Digitally signed documents are not conformant to ETSI standards
ETSI signature conformance checker at https://signatures-conformance-checker.etsi.org reports some problems with digital signatures created in Acrobat configured for CAdES-Equivalent default signing format:
57. Error: Contents/CAdESSignature/content/signedData/signerInfos/signerInfo[1]/signedAttrs/attribute[3]/attrValues/essSigningCertificateV2[1]-{CheckSchemaForChildren}
Children order and number DO NOT MATCH specification
Specification: certs+
Elements found: certs policies
Error indication (^ appears at the end of the last correct child): certs^ policies
64. Error: Contents/CAdESSignature/content/signedData/signerInfos/signerInfo[1]/signedAttrs/attribute[4]/attrValues/NotKnownComponent[1]-{ForAllTheChildrenDo}
An unknown component has been reached. Consequently, its children and their processing are unknown to the TLCC. No further checks will be done to this component
Error #57 relates to the fact, that according to ETSI EN 319 122-1, clause 5.2.2.3, policies field shall NOT be used in essSigningCertificateV2.
Error #64 is caused by OID 1.2.840.113583.1.1.8 (Adobe revocationInfoArchival) which is not allowed in CAdES-Equivalent signatures. Acrobat shall automatically disable config option "Include signature's revocation status" for CAdES signatures. Users can add revocation info after signing - via "Add Verification Information".
Marian Ďurkovič
shared this idea
-
Any news on this bug report?