Embedding CRL in a digital signatue

I checked the "include signature's status when signing" and created a new signature.
My certificate hierarchy includes my certificate, my issuer certificate that is a subordinate CA, and the root certificate that is the issuer of my issuer.
The CDP both in my issuer and in the root certificate points to the same CRL.
The CDP in my certificate points to a different CRL.
I have access to both CRLs.
I looked into the PKCS#7 block of the created signature and found only the root (or my issuer) CRL, and didn't see the CRL pointed by my user certificate.
Is this the way Adobe Acrobat behaves? If so, how is my certificate validated? Is there a way to include all relevant CRLS?
Thanks
Tal

Hi David,
I know it's been a year and a half since you posted the question, but I can help you with this if you are still looking for the answer. Let me know.
In the mean time, without seeing the signed PDF, my guess would be either that the CRL issued by the subordinate CA that covers the end-entity certificate has a problem that causes Acrobat to reject it, or, the CRL is too large to fit into the signature object. In Acrobat 8 the size of the signature object was limited to 64K. The signature chain, the collateral revocation information, and the timestamp all had to fit in that space, and if the CRL is too large it will be bumped out. In Acrobat 9.0 the size limit was increased to 256K and in version 9.1 it was increased again up to 2M.
Steve

Similar Messages

  • Issue with multiple digital signatues in form

    Hello all-
    I'm having an issue with a form that has multiple digital signatures.  The form additionally has a listbox in which the user can select recipients to email the form to. My objective is to be able to send a form to various users by email to sign digitally. After extending the features for Reader, I inserted a standard Livecycle digital signature by clicking on one of the digital signature fields. However, after inserting the digital signature, I can't perform any other actions (email the form by selecting recipients from the listbox, clicking a different digital signature field for signature insertion, etc.) It is as if the digital signature instertion made an uneditable snapshot of the form, which I do not want to do.  What can I do to rectify this process?
    Will upload the form if necessary.
    Thank you and happy holidays.
    masber2000

    Mr. Kumar,
    The desired workflow is for
    1)      Firefighter 1 to complete the top portion of the Agreement
    section, sign in the Firefighter 1 signature field (which locks the top
    portion of the Agreement Section), then select Firefighter 2 from the
    e-mail drop down list and e-mail the PDF form to Firefighter 2;
    2)      Firefighter 2 opens the e-mail and the PDF attachment,
    completes the second portion of the Agreement Section, sign in the
    Firefighter 2 signature field (which locks the bottom portion of the
    Agreement Section), select Lieutenant 1 from the e-mail drop down list
    and e-mail the PDF form to Lieutenant 1;
    3)      Lieutenant 1 opens the e-mail and the PDF attachment, checks
    the approved box, signs the Lieutenant 1 signature field, select
    Lieutenant 2 from the e-mail drop down list and e-mail the PDF form to
    Lieutenant 2;
    4)      Step three continues through Lieutenant 2, Battalion Chief 1
    and Battalion Chief 2
    5)      Battalion Chief 2 sends the fully completed form back to
    Firefighter 1 who copies the completed form to Firefighter 2
    Note: if any of the officers disapprove the agreement the disapproved
    form is immediately sent back to Firefighter 1
    Jim Frazier, Deputy Chief
    Villages Public Safety Department
    3035 Morse Boulevard
    The Villages, FL 32163
    352-205-8280
    Honor in Service

  • Embedding Documents and Adding Digital Signatures

    I have the following two questions regarding Adobe Acrobat XI pdf fillable forms that I can't find in the manual:
    Embed supporting documentation and/or copy and paste information within the form 
    Allow digital signatures to be saved within the electronic version of the form
    I would appreciate any feedback available.
    Thanks!

    Use the Acrobat forum.

  • Digital Signatue in Acrobat reader X 10.1.10

    I have acrobat reader x 10.1.10 installed on my machine. But I not able to see the feature to digitally sign the document. Does this version support this featured if yes how to enable it? Does I have to download any extra component to get it worked?

