1 Reply Latest reply on May 19, 2015 12:21 PM by IsakTen

    Certificate limitations for signing and certifying pdf files


      What are the restrictions for certificates used to sign or certify pdf documents. I used to do this with no problem using my old certificate that had a key 4k in size. I recently upgraded to a 16k key size. When I sign with that key, I keep getting errors that the document certification is invalid and that the document has been altered or corrupted since it was certified. Since the document was certified just about 2 seconds earlier I have no idea how it could have been altered so it must have been corrupted by my 16k key. Is there a restriction on key size for adobe.


      I am using adobe acrobat 8 since I do not see the need to purchase a newer version as that does all that I need.

        • 1. Re: Certificate limitations for signing and certifying pdf files
          IsakTen Level 4

          I do not think Acrobat 8 supported key length greater than 4096. Adobe Reader 11.0.07 and later allows you to sign PDFs. So, you can install the latest Reader and try to sign with your new signing credential. This will tell you if this is a version limitation. Acrobat 8 is way past its end-of-life.

          At the same time the latest Acrobat/Reader versions enforce "Extended Key Usage" (EKU) attribute in the signing certificate. If EKU is present but does not contains at least one of the OIDs that permit signing (Email protection, Code Signing and a few more) then this certifcate cannot be used as a signing certificate in the latest Acrobat/Reader versions.