4 Replies Latest reply on Dec 13, 2017 8:02 PM by tw614

    Seeing SHA256 as hash algorithm for signature instead of SHA1

    tw614 Level 1

      This isn't a problem (from a security perspective, obviously), I'm just trying to understand what is going on here. I have a US government CAC/smart-card with certificates and private keys for encryption/signatures, and my X.509 certificate clearly specifies SHA1 with RSA as the hash/signature algorithm that it supports. This is confirmed by some specifications from the card manufacturer. But when I apply a signature to a PDF using my card in Acrobat Reader DC, I don't see a "using SHA1 warning," and when I examine the signature with "signature properties," "advanced properties," it shows me that the hash algorithm used was SHA256. How is that possible? Is the hash just being computed by the Adobe software instead of on my card? If that's the case, why does it matter which algorithm is supported or implemented by the card? Why was Adobe software displaying the "SHA1 warning" to users just a few months ago?