    I don't think you can with Reader. Acrobat Pro? Maybe, but not Reader. You'll probably have to download the original document again.

  • Do embedded bitmaps in fonts really work with Adobe Digital Editions?

    I just made an interesting observation:
    I had turned the glyphs of a ttf-font by 90 degrees but the program that I used left the embedded bitmaps in the EBDT tables of the font unrotated. Using this font for example with Word had the interesting result that the font sometimes showed up correctly and sometimes not, depending on the size of the text on the screen.
    Interestingly enough, using the same font as an embedded font with Adobe Digital Editions 1.6 the font showed always up correctly on all sizes of the text.
    For me this looks as if Adobe Digital Editions does currently not support embedded bitmaps in ttf - fontfiles.
    Anybody had the same experience or knows about an official statement from Adobe concerning this?

    I just made an interesting observation:
    I had turned the glyphs of a ttf-font by 90 degrees but the program that I used left the embedded bitmaps in the EBDT tables of the font unrotated. Using this font for example with Word had the interesting result that the font sometimes showed up correctly and sometimes not, depending on the size of the text on the screen.
    Interestingly enough, using the same font as an embedded font with Adobe Digital Editions 1.6 the font showed always up correctly on all sizes of the text.
    For me this looks as if Adobe Digital Editions does currently not support embedded bitmaps in ttf - fontfiles.
    Anybody had the same experience or knows about an official statement from Adobe concerning this?

  • Ber Decoding error in embedded OCSPResponse

    Hi,
    I'm trying to sign Pdf using iText and I'd like to embed the OCSPResponse in the autheticated attributes of the SignerInfo.
    When  the document is validated online by Reader everything is ok. The  offline certificate status verification is successfull using the  embedded crl, but it fails to check the embedded OCSPResponse because of  "a BER decoding error". I can't figure out what the error is....
    You can download my PKCS7 files (one contains only the OCSP response, the other has both the OCSP and the crl) here:
    http://www.adrive.com/public/e30000d3d7e4b097f7b7733cd35ddb6e3bb3b75c3 538942194461dd755a395ab.html
    http://www.adrive.com/public/21971967c579fc0b065e5e05951fa486309be66ac 844427e367dbbb68a5183aa.html
    Can anybody help me, please?
    Thanks
    Tania

    Hi lizz4321,
    A digital ID is made up of three components; a private key, a corresponding public key, and some identifying information. The keys themselves are pretty straight forward, they are just big blobs of numbers used to encrypt and decrypt data. It's the identifying information that gets a bit tricky. On first look, the identifying information looks like plain text. You'll see your name and the issuer's name, a serial number, some dates for when the validity starts and ends. All pretty straight forward.
    However, all of this information is actually formatted using something called ASN.1 (it stands for Abstract Syntax Notation) and then encoded using BER (Basic Encoding Rules). When someone creates a digital ID they can put just about anything in there. Per specifications (RFC 5280 if you wanted to look it up) some items are required, and others are optional. Each piece of information that goes into the public-key certificate (the PKC is basically the digital ID without the private key) is contained in an extension. These extensions are identified using an OID (Object ID) and conform to a specification which may either be public or confidential.
    There are two possibilities in the case you are seeing. Either, some of the information that Acrobat knows about was formatted or encoded incorrectly, or, there is an optional entry that Acrobat doesn't understand how to decode. My guess is it's the latter possibility. There is a rule that states if an extension is marked as critical, and the application using the public-key certificate (in this case the application would be Acrobat), doesn't understand the extension, then the application is supposed to reject the certificate. It could be the former case (badly formatted data), but without seeing the certificate all I can do is guess.
    Steve

  • Adobe Reader X doesn't even try to validate expired user certificate used in digital signature

