7 Replies Latest reply on Nov 13, 2014 9:25 AM by Test Screen Name

    adobe reader X and win7 : sha-1 instead of sha-256 using digital ID Storage WIN

    lagiusy1900

      Hi to all,

      About

      http://forums.adobe.com/message/3707345

      https://forums.adobe.com/message/4606094

       

      I understand that stores digital ID in Windows.

      The user select a digital ID from the drop-down list on the Sign Document dialog (2 "ID" will be identical, one comes from the WIN storage other directly from the token.

      Whit the frist the sign is SHA-1 digest method, with the second SHA-256 digest method.

       

      If it is true, as MADWIN says:

      The way signing works is the whole file is written to disk before the digest is generated. The next step is to compute the byte range to sign (we leave a hole in the middle of the file to write in the actual signature) and then the digest is computed over the byte range. When signing with a smart card or token the digest is sent to the hardware device (via either CAPI/CNG or a PKCS#11 interface) where the private key encrypts the digest. At this point Acrobat (and when I say Acrobat I mean both Acrobat and Reader) is waiting to get something back from the hardware device. Either, we get the encrypted digest back or an error code. If we get the error code, and SHA-256 was used initially, we then recompute the digest using SHA-1, resend the digest and again wait for a response from the hardware.

       

      We just() have to find ways to prevent recompute the digest using SHA-1 and stop sign-process.

      But how to do it?

      Maybe modify the registry key settings ?

       

      Thanks