Issue while S/Mime signing of documents
Moderators: TrackerSupp-Daniel, Tracker Support, Paul - Tracker Supp, Vasyl-Tracker Dev Team, Chris - Tracker Supp, Sean - Tracker, Ivan - Tracker Software, Tracker Supp-Stefan
Issue while S/Mime signing of documents
Hello,
in latest version 8.0.333.0 seems to be a little bug:
After signing a pdf document with a S/Mime key and Starfield Timestamp Authority please save the pdf document.
After reopening click the signature for verify, check signature (screenshot attached).
Now check the first blue link 'Signiert von' / signed by: It shows the individual S/Mime certificate, correct.
Now check the second blue link 'Zeitstempel' / timestamp: It shows also the individual S/Mime certificate, NOT the expected certificate für Starfield Timestamp Authority, NOT correct.
Please check (and correct) this behaviour.
Thank you and best regards !
in latest version 8.0.333.0 seems to be a little bug:
After signing a pdf document with a S/Mime key and Starfield Timestamp Authority please save the pdf document.
After reopening click the signature for verify, check signature (screenshot attached).
Now check the first blue link 'Signiert von' / signed by: It shows the individual S/Mime certificate, correct.
Now check the second blue link 'Zeitstempel' / timestamp: It shows also the individual S/Mime certificate, NOT the expected certificate für Starfield Timestamp Authority, NOT correct.
Please check (and correct) this behaviour.
Thank you and best regards !
- Tracker Supp-Stefan
- Site Admin
- Posts: 17822
- Joined: Mon Jan 12, 2009 8:07 am
- Location: London
- Contact:
Re: Issue while S/Mime signing of documents
Hello pdfcoder,
A colleague from the dev team managed to reproduce the problem, and is working on a fix. The fix will be included in the next build of our products!
P.S. The issue is now fixed, so the new build will definitely include it.
Regards,
Stefan
A colleague from the dev team managed to reproduce the problem, and is working on a fix. The fix will be included in the next build of our products!
P.S. The issue is now fixed, so the new build will definitely include it.
Regards,
Stefan
Re: Issue while S/Mime signing of documents
Hello,
i did just try signing with v8.0.334.0:
Signing itself works, but if file is re-opened and signing 'Starfield Timestamp Authority - G2' certificate is checked by user, parent/ issueing certificate 'Starfield Secure Certificate Authority - G2' is missing...
So timestamp still cannot be verified.
It is a standard Win10prof(64) system, no manual manipulation of certmgr.
Maybe a wrong timestamp certificate is used?
Thx + regards, Chris
i did just try signing with v8.0.334.0:
Signing itself works, but if file is re-opened and signing 'Starfield Timestamp Authority - G2' certificate is checked by user, parent/ issueing certificate 'Starfield Secure Certificate Authority - G2' is missing...
So timestamp still cannot be verified.
It is a standard Win10prof(64) system, no manual manipulation of certmgr.
Maybe a wrong timestamp certificate is used?
Thx + regards, Chris
- TrackerSupp-Daniel
- Site Admin
- Posts: 8436
- Joined: Wed Jan 03, 2018 6:52 pm
Re: Issue while S/Mime signing of documents
Hello PDFCoder,
Nothing is missing here, the timestamp certificate used reflects what we get back from the server, you will see the same details if you sign the document with our competitors, such as adobe, using the same timestamp authority: This warning simply means that Windows itself does not have the necessary information to verify this item. if a signature is outright invalid, you would see a different message.
Kind regards,
Nothing is missing here, the timestamp certificate used reflects what we get back from the server, you will see the same details if you sign the document with our competitors, such as adobe, using the same timestamp authority: This warning simply means that Windows itself does not have the necessary information to verify this item. if a signature is outright invalid, you would see a different message.
Kind regards,
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Re: Issue while S/Mime signing of documents
Thanks for answer.
Starfield root certificates are included in MS Win10prof certmgr.msc, pls refer to attached screenshot.
There must be an issue while validating certificate chain from timestamp to intermediar to root, isn't it?
'Starfield Timestamp Authority - G2' and 'Starfield Secure Certificate Authority - G2' should be trusted with green hook as it has been in former versions of Xchange Editor, if certificate chain is complete and trusted.
Best regards, Chris
Starfield root certificates are included in MS Win10prof certmgr.msc, pls refer to attached screenshot.
There must be an issue while validating certificate chain from timestamp to intermediar to root, isn't it?
'Starfield Timestamp Authority - G2' and 'Starfield Secure Certificate Authority - G2' should be trusted with green hook as it has been in former versions of Xchange Editor, if certificate chain is complete and trusted.