    Verifying a file signed with an expired certificate (timestamped or not) causes Adobe Reader to raise strange CRL parsing error:
    Note:
    the CRL is currently valid
    the errors "propagates" also on the OCSP responses
    the file is timestamped before the certificate revocation.
    the error is reproducible everytime and with different signature/CAs: personally I've tried with Frenc, Italian and Spanish signed evidences.
    Below the exceprt from the CertificateViewer-->ErrorInformation window
    CRL processing error
    Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
    This update: 20120123110005Z
    Next update: 20120124110005Z              
    CRL has expired or is not yet valid____________________________________________________________
    CRL processing error
    Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
    This update: 20120123110005Z
    Next update: 20120124110005Z
    CRL has expired or is not yet valid____________________________________________________________
    CRL processing error
    Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
    This update: 20120123110005Z
    Next update: 20120124110005Z
    CRL has expired or is not yet valid____________________________________________________________
    CRL processing error
    Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
    This update: 20120123110005Z
    Next update: 20120124110005Z
    CRL has expired or is not yet valid____________________________________________________________
    OCSP response has expired or is not yet valid____________________________________________________________
    CRL processing error
    Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
    This update: 20120123110005Z
    Next update: 20120124110005Z
    CRL has expired or is not yet valid____________________________________________________________
    CRL processing error
    Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
    This update: 20120123110005Z
    Next update: 20120124110005Z
    CRL has expired or is not yet valid____________________________________________________________
    or, for example
    CRL processing error
    Issuer: cn=InfoCert Firma Qualificata, ou=Certificatore Accreditato, serialNumber=07945211006, o=INFOCERT SPA, c=IT
    This update: 20120305161509Z
    Next update: 20120305172400Z
    CRL has expired or is not yet valid____________________________________________________________
    OCSP response has expired or is not yet valid____________________________________________________________
    CRL processing error
    Issuer: cn=InfoCert Firma Qualificata, ou=Certificatore Accreditato, serialNumber=07945211006, o=INFOCERT SPA, c=IT
    This update: 20120305161509Z
    Next update: 20120305172400Z
    CRL has expired or is not yet valid____________________________________________________________
    CRL processing error
    Issuer: cn=InfoCert Firma Qualificata, ou=Certificatore Accreditato, serialNumber=07945211006, o=INFOCERT SPA, c=IT
    This update: 20120305161509Z
    Next update: 20120305172400Z
    CRL has expired or is not yet valid

    Hello
    This issue dates back from 2012 and is still in Adobe Reader XI and DC. The behaviour seems to happen when a certificate has expired, there are no embedded CRL/OCSP responses and Reader is configured to validate at the time the signature was made. It goes online to check revocation based on the currently available CRL which is evidently NOT the CRL that was used at the time of signature, and fails with the "...not yet valid..." error message. If the certificate is not in the CRL, it should just forget about it and check if the signature date is between the certificate notBefore and notAfter dates.
    Can someone from Adobe just confirm if this is an actual bug or the intended behaviour ?
    Thank you.

  • Adobe Flash security exposure in HP Solution Center Digital Imaging code

    I have an HP Officejet 4500 with the HP Solution Center installed.
    Windows XP. 
    My security software identifies "Adobe Flash Player Multiple Vulnerabilities" embedded in the HP Digital Imaging product. 
    The versions and locations are:
    Adobe Flash 10.0 r2
    C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hwsetupwizard\setup_guide.exe
    Adobe Flash 9.0 r115
    C:\Program Files\HP\Digital Imaging\Help\player\FlashPla.exe
    Apparently the Digital Imaging products uses these for help and setup functions. They were likely installed initially but I can't find any way to update them. I have tried all update functions available for the Solution Center.
    Adobe Flash player is at version 11 as the standalone product on my machine, so this is not the issue. 
    The vulnerabilities are real 
    http://www.securelist.com/en/advisories/43267/?function=advisories&VN=43267
    http://www.securelist.com/en/advisories/41917/?function=advisories&VN=41917
    How do I get these Flash product versions updated? I am assuming if I delete the files the help and setup functions won't work.
    Thanks

