Hello, in germany there is an official list about which algorithms are considered safe for hashing and signing documents with legally binding signatures:
http://www.bundesnetzagentur.de/DE/Sach ... _node.html
SHA-1 lost its last credentials for special use cases end of 2010. Till 2017 the following hash-methods are allowed: SHA-256, SHA-384, SHA-512.
At the moment PDF-XChange-Viewer Pro (I bought today) only uses SHA-1, which means that it is legally useless in germany. I think, the situation in the US should be not much different:
http://www.schneier.com/blog/archives/2 ... roken.html
Schneier on Security
February 15, 2005
SHA-1 Broken
SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing. (...)
Will there be an upgrade? Thanks! Michael
SHA-256 (and later) instead SHA-1 for signing?
Moderators: PDF-XChange Support, Daniel - PDF-XChange, Chris - PDF-XChange, Sean - PDF-XChange, Paul - PDF-XChange, Vasyl - PDF-XChange, Ivan - Tracker Software, Stefan - PDF-XChange
-
logies
- User
- Posts: 9
- Joined: Sat Apr 26, 2008 3:07 pm
-
Stefan - PDF-XChange
- Site Admin
- Posts: 19930
- Joined: Mon Jan 12, 2009 8:07 am
Re: SHA-256 (and later) instead SHA-1 for signing?
Hello Michael,
Yes - ver3 of our Viewer is upcoming, and as for your specific question - I have asked some of our devs directly invoved in digital signatures for an advise.
What I can tell on my own is that if you try to create a digital certificate directly in our Viewer - it offers you only two options 1024 and 2048 bit RSA keys - so I presume that the SHA-1 encryption certificates you have will need to be upgraded- and if you do have an appropriate certificate in your windows storage (or in a file) - you should be able to create a digital signature with it that will be compliant with the German regulations.
Best,
Stefan
Yes - ver3 of our Viewer is upcoming, and as for your specific question - I have asked some of our devs directly invoved in digital signatures for an advise.
What I can tell on my own is that if you try to create a digital certificate directly in our Viewer - it offers you only two options 1024 and 2048 bit RSA keys - so I presume that the SHA-1 encryption certificates you have will need to be upgraded- and if you do have an appropriate certificate in your windows storage (or in a file) - you should be able to create a digital signature with it that will be compliant with the German regulations.
Best,
Stefan
-
logies
- User
- Posts: 9
- Joined: Sat Apr 26, 2008 3:07 pm
Re: SHA-256 (and later) instead SHA-1 for signing?
Stefan, thanks for your answers!
It`s complicated...Don`t mix up the hash algorithm with the method of encrypting it or signing it with a certificate. Your software calculates a hash of the document, and only this hash is encrypted by the certificate/private key (doing it with the whole document would be too slow, I assume). When the document ist checked, only hashes (old encrypted/new) are compared. If the hash algorithm is weak, the document can be changed without changing the hash. I`m using my own certificates (certified by an CA till 2015) with PDF-XChange-Viewer, but the hash algorithm has to be implemented in your software. Thanks, Michael!
It`s complicated...Don`t mix up the hash algorithm with the method of encrypting it or signing it with a certificate. Your software calculates a hash of the document, and only this hash is encrypted by the certificate/private key (doing it with the whole document would be too slow, I assume). When the document ist checked, only hashes (old encrypted/new) are compared. If the hash algorithm is weak, the document can be changed without changing the hash. I`m using my own certificates (certified by an CA till 2015) with PDF-XChange-Viewer, but the hash algorithm has to be implemented in your software. Thanks, Michael!
-
Stefan - PDF-XChange
- Site Admin
- Posts: 19930
- Joined: Mon Jan 12, 2009 8:07 am
Re: SHA-256 (and later) instead SHA-1 for signing?
Hello Michael,
Apologies for mixing all the terminology here.
Seems I need to read a bit more on digital signatures and all
I have passed that to our devs nevertheless, so they will give an appropriate and correct reply a bit later.
Best,
Stefan
Apologies for mixing all the terminology here.
Seems I need to read a bit more on digital signatures and all
I have passed that to our devs nevertheless, so they will give an appropriate and correct reply a bit later.
Best,
Stefan
-
Ivan - Tracker Software
- Site Admin
- Posts: 3603
- Joined: Thu Jul 08, 2004 10:36 pm
Re: SHA-256 (and later) instead SHA-1 for signing?
PDF-XChange uses the Windows Crypto API for dealing with certificates.
We try to use SHA2-256 when the cryptographic provider (returned by CryptAcquireCertificatePrivateKey) that manages the certificate selected for signing the document does support this cache algorithm.
If not, SHA1 algorithm will be used.
We try to use SHA2-256 when the cryptographic provider (returned by CryptAcquireCertificatePrivateKey) that manages the certificate selected for signing the document does support this cache algorithm.
If not, SHA1 algorithm will be used.