Best regards, Chris
- TrackerSupp-Daniel
- Site Admin
- Posts: 8436
- Joined: Wed Jan 03, 2018 6:52 pm
Re: Issue while S/Mime signing of documents
Hello pdfcoder,
Thank you for the screenshot and further details, the odd part in all of this is that unlike Adobe and some of our competitors, we actually use the cert manager built into windows to view the certificate chain and locate its root certificate. We are unsure why exactly, but Windows itself is unable to see the chain despite the fact that, for example, Adobe and Foxit's custom handlers are able to.
We are looking possible workarounds we can offer here, but as the issue is in how windows itself is *reading* the certificate chain, not in applying it (you can see looking in other software's that the cert is valid and the chain is present), there may not be much we can do immediately. If Microsoft cannot resolve this from their end, it is likely we will need to look into building our own custom handler, which will be a long term project if it is pursued.
Kind regards,
Thank you for the screenshot and further details, the odd part in all of this is that unlike Adobe and some of our competitors, we actually use the cert manager built into windows to view the certificate chain and locate its root certificate. We are unsure why exactly, but Windows itself is unable to see the chain despite the fact that, for example, Adobe and Foxit's custom handlers are able to.
We are looking possible workarounds we can offer here, but as the issue is in how windows itself is *reading* the certificate chain, not in applying it (you can see looking in other software's that the cert is valid and the chain is present), there may not be much we can do immediately. If Microsoft cannot resolve this from their end, it is likely we will need to look into building our own custom handler, which will be a long term project if it is pursued.
Kind regards,
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Re: Issue while S/Mime signing of documents
Hello,
thanks for explaination.
Before validating of timestamp got brocken, it works in PDFeditor for same (!) Starfield certificate. (Sorry, I don't know the exact last working version)
So in my opinion there must be an issue while re-implementing proper timestamp verification in PDFeditor, isn't it?
Starfield root certificates are same, I did check it with an older Win10 in virtual machine.
So: Good luck with fixing it
kind regards Chris
thanks for explaination.
Before validating of timestamp got brocken, it works in PDFeditor for same (!) Starfield certificate. (Sorry, I don't know the exact last working version)
So in my opinion there must be an issue while re-implementing proper timestamp verification in PDFeditor, isn't it?
Starfield root certificates are same, I did check it with an older Win10 in virtual machine.
So: Good luck with fixing it
kind regards Chris
- TrackerSupp-Daniel
- Site Admin
- Posts: 8436
- Joined: Wed Jan 03, 2018 6:52 pm
Re: Issue while S/Mime signing of documents
Hello Chris,
Sorry for the delay, In an effort to confirm that a previous version handled this differently so that I could show an example to the Dev team, I was unable to see verification of this timestamp going multiple years back in our software (from now back through build 316.1) in the current latest updates of Windows 10. You mentioned that you did this check on an older Win10 VM, could I ask you what build of windows is running there?
If we know which build of windows this does work in, we can test there and confirm where the issue lies.
Kind regards,
Sorry for the delay, In an effort to confirm that a previous version handled this differently so that I could show an example to the Dev team, I was unable to see verification of this timestamp going multiple years back in our software (from now back through build 316.1) in the current latest updates of Windows 10. You mentioned that you did this check on an older Win10 VM, could I ask you what build of windows is running there?
If we know which build of windows this does work in, we can test there and confirm where the issue lies.
Kind regards,
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Re: Issue while S/Mime signing of documents
Hello,
it has been Win10pro 1803 v17134.1 (April 2018). I don't know the exact PDFeditor version.
For further evaluation:
Is it possible to download older builds of PDFeditor Pro? Link?
Thanks and regards, Chris
it has been Win10pro 1803 v17134.1 (April 2018). I don't know the exact PDFeditor version.
For further evaluation:
Is it possible to download older builds of PDFeditor Pro? Link?
Thanks and regards, Chris
- TrackerSupp-Daniel
- Site Admin
- Posts: 8436
- Joined: Wed Jan 03, 2018 6:52 pm
Re: Issue while S/Mime signing of documents
Hello pdfcoder,
Thank you for confirming that, I will see if we can get an 1803 VM up and running for testing here.
Regarding downloading previous versions of our software, this is certainly possible, you can find the link on our downloads page beside the relevant product: Note that we DO NOT have any product called "Editor PRO", might you be looking for the "Editor Plus", or the "PDF-XChange PRO" bundle instead?
Kind regards
Thank you for confirming that, I will see if we can get an 1803 VM up and running for testing here.
Regarding downloading previous versions of our software, this is certainly possible, you can find the link on our downloads page beside the relevant product: Note that we DO NOT have any product called "Editor PRO", might you be looking for the "Editor Plus", or the "PDF-XChange PRO" bundle instead?
Kind regards
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Re: Issue while S/Mime signing of documents
Sorry, it is PDF-Xchange Pro registered, currently v8.0.334.0 (Enhanced OCR) with PDF-XChange Editor Plus included...
kind regards
kind regards