    Alright, well.Ltaff, first of all, to let you know Solution Center does not need a different version of Adobe Flash Player. AFP is merely a conduit that puts together the coding for Solution Center so that it can function, and if AFP is not up to date then it can cause problems.
    If you have the most recent version, then those security issues have already been resolved through subsequent releases. Now, what it sounds like is that your security software is falsely detecting issues in the program or AFP was not correctly configured. 
    As a starting step, why don't we uninstall both the printer and Flash Player and reinstall them. 
     First if you use a USB cord, make sure to remove it. Do not plug it back in until the software directs you to. Then go through the Devices and Printers, Programs and Features and Device Manager folders and insure that all copies, files, and programs related to the printer are removed. Then as directed, restart the computer. 
    In the START menu type "%temp%" and press ENTER. Here I want you to press Ctrl+A and hit DELETE. Some of the files will not allow you to delete them, skip those files and delete the majority that allows it. 
    Then follow this link to download the full feature software and drivers for the printer. You will need to search for the correct model number of the 4500 you have (either G510a/g/n or G509a/g/n): 
    www.hp.com/go/support 
    Then uninstall AFP from Programs and Features and install it from the download :
    http://get.adobe.com/flashplayer/?fpchrome
    Install that and let me know the result! 
    Have a great day!

  • Cannot install Apple iPod and iTune downloads (invalid digital signature)

    Every time I try to install something from apple.com it won't let me. It brings up a message box that says something like "Invalid digital signatue" and it won't even give me a choice as to whether or not to download it. Has anyone else experienced this? If so, how did you fix it?

    I try different browsers and they all have certificate notice alert.
    New IE on win8 by default not allow to enter secure page with expire certificates.
    I hope that cisco will make new firmeware with functionality to add costume certificate pfx for example.
    Cisco support lower encryption type. Every new windows encrase cryptograpgi that IE support by default. Look IE about to see type 64 or 128 or 256…
    On xp will work good, but we are now in era of win 8 with IE that support by default 128 or 256 depending home or server version.

  • Error in NonRepudiation module

    Can anyone tell me what would cause the following error on a BTS 2006 server w/MS BizTalk Accelerator for RosettaNet 3.3?
    There was a failure executing the receive pipeline: "Microsoft.Solutions.BTARN.Pipelines.Receive, Microsoft.Solutions.BTARN.PipelineReceive, Version=3.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" Source: "Pipeline " Receive Port: "RNIF_Async_Receive" URI: "/BTARNHttpReceive/BTSHTTPReceive.dll?xRNResponseType=async" Reason: Unable to remove the message non-repudiation details of an incoming message.
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Thanks.

    Usually the non-repudiation information is a certificate or digital signature so that it cannot be denied that the message was sent from some person or party. Here is a good link on the RNIF protocol that mentions it uses S/MIME with digital signatues for non-repudation: http://www.rosettanet.org/cms/export/sites/default/RosettaNet/Downloads/whitePapers/RNIF2x1x1x.1.pdf.
    It sounds like a message is coming in and the RosettaNet accelerator is having trouble determining who the digital signature belongs to so it cannot route the message successfully. Are you sure that you have setup the certificates for all of your trading partners for received messages? Also, I noticed the URI is running asynchronously. Have you configured the party properties to be aware that an asynchronous response is signed?
    Thanks,

  • ID cs6 Embed Youtube

    Still having issues with embedding Youtube html into digital publishing documents. Running version 8.0.1. The process, outlined in many different resources, worked flawlessly until three days ago. I've tried the same process on 10 different computers running the same version of InDesign with the same result, nada. What is going on?
    Is there a way that I can look "under the hood" so that I can compare the code that worked with the code that isn't working?
    Did Youtube change it's embed code and Adobe hasn't caught up? This is the code I'm trying to embed.
    <iframe width="420" height="315" src="//www.youtube.com/embed/iLcNPFXWXd0?rel=0" frameborder="0" allowfullscreen></iframe>
    To the person reading this: Can you open an InDesign document for digital publication, go grab the iframe embed code from a Youtube video and see you can embed the html successfully? In Adobe veiwer I see nothing but a blank white document.
    Thanks
    Mark