PDF-XChange Co Ltd. (Project Director)
When attaching files to any message - please ensure they are archived and posted as a .ZIP, .RAR or .7z format - or they will not be posted - thanks.
When attaching files to any message - please ensure they are archived and posted as a .ZIP, .RAR or .7z format - or they will not be posted - thanks.
-
logies
- User
- Posts: 9
- Joined: Sat Apr 26, 2008 3:07 pm
Re: SHA-256 (and later) instead SHA-1 for signing?
Ivan, could we dig a bit deeper, why SHA-256 doesn`t work for me on my system (Win XP)? I could mail you a signed test document. Or you could send me a little program checking the cryptographic provider (I`m only an end user, I can`t do it myself). The details of the signing results you can get from this free software (I bought it for being able to sign, but otherwise they are identical). The software is certified by a german government agency for signing purposes and is market leader in germany: http://www.openlimit.com/en/products/reader.html. Thanks!
-
Stefan - PDF-XChange
- Site Admin
- Posts: 19930
- Joined: Mon Jan 12, 2009 8:07 am
Re: SHA-256 (and later) instead SHA-1 for signing?
Hello logies,
As it showed up - I am not an expert in digital signatures, but see what I found out:
http://blogs.msdn.com/b/alejacma/archiv ... ws-xp.aspx
So it seems you will need to have SP3 installed on your XP machine. If you do not - can you try to install it and let us know if that helps?
I have also asked Ivan to comment further on the rest of your latest post, and you can always send us a sample signed document either to support@pdf-xchange.com or attach it to this topic if it's not confidential.
Best,
Stefan
As it showed up - I am not an expert in digital signatures, but see what I found out:
http://blogs.msdn.com/b/alejacma/archiv ... ws-xp.aspx
So it seems you will need to have SP3 installed on your XP machine. If you do not - can you try to install it and let us know if that helps?
I have also asked Ivan to comment further on the rest of your latest post, and you can always send us a sample signed document either to support@pdf-xchange.com or attach it to this topic if it's not confidential.
Best,
Stefan
-
Ivan - Tracker Software
- Site Admin
- Posts: 3603
- Joined: Thu Jul 08, 2004 10:36 pm
Re: SHA-256 (and later) instead SHA-1 for signing?
As I mentioned before, for now the Viewer uses the cryptographic provider returned by CryptAcquireCertificatePrivateKey function.
Often it is basic provider and it doesn't support SHA2, and I'm not sure it will be possible to use another provider with MS Crypto API.
Often it is basic provider and it doesn't support SHA2, and I'm not sure it will be possible to use another provider with MS Crypto API.
PDF-XChange Co Ltd. (Project Director)
When attaching files to any message - please ensure they are archived and posted as a .ZIP, .RAR or .7z format - or they will not be posted - thanks.
When attaching files to any message - please ensure they are archived and posted as a .ZIP, .RAR or .7z format - or they will not be posted - thanks.
-
logies
- User
- Posts: 9
- Joined: Sat Apr 26, 2008 3:07 pm
Re: SHA-256 (and later) instead SHA-1 for signing?
Stefan, Ivan,
I`m using Win XP SP3. I have signed the attached PDF (showing my cryptographic providers) within PDFXChange-Viewer and then with Signcube, using the same certificate. PDFXChange Viewer uses SHA-1 (and doesn`t get the time stamp, though the time server is defined, and it asks me two times for my code), Signcube uses SHA-256 (and gets the time stamp from the same time server, http://tsp.signtrust.de/tsp/dpcom, and asks me for my code only once). I have also attached my used certificate and the certificates above me in the chain of certificates. Any ideas how to fix these problems? Thanks! Michael
I`m using Win XP SP3. I have signed the attached PDF (showing my cryptographic providers) within PDFXChange-Viewer and then with Signcube, using the same certificate. PDFXChange Viewer uses SHA-1 (and doesn`t get the time stamp, though the time server is defined, and it asks me two times for my code), Signcube uses SHA-256 (and gets the time stamp from the same time server, http://tsp.signtrust.de/tsp/dpcom, and asks me for my code only once). I have also attached my used certificate and the certificates above me in the chain of certificates. Any ideas how to fix these problems? Thanks! Michael
You do not have the required permissions to view the files attached to this post.
-
Ivan - Tracker Software
- Site Admin
- Posts: 3603
- Joined: Thu Jul 08, 2004 10:36 pm
Re: SHA-256 (and later) instead SHA-1 for signing?
Do you have access to the comp with Windows 7 installed? If yes, can you try if it works (especially time stamping) there?
PDF-XChange Co Ltd. (Project Director)
When attaching files to any message - please ensure they are archived and posted as a .ZIP, .RAR or .7z format - or they will not be posted - thanks.
When attaching files to any message - please ensure they are archived and posted as a .ZIP, .RAR or .7z format - or they will not be posted - thanks.