Issue while S/Mime signing of documents

Forum for the PDF-XChange Editor - Free and Licensed Versions

Moderators: TrackerSupp-Daniel, Tracker Support, Paul - Tracker Supp, Vasyl-Tracker Dev Team, Chris - Tracker Supp, Sean - Tracker, Ivan - Tracker Software, Tracker Supp-Stefan

Post Reply
pdfcoder
User
Posts: 68
Joined: Tue Aug 27, 2013 6:10 am

Issue while S/Mime signing of documents

Post by pdfcoder »

Hello,
in latest version 8.0.333.0 seems to be a little bug:
After signing a pdf document with a S/Mime key and Starfield Timestamp Authority please save the pdf document.
After reopening click the signature for verify, check signature (screenshot attached).
Now check the first blue link 'Signiert von' / signed by: It shows the individual S/Mime certificate, correct.
Now check the second blue link 'Zeitstempel' / timestamp: It shows also the individual S/Mime certificate, NOT the expected certificate für Starfield Timestamp Authority, NOT correct.

Please check (and correct) this behaviour.

Image

Thank you and best regards !
User avatar
Tracker Supp-Stefan
Site Admin
Posts: 17822
Joined: Mon Jan 12, 2009 8:07 am
Location: London
Contact:

Re: Issue while S/Mime signing of documents

Post by Tracker Supp-Stefan »

Hello pdfcoder,

A colleague from the dev team managed to reproduce the problem, and is working on a fix. The fix will be included in the next build of our products!

P.S. The issue is now fixed, so the new build will definitely include it.

Regards,
Stefan
pdfcoder
User
Posts: 68
Joined: Tue Aug 27, 2013 6:10 am

Re: Issue while S/Mime signing of documents

Post by pdfcoder »

Hello,

i did just try signing with v8.0.334.0:
Signing itself works, but if file is re-opened and signing 'Starfield Timestamp Authority - G2' certificate is checked by user, parent/ issueing certificate 'Starfield Secure Certificate Authority - G2' is missing...
So timestamp still cannot be verified.

It is a standard Win10prof(64) system, no manual manipulation of certmgr.
Maybe a wrong timestamp certificate is used?

Thx + regards, Chris
Screen-2019-12-06_12-18-05.jpg
User avatar
TrackerSupp-Daniel
Site Admin
Posts: 8436
Joined: Wed Jan 03, 2018 6:52 pm

Re: Issue while S/Mime signing of documents

Post by TrackerSupp-Daniel »

Hello PDFCoder,

Nothing is missing here, the timestamp certificate used reflects what we get back from the server, you will see the same details if you sign the document with our competitors, such as adobe, using the same timestamp authority:
image.png
This warning simply means that Windows itself does not have the necessary information to verify this item. if a signature is outright invalid, you would see a different message.

Kind regards,
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD

+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
pdfcoder
User
Posts: 68
Joined: Tue Aug 27, 2013 6:10 am

Re: Issue while S/Mime signing of documents

Post by pdfcoder »

Thanks for answer.

Starfield root certificates are included in MS Win10prof certmgr.msc, pls refer to attached screenshot.

There must be an issue while validating certificate chain from timestamp to intermediar to root, isn't it?

'Starfield Timestamp Authority - G2' and 'Starfield Secure Certificate Authority - G2' should be trusted with green hook as it has been in former versions of Xchange Editor, if certificate chain is complete and trusted.

Best regards, Chris
starfield.jpg
User avatar
TrackerSupp-Daniel
Site Admin
Posts: 8436
Joined: Wed Jan 03, 2018 6:52 pm

Re: Issue while S/Mime signing of documents

Post by TrackerSupp-Daniel »

Hello pdfcoder,

Thank you for the screenshot and further details, the odd part in all of this is that unlike Adobe and some of our competitors, we actually use the cert manager built into windows to view the certificate chain and locate its root certificate. We are unsure why exactly, but Windows itself is unable to see the chain despite the fact that, for example, Adobe and Foxit's custom handlers are able to.

We are looking possible workarounds we can offer here, but as the issue is in how windows itself is *reading* the certificate chain, not in applying it (you can see looking in other software's that the cert is valid and the chain is present), there may not be much we can do immediately. If Microsoft cannot resolve this from their end, it is likely we will need to look into building our own custom handler, which will be a long term project if it is pursued.

Kind regards,
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD

+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
pdfcoder
User
Posts: 68
Joined: Tue Aug 27, 2013 6:10 am

Re: Issue while S/Mime signing of documents

Post by pdfcoder »

Hello,
thanks for explaination.

Before validating of timestamp got brocken, it works in PDFeditor for same (!) Starfield certificate. (Sorry, I don't know the exact last working version)
So in my opinion there must be an issue while re-implementing proper timestamp verification in PDFeditor, isn't it?
Starfield root certificates are same, I did check it with an older Win10 in virtual machine.

So: Good luck with fixing it :D

kind regards Chris
User avatar
TrackerSupp-Daniel
Site Admin
Posts: 8436
Joined: Wed Jan 03, 2018 6:52 pm

Re: Issue while S/Mime signing of documents

Post by TrackerSupp-Daniel »

Hello Chris,

Sorry for the delay, In an effort to confirm that a previous version handled this differently so that I could show an example to the Dev team, I was unable to see verification of this timestamp going multiple years back in our software (from now back through build 316.1) in the current latest updates of Windows 10. You mentioned that you did this check on an older Win10 VM, could I ask you what build of windows is running there?

If we know which build of windows this does work in, we can test there and confirm where the issue lies.

Kind regards,
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD

+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
pdfcoder
User
Posts: 68
Joined: Tue Aug 27, 2013 6:10 am

Re: Issue while S/Mime signing of documents

Post by pdfcoder »

Hello,
it has been Win10pro 1803 v17134.1 (April 2018). I don't know the exact PDFeditor version.
For further evaluation:
Is it possible to download older builds of PDFeditor Pro? Link?

Thanks and regards, Chris
User avatar
TrackerSupp-Daniel
Site Admin
Posts: 8436
Joined: Wed Jan 03, 2018 6:52 pm

Re: Issue while S/Mime signing of documents

Post by TrackerSupp-Daniel »

Hello pdfcoder,

Thank you for confirming that, I will see if we can get an 1803 VM up and running for testing here.
Regarding downloading previous versions of our software, this is certainly possible, you can find the link on our downloads page beside the relevant product:
image.png
Note that we DO NOT have any product called "Editor PRO", might you be looking for the "Editor Plus", or the "PDF-XChange PRO" bundle instead?

Kind regards
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD

+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
pdfcoder
User
Posts: 68
Joined: Tue Aug 27, 2013 6:10 am

Re: Issue while S/Mime signing of documents

Post by pdfcoder »

Sorry, it is PDF-Xchange Pro registered, currently v8.0.334.0 (Enhanced OCR) with PDF-XChange Editor Plus included...
kind regards
Post Reply