    Embed a YouTube video using the following steps:
    Choose your video from YouTube.
    Choose Share / Embed and find the SRC in the Embed Code (//www.youtube.com/embed/Bt9zSfinwFA)
    Make note of the sizes that YouTube offers for Embedding. You will want to size your container similarly.
    Copy that and open your InDesign document.
    Place a container on the page.
    Adjust the size of the container to match the size shown on YouTube or at least keep it in the same aspect ratio.
    With the container selected, choose FOLIO OVERLAYS / WEB CONTENT.
    Paste in the URL you copied on step 2.
    Make sure to add 'http:' at the beginning of the pasted code.
    Choose autoplay so that the video thumbnail and play icon from YouTube will show on load.
    Choose transparent background, for no real reason I guess.
    Choose allow interaction so the user can click the play icon.
    Choose scale content to fit. This is why using the proper aspect ratio is important.
    Hope this helps to clarify.

  • Cannot open ebook...

    I've downloaded an ebook for Adobe Digital Editions, which is fine as it works on the computer where I downloaded it.  But it has become apparent that the ebook will open up only on my original computer and no others, even after I authorise them for ADE.  It seems that the book was not embedded properly with my digital signature for ADE when the book was downloaded.  After lengthy discussions with Adobe Support, the most significant thing they've accomplished is to fix up my original computer by remote access so that the book won't open there either.  So now I cannot read the book at all.  Adobe support says there is nothing they can do for me, and I also cannot get help from the vendor of the book as the publisher stopped distributing the book soon after I bought it.  This is the only ebook I have ever purchased and my account with ADE was created at the same time, so technically there should be no problems.
    After searching forums, I can see that problems with ADE are common, and that support from Adobe is extremely poor.  I doubt that I will ever touch another ADE ebook again. Other than buying an ADRM remover is there anything I can do to solve the problem?

    Try deleting the book via the Edit button at the top right of the bookshelf and then redownload it via the Purchased tab in the ibookstore in the app.
    If it re-downloads with the same problem then try the 'report a problem' page to contact iTunes Support : http://reportaproblem.apple.com
    If the 'report a problem' link doesn't work then you can try contacting iTunes Support via this page : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then Purchases, Billing & Redemption

  • Validate Digital Signature - Check CRL

    Hi all,
    (1) Is it possible for LiveCycle Document Security to validate the digital signature and check CRL, if there is NO CRL Distribution Point in the certificate itself?
    (2) Can I hardcode the CRL's URL in the LiveCycle Document Security's configuration file?
    Thanks.
    Sanney

    Sanney,
    I don't know about the CRL URL question, but if I understood correctly what you are trying to achieve, then:
    If you already have CRLs or certificate files at your disposal, you can store them in disk. You can then select "advanced" option when installing. This will allow you to point at the directories containing the credentials , so these can be included as an integral part of the overall server deployment.
    If later on you want to update the credentials, you can run Configuration Manager. You must then rededploy the updated server components to the application server.
    I'm currently writing this out of memory, but the documentation is very clear about this procedure.
    HTH,
    Evangelos

  • Can you Ignore Embedded Digital File Info?

    Hello!
    I'm trying to figure out if there's a way to have Photoshop ignore the embedded informationspecifically in-camera rotation datawhen it opens digital camera files. The difficulty I'm having is that I have an action script that opens files up and then saves them off for use with another application. Since Photoshop is recognizing the embedded rotation information, it will take a horizontal file, see that in camera it is indicated that it should be a vertical file and it'll open it in that orientation (vertical). When Photoshop saves the file, it has effectively rotated the file.
    The other application that I am using does NOT recognize this embedded information and, therefore, has a conflict with the saved off Photoshop files. This results in the application squishing the now vertical files into a horizontal space.
    The set of files I discovered this with were Cannon files, and Cannon says there's no way to strip the file of the info after the shot is taken (you can turn it off in camera), so I'm left trying to see if PS can ignore the data. I assume the same thing is happening with other digital cameras as well as I've seen this a good bit with files from a variety of people.
    Any help would be greatly appreciated.

