Forum Discussion

_LuisSilva's avatar
_LuisSilva
Brass Contributor
Aug 26, 2022

MSEDGE "View the details of digital signatures in PDFs" not working

MSEDGE Version: 104.0.1293.70 (Official build) (64-bit) [Windows 10]

PDFs tested: common e-invoice certificate-based digital signed PDFs, Word test PDFs normal or PDF/A compliant (with and without TLV signatures)

MSEDGE config: via FLAG (Enable Digital Signature for PDF) or/and via Policy (PDFSecureMODE, https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#pdfsecuremode )

 

None of the tested certificate-based digital signed PDFs opened by MSEDGE showed the top strip that allows the visualization and validation of the digital signature has the long publicized feature refers to.

 

Does anyone have some feedback on this behavior? Why and when it should happen?

 

Its publicized in the https://www.microsoftedgeinsider.com/en-us/whats-new on the "Try It" section, with the title "View the details of digital signatures in PDFs" (and even before since v90 or something like that)
https://techcommunity.microsoft.com/t5/articles/roadmap-for-pdf-reader-in-microsoft-edge/m-p/2175170

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-pdf#view-and-validate-certificate-based-digital-signatures

https://mspoweruser.com/edge-can-now-validate-digitally-signed-pdfs/

  • Malte's avatar
    Malte
    Brass Contributor
    same issue still exists with Edge 111.0.1661.54
  • You'll note that what all those publications have in common is that they mention you still need to enable the flag to get access to the feature, which means it's very much not finished and still in development. As long as the only way to get to a feature is via its flag, it should always be considered under development and not supported, and its functionality can change at any time.
    • _LuisSilva's avatar
      _LuisSilva
      Brass Contributor
      Josh, thanks for your reply but I do not see where it helps in my question.
      Do you have the same behaviour or not?
      About the feature being in dev, that I think we all understand, but:
      1. The feature (or part off it) is publicized in the "what's new" and not in "what's in development" of the official msedge site.
      2. Even taking into account that it is in development, MSEDGE programmers exposed it to the public testing via policy (registry / gpo) and the 2 or more year old flag, nevertheless nothing happens in my case so how can I test it?
      • _LuisSilva's avatar
        _LuisSilva
        Brass Contributor
        Today with the MSEDGE update to the build 105.0.1343.25, the Certificate based signed PDFs that I had opened for testing in MSEDGE, after the update restart they started to showed the top strip stating that the PDF is digitally signed (and a new menu item appeared with the name "Digital Signature").
        But from my early tests:
        * The e-invoice certificate-based digital signed PDF (EU qualified certificate) states that all signatures are valid, but when I click in "View Signatures" or click on the menu item "Digital Signature" -> NOTHING HAPPENS 😞
        * PDF (created from a test word doc) signed with my government citizen card (smarcard eIdentity), the digital signature top strip states that some signatures could not be validated (even thou they can be validated by the Adobe Reader, and the Root /Issuer CAs are in the OS Certificate Trusts) and when I click "view signatures" there is certificate attached to the signature that I can view and do my own validation (Signature Unknown).
        * in a test e-invoice digitally signed with an advanced certificate that has validation issues (in Adobe Reader), when I click "View Signatures" it says that the Signature is invalid, but when I click the "View Certificate" -> NOTHING HAPPENS 😞
  • _LuisSilva's avatar
    _LuisSilva
    Brass Contributor

    Today lets review the MSEDGE build 107.0.1418.56 (Official build) (64-bit), with my test Certificate based signed PDFs, after several updates and restarts they continue to show the top strip stating that the PDF is digitally signed (and a new menu item appeared with the name "Digital Signature"). NOTE: There was a build (between my last post and this one) where this behavior disappeared, but then after a phew build updates it started to show again.
    My tests feedbacks:
    * [improved] The e-invoice certificate-based digital signed PDF (EU qualified certificate) states that all signatures are valid, and finally it has the same behavior as my test e-invoice below. when I click "View Signatures" it says that the Signature is "Unknown", but when I click the "View Certificate" -> NOTHING HAPPENS 😞


    * [staled] PDF (created from a test word doc) signed with my government citizen card (smarcard eIdentity with issued certs for document digital signing), the digital signature top strip states that some signatures could not be validated (even thou they can be validated by the Adobe Reader, and the Root /Issuer CAs are in the OS Certificate Trusts) and when I click "view signatures" it says that the Signature is "Unknown", in terms of certificate it says "Not available for this signature" (even thou there is a certificate attached to the signature that I can view and do my own validation in Adobe Reader).


    * [staled] in a test e-invoice digitally signed with an advanced certificate that has known validation issues (checked with Adobe Reader), when I click "View Signatures" it says that the Signature is "Invalid" that is correct, but when I click the "View Certificate" -> NOTHING HAPPENS 😞

     

    • _LuisSilva's avatar
      _LuisSilva
      Brass Contributor

      lets review the MSEDGE build 112.0.1722.58 (Official build) (64-bit), with my test Certificate based signed PDFs.

      • Current (Skia) PDF Engine: Exactly the same behavior as mentioned before
      • New (Adobe) PDF Engine: Exactly the same behavior as mentioned before BUT now when I click the "View Certificate" (where it appears, because there are some PDFs that are certificate signed but this function does not appear) -> a popup window appears with the certificate info (but nothing about why the signature is invalid or unknown, it should use the hierarchy windows trust right?)

         

      Note, I should remember that in the Adobe Acrobat Reader desktop app this certificate signature issue does not happens (I was hopping that changing to the New (Adobe) PDF Engine this issue would go away, but unfortunately it did not)

      .

Resources