2 Replies Latest reply on Mar 2, 2010 1:47 AM by ToM_1st

    SubFilter value algorithm support in PDF/A

    ToM_1st Level 1

      Hi Leonard (since you answer most of the questions anyway )

       

      i have a question regarding the use of a stronger hash or encryption strength in a PDF/A document. In one of your previous posts you stated:

       

      "For example, for true PDF/A-1 compatibility you should not use SHA256  since it didn't exist in PDF 1.4 (on which PDF/A-1 is based) even though  it would be a perfectly valid PDF file."

       

      Now i read another document of yours called 'ISO 19005-1 (PDF/A-1) Application Notes'. There on page 30 'Digital Signatures' you write:

       

      "Revocation: As with Timestamping, since the presence of certificate revocation information does not effect the visual display of the PDF, it is permitted by PDF/A-1, even though it is a PDF 1.5 feature."

       

      Now one could say that using a stronger hash or encryption algorithm falls into the same category:

       

      So for instance even if RSA 2048 and SHA256 were not supported in 1.4 (but in 1.5) - shouldn't they be permitted in PDF/A also?

      Isn't that, although not explicitly mentioned, well within the stated goals of PDF/A-1?

       

      Thanks

      ToM

        • 1. Re: SubFilter value algorithm support in PDF/A
          lrosenth Adobe Employee

          PDF/A doesn't support encryption - so you can't use any encryption there.

           

          As far as hashing for digital signatures, there are no technical (file format) restrictions about the use of newer algorithms that still fall into the PDF standard.

           

          HOWEVER, you there is also no expectation that a "conforming reader" will be able to process them, as it need only process those things in PDF 1.4.  (Adobe Reader doesn't differentiate in that matter, but someone else might).

          1 person found this helpful
          • 2. Re: SubFilter value algorithm support in PDF/A
            ToM_1st Level 1

            Hello Leonard,

             

            PDF/A doesn't support encryption - so you can't use any encryption there.

            Yeah sure - was only talking about digital signatures. Thought the headline indicated that...

            As far as hashing for digital signatures, there are no technical (file format) restrictions about the use of newer algorithms that still fall into the PDF standard.

            Agreed, I didn't find any restrictions, too.

            HOWEVER, there is also no expectation that a "conforming reader" will be able to process them, as it need only process those things in PDF 1.4.  (Adobe Reader doesn't differentiate in that matter, but someone else might).

            But PDF 1.4 does not mention anything about hash- and encryption algorithms for digital signatures.

            http://www.adobe.com/devnet/pdf/pdfs/PDFReference.pdf

             

            It only states that this was 'outsourced' to another file "The specification for public-key digital signature authentication is available in the Adobe document ‚PDF Public-Key Digital Signature and Encryption Specification’.

            In this document one can read about MD5, SHA1 and RSA however there is nothing about supported bit strength of RSA. So no word that 1024 is supported and 2048 not. Thus a 1.4 conforming reader must support all i guess...

             

            Regards,

            ToM