    Could you check if this works for you?
    // opens the fileinfo dialog when an image is either copyrighted or other info fields have content;
    // use it at your own risk;
    #target photoshop;
    if (app.documents.length != 0) {
    var theCheck = false;
    var theProperties = [app.activeDocument.info.author, app.activeDocument.info.authorPosition, app.activeDocument.info.caption,
    app.activeDocument.info.captionWriter, app.activeDocument.info.category, app.activeDocument.info.city,
    app.activeDocument.info.copyrightNotice, app.activeDocument.info.country, app.activeDocument.info.creationDate, app.activeDocument.info.credit,
    app.activeDocument.info.headline, app.activeDocument.info.instructions, app.activeDocument.info.jobName, app.activeDocument.info.keywords,
    app.activeDocument.info.ownerUrl, app.activeDocument.info.provinceState, app.activeDocument.info.source,
    app.activeDocument.info.supplementalCategories, app.activeDocument.info.title, app.activeDocument.info.transmissionReference];
    for (var m = 0; m < theProperties.length; m++) {
    var thisProp = theProperties[m];
    if (thisProp.length > 0) {
    theCheck = true;
    if (app.activeDocument.info.copyrighted == CopyrightedType.COPYRIGHTEDWORK) {theCheck = true};
    if (theCheck == true) {
    fileInfo();
    ////// provided by paul riggott //////
    function fileInfo() {
        var desc3 = new ActionDescriptor();
            var ref2 = new ActionReference();
            ref2.putEnumerated( charIDToTypeID('Mn  '), charIDToTypeID('MnIt'), charIDToTypeID('FlIn') );
        desc3.putReference( charIDToTypeID('null'), ref2 );
        executeAction( charIDToTypeID('slct'), desc3, DialogModes.NO );

  • Can a digital magazine like Flipping Book be embedded into a site designed with Muse? If so how?

    Can a digital magazine like Flipping Book be embedded into a site designed with Muse? If so how?

    I assume you are talking about Flipping Book Publisher software (www.flippingbook.com). I have done this very easily. In the flipping book software you need to make sure that the sharing feature is enabled and export out the .html file. Once you have exported and you have it installed on your website, click on the sharing button on your flip
    catalog software. You can then copy the embed code from this window and paste it into Muse (see attached screen shot).

Maybe you are looking for

  • Ipod not showing up in itunes, computer asking to fix but nothing happening

    I plugged my ipod into my laptop and it said it was corrupted. Since that I've done the five r's and tried to scan it to find the problem. Nothing is working. The ipod just says recharging don't disconnect and then I get the message disk corrupted do

  • All in one HP Laser Jet Pro 200 Color MFP (M276n) stopped working

    I have an HP Laser Jet Pro 200 Color MFP (M276n) that I had installed and woking fine.  I changed my desk and removed the USB from the computer and when I plugged it in again i could not print or use any of the functions through the computer. I'm run

  • A lot of problems with Lion Server in Mac Mini Server

    I have a new Mac Mini Server and I have a lot of problems. The  server application works well for a day, then start to have problem, for example: I can not change the configuration of the share folder, I add a new user but he can not see some folders

  • My iCal on my computer can ot access my iCloud calendar

    whe my iCal calendar on my computer attempts to get info from the cloud I get a msg. that it can not be done.  I need to check email address and password. I have deleted accounts and re started accounts with email addresses and the password but it do

  • Reg activation of norton antivirus by redemption coupon

    sirkindly help me in finding thisproblem to be sorted out.i purchased a lap top of hp pavilion 15 series last month . and i was provided with the enter computer acessories kit,in that a norton antivirus redemption coupon was provided. and i followed