the one we're seeing:

Can you confirm if this is caused by the same update that was mentioned in Acrobat DC 2017.009.20044, released on 4/11/17, as it is a bit different? Is there a slightly different warning message shown in Adobe Reader as opposed to Adobe Acrobat?

Thanks

Rick

Report · May 15, 2017

Dear rickfray,

The error that you see is absolutely correct for devices that do not support SHA256.

The error message given in the article is for slightly different situation . But both messages are intended to warn user about SHA1 deprecation.

Yes, you are absolutely right. We introduced this change on 4/11/17 with release version 17.009.20044.222436

Thanks and regards,

Report · Jan 09, 2020

Dear Sir,

Our Device support SHA256 and its verified and having certification but even its showing that error.

Only in MAC system not in any Windows OS.

Thanks & Regards

Report · May 16, 2017

Sorry I have one more question as we've been digging into this. We have found the warning message does not appear when we upgrade our smartcard middleware from an older version. We have seen this warning primarily on Windows 7 boxes with an older middleware version (with Acrobat Pro XI 11.0.20), but also on at least one Windows 10 box with a newer version of our middleware. When this newer middleware is installed on the Win7 boxes, the warning does not appear. We also use smartcards that have both SHA-1 and SHA256 hashing algorithms, and get the warning for both on Win 7.

So the question is, what exactly on these computers, related to SHA-1, is triggering the appearance of this warning message? It doesn't appear to be the smartcard hashing algorithm, and we've seen it on Win 7 and Win 10 with older and newer middleware. The main correlation is Win 7 and our older smartcard middleware. Is it SHA-1 code signing certs on the middleware?

I haven't been able to find any use of the aSignHash registry key although I was focusing on a Win 10 box I had access to instead of Win10, so I'm not sure if it will be more evident there. Thanks

Rick

Report · May 24, 2017

I'm having the same issue, but just on Windows 7, specifically with Acrobat Pro XI 11.0.20. Same certificates, same smart cards, all SHA256 certs... this error message is giving us headaches...

Report · May 25, 2017

It appears that Adobe has either not updated or more than likely will not be supporting Acrobat Pro XI anymore. I have the same version running on Windows 10 and have the same error. From what I can tell they want you to purchase a subscription service for their latest cloud-based software instead of owning it outright. That being said, you can sign PDF documents with the free Acrobat Reader DC without any problems. Definitely not the best solution, but a cost-effective one.

Report · May 25, 2017

We found the issue was resolved when we upgraded our middleware

(ActivClient 6.2) on Win 7 to v 7.x. The warnings went away and the user

can sign with SHA256. I'd check with yoyr middleware vendor on whether tou

have the latest update. We have not seen the issue on Win 10 as we are

using ActivClient 7.1.

Rick

Report · Jun 01, 2017

Dear rickfray,

First, I assume when you update the middleware , SHA256 was supported by the newer middleware version which caused the warning message to go away. To confirm if SHA256 messages are getting created, please click on signature -> Signature Properties ->Advanced Properties. Check the Hash Algorithm.

Second,do you still face the issue with newer version of middleware in Win 10?Please confirm if the version of middleware being used is exactly the same for both Win 7 and Win 10.

To clarify, even if you have SHA256 certificates on your smartcard ,signature will be of type SHA1, if SHA256 is not supported by the middleware. And whenever SHA1 signatures are applied Acrobat throws a warning message before applying the signature.

Thanks and regards,

Report · Jul 04, 2017

Hi to everybody,

I would like to use a certified time stamp of d-trust (https://www.bundesdruckerei.de/de/system/files/dokumente/pdf/Flyer-D-TRUST-Timestamp.pdf.pdf ) to create with Acrobat a PDF.

Although this certificate already uses the SHA256 algorithm following message is shown:

Could you help?

Thank you and best regards

E.

Report · Nov 07, 2017

Il nostro Ente possiede diverse licenze di Acrobat Professional XI. La versione è aggiornata alla 11.0.22

Sui PC con Windows 7 funziona tutto perfettamente, ma sui 2 PC con Windows 10 (gli unici con questo S.O.) riesciamo a firmare nella sola modalità SHA1. Stessi certificati e stessi lettori smart card.

Inoltre non vengono nemmeno visualizzate (quindi inserite) le informazioni della Firma in formato testo, ma è possibile inserire solamente la firma in formato grafico.

Qualcun altro ha lo stesso problema?

Qualche suggerimento?

Grazie

Adobe Community

PDF Signing Error - Your signature device does not support the required hashing algorithm SHA256