Tweet
I'm trying to validate a digitally signed PDF document from one of Russian state services. Russian law requires the use of GOST R 43.11-2012 hash algorithm and GOST R 34.10-2012/34.11-2012 digital signature algorithm, so I downloaded and installed the VipNET CSP that implements this algorithm.
I have tried several PDF readers to verify the signature. The good thing to note is that Foxit Reader was the only one to say: "The document has not been modified since this signature was applied". It means that the cryptography in charge of verifying the signature was actually called and that it worked correctly.
The bad thing is that it failed to trust the signer certificate despite having the root certificate installed (both in Windows and in Foxit Reader). If I install the signer's certificate as trusted in Foxit Reader, it tells the signature is valid.
Why does Foxit Reader fail to trust the signer's certificate based on the root certificate?
Attached:
1) The document ul-1025500508593-20200506153538.pdf
2) Certificates certs.zip
3) Screenshot of Windows certificate viewer
4) Screenshot of Foxit Reader trusted certificate list
I have tried several PDF readers to verify the signature. The good thing to note is that Foxit Reader was the only one to say: "The document has not been modified since this signature was applied". It means that the cryptography in charge of verifying the signature was actually called and that it worked correctly.
The bad thing is that it failed to trust the signer certificate despite having the root certificate installed (both in Windows and in Foxit Reader). If I install the signer's certificate as trusted in Foxit Reader, it tells the signature is valid.
Why does Foxit Reader fail to trust the signer's certificate based on the root certificate?
Attached:
1) The document ul-1025500508593-20200506153538.pdf
2) Certificates certs.zip
3) Screenshot of Windows certificate viewer
4) Screenshot of Foxit Reader trusted certificate list
Comment