Adobe Acrobat settings for signature validation

Decision 2015/1506/EU pursuant to Regulation (EU) 910/2014 (also known as eIDAS) has defined a number of baseline profiles (e.g. PAdES, XAdES, etc.) to ensure that electronic signatures can be created and validated anywhere in Europe.

When a user performs a signing operation with Acrobat and tries to validate the signature at a later time using a signature validation software like DSS (Digital Signature Service) WebApp, either after the certificate’s expiration or revocation, the validation fails.

This happens because Acrobat’s default behavior is not conformant with the PAdES (PDF Advanced Electronic Signature) baseline profile. Its default settings do not include the mandatory “message-digest” attribute (and other signed attributes) which is enforced by the default DSS validation policy.

Acrobat offers a different signature option which does contain the “message-digest” attribute and passes validation by the DSS app successfully but needs the user to change the default settings of the application.

To do this, the user has to open Acrobat’s “Creation and Appearance Preferences” and choose CAdES-Equivalent as the Default Signing Format.

Finally, it is highly recommended that the checkbox “Include signature’s revocation status” is selected so the signature is LTV (Long Term Validation) enabled.