Hi to all,
About
http://forums.adobe.com/message/3707345
https://forums.adobe.com/message/4606094
I understandthatstoresdigitalIDinWindows.
Theuser select adigitalID fromthe drop-downlist onthe SignDocumentdialog (2"ID" will beidentical,onecomes fromthe WIN storage otherdirectly from thetoken.
Whit the frist the sign is SHA-1 digest method, with the second SHA-256 digest method.
If it is true,asMADWINsays:
The way signing works is the whole file is written to disk before the digest is generated. The next step is to compute the byte range to sign (we leave a hole in the middle of the file to write in the actual signature) and then the digest is computed over the byte range. When signing with a smart card or token the digest is sent to the hardware device (via either CAPI/CNG or a PKCS#11 interface) where the private key encrypts the digest. At this point Acrobat (and when I say Acrobat I mean both Acrobat and Reader) is waiting to get something back from the hardware device. Either, we get the encrypted digest back or an error code. If we get the error code, and SHA-256 was used initially, we then recompute the digest using SHA-1, resend the digest and again wait for a response from the hardware.
We just() have to find ways to prevent recompute the digest using SHA-1 and stop sign-process.
But how to do it?
Maybe modify the registry key settings ?
Thanks