Adobe Acrobat Signature Validity Is Unknown
Ogier Dudley
So in this case they arent stored anywhere but the originators machine, thought they could export them to the fdl format ( or fdf, forget the extension), either way the next end user has to double click the extension and go through the hoops of adding to the trust (or just clicking the properties of the signature and adding to the trust).
I thought maybe there was a way via GPO to get these into AD so the end user that receives them doesnt have the unknown issue. Of course if they just accept and go through the steps for the 20 or so different people, it will stay on their local pc until the pc is lost or wiped, but imagine a company with 500 users, noone wants to make each person do this 500 times.
I should add that the digital signature done in adobe acrobat is a self signed certificate, so there really isnt a certificate path or higher level cert that could be added to all machines. Its per user.
A digital signature is printed on my pdf but not as what I expected, it should show a validity unknown symbol or signature valid symbol but it is not getting printed. I am getting it printed like below image.
What you describe is a behavior that has been deprecated in 2003 when Adobe Acrobat 6 has been published. In particular that behavior has never been specified in the ISO PDF specification ISO 32000; on the contrary it has been forbidden in the update ISO 32000-2. For references read this answer.
iText(Sharp) 5.x, having inherited its signing API implementation base from iText 2.x/4.x, still offered a backward switch (PdfSignatureAppearance.Acro6Layers) which set to false allowed the creation of signature appearances supporting those in-document validation status marks.
If you happen to work in a context which technologically got stuck in the early 2000s, and if you indeed are required to enable such (nowadays invalid) behavior, you may consider re-integrating the code for generating those pre-Acrobat6 layers in the current iText 7 sign module. If you compare the PdfSignatureAppearance.GetAppearance() source iText 5 and iText 7, you find quickly where with Acro6Layers == false additional layers where added.
This message does not indicate that the digital signature is invalid or corrupt. Instead it's a poorly worded message from Adobe that causes unnecessary alarm. If you click on the Signatures panel on the left hand side of Adobe Reader or Adobe Acrobat you will see additional information about this message. Expand the "Signature validity is unknown" field and you'll see a far more descriptive explanation of the issue.
It's important to note that this message is not saying that your digital signature is invalid and it's not saying that the PDF has been modified since it was signed (see the text in the screenshot above: "Document has not been modified since this signature was applied"), it's just saying that Adobe wasn't automatically able to validate the certificate. You also won't be able to manually validate the signature until the certificate is trusted by Adobe.
To resolve this issue you need to make Adobe trust the certificate that was used to sign the PDF. Warning: only do this if YOU trust the certificate. Don't do it for any random certificate as this can be a security issue and is not actually required if you just want to view the PDF.
"-The signer's identity is unknown because it has not been included in your list of trusted identities and none or its parent certificates are trusted identities" indicates your co-worker needs to add something to his copy of Acrobat/Reader. What he is missing a certificate and only you can provide him with a copy of the certificate you created to sign the PDF. After you send him or make available a copy of the certificate, then your coworker will need to import that certificate into his copy of Acrobat.
I can sign the pdf fine using the cert but when another user opens the document I get the error "At least one signature has problems". In the Signature Panel I see "Signer's identity is unknown because it has not been included in your list of trusted identities and none of its parent certificates are trusted identities".
It appears to me I need to add either the root or intermediary CA as a trusted identity. However, when I try to add it, neither certificate appears in the list from which to choose. I'm unsure where the certs in this list are being pulled from as they don't seem to match what I see in an of the stores. I've found some info around the net on this issue but I haven't been able to pull it all together.
This gets a bit complicated as there are two parts to the story. First is signature creation (a one time event) and the second part is signature validation (a many time event). When you create the signature Acrobat (or Reader) will at a minimum always add the certificate that corresponds to the digital ID used to create that signature. It will also add all of the certificates in the signing chain if it can find them. The next question is where does it find the certificates. It will look in a lot of places including the digital ID used to sign, in the Acrobat Manage Trusted Identities list, in the Windows Certificate Store or the Mac Keychain, in the Acrobat CertCache folder, other signatures, other digital IDs, known hardware devices and possibly online. The first thing it does is look to see if it can find the certificate that issued the signer's digital ID, and then recursively looks for the next issuing cert until it either finds a self-signed certificate or just can't find it.
Trust is not something the signer can imbue the signature with, but rather it is something granted by the person that is validating the signature. However, as part of the signature creation process, if you want to embed the revocation information so as to provide for long term validation you should have your system configure so that Acrobat can build the chain up to a trust anchor because without trust being established Acrobat will not do revocation checking, and without revocation checking being done as part of the signature creation process there will be nothing available to embed. So, before you sign make sure you can see the signature chain in the certificate viewer. To do this:
PDFs and digital signatures have provided a secure way to electronically sign and authenticate documents. PDF allows users to easily sign documents digitally. However, one aspect of digital signature is PDF signature validation. It involves validating the signature to verify the signer and the signed content.
So, if you are looking for how to validate signature in PDF or if you are unable to verify signature in a PDF, then this is the ultimate guide for you. Here we will cover all about PDF signature validation and discuss its complete process. Meanwhile, we will also introduce a comprehensive PDF editor with powerful PDF form creation and signing features, interested users can directly click the button below to get a free trial.
If you suspect any of the above reasons, then that's the reason why your signature not verified in PDF Mac/Windows. But don't worry. The next part talks in detail about how to validate signature in PDF.
The validator verifies the signer's certificate or its parent certificates to ensure that they are trusted. The validity of the signing certificate is also checked using the PDF tool settings. Besides that, the validator verifies the document's integrity to check if the signed content was altered after signing. If some changes were made, then the verification validates that the signer approved those changes.
Step 2. Click on the digital signature and see its current validity status. If it displays "Validity unknown" or "Signature Not Verified", then right-click the signature and tap "Validate Signature". Adobe Acrobat will perform the validation.
There also come scenarios when the digital signature is missing a certificate, or you may want to update its certificate. For that, you can use UPDF, an intuitive tool to import the license and install it under the trusted path. Here's how to do it:
UPDF is a modernized and feature-rich PDF signer and editor tool that is one of the dominating tools in the PDF tools market. UPDF offers an intuitive and advanced interface to handle almost all PDF-related activities. What you can get with UPDF are as follows:
In short, UPDF is an all-in-one PDF tool to read, sign, validate, edit, annotate, and do almost anything with PDFs. So, why miss out on this full-fledged tool? Download UPDF right now and access all the above features with a full free trial.
PDF signature validation is an important practice for authenticating documents. It ensures that the document is authentic and signed by the verified signer. So, if you are also using a digital signature, follow the above steps to validate the signature in PDF using Adobe Acrobat. Furthermore, if you frequently handle PDFs, then start using UPDF. It offers a one-stop tool to read, sign, edit, annotate, and do almost all activities with PDFs.
If you want to put this entry in your plugins' signature properties cab please make sure you use the DSSigPropIconState enum below for its values. This will ensure that DigSig use the appropriate icons (in sync with your plugins') to represent the signature's state. If you do not provide this value, DigSig will use validity icons according to what it thinks is the validity status of the signature.
ESObject is an EScript object that is supported as of Acrobat 5.0 by the escript plug-in. The EScript HFT has not been exposed to third party developers, thus you should use or assume NULL for ESObject parameters. Signature support for EScript is available only when using the PubSecHFT for public-key signatures.
No MDP. The document does not have a signature. In versions earlier than Acrobat 9.0, this status is returned for a document that does not have an author signature, but does have an ordinary signature. In Acrobat 9.0 and later, any signature will invoke MDP analysis of all subsequent changes.
4a15465005