PAdES Verify breaks: An error was detected but could not be added to this report

[iupsilon]

Hi, I tried to verify the file in attachment but the PAdES Conformance Checker breaks. The report says:

_Notification of errors. The AdES Conformance Checker has found some error before being able to build a suitable framework for starting checking conformance. See below in case it has been able to provide additional information on the error.

An error was detected but could not be added to this report_

As far as a know, the pdf contains multiple Acroread fields, including a signed Signature field. Furthermore it includes 2 embedded attachments.

Will you kindly let me know what is the problem with this file?

Many thanks.

VerifyBreak.pdf

[jccruellas]

Good afternoon,

I have checked the PAdESCC tool and fixed a problem with PDF references. Now my local copy is able to fully process your pdf file, which includes 2 signatures, a DSS, and a DocTimeStamp.

I attach a zip file with the html pages generated by my local copy. I plan to update the tool deployed in the ETSI server during this week.

Meanwhile, please notice the following remarks. When checking against ETSI EN 319 142-1 (PAdES baseline signatures):

1. In the signature-1, the PAdESCC raises an error because it does not recognize the attribute cmsAlgorithmProtect := 1.2.840.113549.1.9.52. This is an attribute added to a RFC 31 61 time-stamp: the one present in the signaturetimestamp....
2. Signature-2 does not have any signed attribute, and its subfilter value is 'adbe.pkcs7.detached' instead ETSI.CAdES.detached, as specified in ETSI EN 319142-1 clause 6.3, additional requirement l)...briefly speaking: you have included a regular PDF signature instead a PAdES baseline signature.

However, when checking against ETSI EN 319 142-2 (additional PAdES signatures profiles), the error number 2 disappears as this spec also defines a profile for CML digital signatues in PDF, and the former requirement is not needed.

I attach two result packages, one for each spec VerifyBreak_against_EN319142_1.zip VerifyBreak_against_EN319142_2.zip

[iupsilon]

Many thanks for the results.

I have several pdf signed PAdES that also break during verification, I'm not sure if the reason is the same but I will definitely check them as soon as you update the tool.

[jccruellas]

Good morning,

I have deployed the new version of PAdESCC at the ETSI Portal. I suggest to proceed as follows:

1. You upload exactly the same signature that you shared with me.
2. If you get the results that I have mentioned, you let me know and I will close this issue
3. After that, you may proceed to upload other signatures... if during this process you find some other problem, you open new issues. One comment: you will notice that one of the errors has moved to be a warning. More specifically, PAdESCC reported the presence of a signed attribute in the signaturetimestamp. I think that, strictly speaking, this is not an error. In the end PAdES does not specify formats for time-stamp tokens. So, now the PAdESCC raises a warning mentioning that it does not know this attribute in the time-stamp token and that it will not check it. Hope this helps Looking forward your feedback Juan Carlos

[iupsilon]

I confirm that the result report is the same as the one you provided above (besides the severity level related to signed attribute in the signaturetimestamp). Many thanks for the support. Cheers. Yari Melzani

[jccruellas]

Thank you very much indeed for this Yari. Should you find any other issue, just open a new issue here. I will close now this issue Best regards Juan Carlos