While digitally signing a PDF document in Acrobat DC or Acrobat Reader DC, you may see the following warning message:
Background: SHA256 has been the default hashing algorithm in Acrobat since version 9.1. However, in some cases, for example if the signature device (like a smart card or USB token) or its driver doesn’t support SHA256 hashing, to prevent failure while creating the signature, Acrobat or Reader will fall back to use SHA1.
Recently, researchers have succeeded in generating collisions with the SHA1 hash algorithm when applied to digital signatures. This means that, under certain conditions, it might be possible to generate a digital signature based on SHA1 hash which would not be unique to a document, but it might be valid also when applied to different documents.
What has changed in Acrobat DC and Acrobat Reader DC (2017.009.20044): With Acrobat DC and Acrobat Reader DC release 2017.009.20044, Adobe is warning users against using the deprecated SHA1 hash algorithm for digital signatures. The user can continue to sign using SHA1 although this is not recommended as SHA1 is considered deprecated industry wide.
There are multiple solutions to prevent this warning dialog, based on specific situations:
- Adobe strongly recommends checking with your signature device or driver manufacturer to get a newer device or driver that supports the default SHA256 or stronger hash algorithms.
- If the requested hash algorithm is not supported by the signature device, then the user can select the “Don’t show again” checkbox and click on Continue to sign with SHA1. The next time this dialog would not show up.
- Acrobat may have been previously set to use SHA1 instead of default SHA256 hashing. The user can delete the setting key aSignHash or set it to SHA256 as described on this page.
- In case the use of SHA1 algorithm depends on the presence of a “Seed Value” applied to an existing signature field in a PDF document (see this page), then the user can request the author of the document to update it to support SHA256 or other stronger hash algorithms, unless SHA1 is strictly necessary.