Difference between revisions of "AdobeAcrobatForms"
AlainKnaff (talk | contribs) |
AlainKnaff (talk | contribs) (In 2024, PPKLite.api needs to be hidden too) |
||
| Line 27: | Line 27: | ||
<code>rm /opt/Adobe/Reader9/Reader/intellinux/plug_ins/DigSig.api</code> | <code>rm /opt/Adobe/Reader9/Reader/intellinux/plug_ins/DigSig.api</code> | ||
| + | N.B. In 2024, <code>PPKLite.api</code> needs to be removed (or hidden) too. | ||
=== A safer solution === | === A safer solution === | ||
| Line 32: | Line 33: | ||
The downside of the simple solution above is that you are no longer protected against other PDF documents downloaded from the internet that you might inadvertantly open using Acrobat reader. As a safer solution, attached here is a wrapper that hides the DigSig.api using an LD_PRELOAD shared object, for just its own execution. The result is that you can fill out forms when invoking the wrapper explicitly (using the command <code>acroread-noDigSig</code> ), but signature verification still happens when invoking acroread the normal way. | The downside of the simple solution above is that you are no longer protected against other PDF documents downloaded from the internet that you might inadvertantly open using Acrobat reader. As a safer solution, attached here is a wrapper that hides the DigSig.api using an LD_PRELOAD shared object, for just its own execution. The result is that you can fill out forms when invoking the wrapper explicitly (using the command <code>acroread-noDigSig</code> ), but signature verification still happens when invoking acroread the normal way. | ||
| − | Debian package: [[File:Acroread-form-wrap_1. | + | Debian package: [[File:Acroread-form-wrap_1.1_amd64.deb]] |
Source: [[File:Acroread-form-wrap.tar]] | Source: [[File:Acroread-form-wrap.tar]] | ||
Latest revision as of 21:43, 18 May 2024
Filling out PDF forms using Adobe Reader / Luxembourgish tax declaration
The problem
Since January 9th, 2023, when attempting to fill out forms in Adobe Acrobat Reader (such as the Luxembourgish tax declaration), you get the following error message:
This document enabled extended features in Adobe Reader. The use of the extended features has expired. Please ask the document author for the latest version of the document.
or
This document enabled extended features in Adobe Reader. The document has been changed since it was created and use of extended features is no longer available. Please contact the author for the original version of this document.
This is due to the Adobe root certificate used for document signing having expired. Adobe apparently did make available an updated certificate at the following page: Adobe Root CA G2 Certificate. The needed certificate can be downloaded from near the bottom of the page, it is called Adobe_Root_CA_G2.txt
However, importing this into Adobe reader, using Document->ManageTrustedIdentities->AddContacts does not work. The new certificate does show up in the trust store, but form documents still cannot be filled in.
The solution
It turns out that Adobe Reader does the signature verification using a plugin that is shipped with the product. Removing (or renaming) the plugin file disables signature verification and allows all forms:
rm /opt/Adobe/Reader9/Reader/intellinux/plug_ins/DigSig.api
N.B. In 2024, PPKLite.api needs to be removed (or hidden) too.
A safer solution
The downside of the simple solution above is that you are no longer protected against other PDF documents downloaded from the internet that you might inadvertantly open using Acrobat reader. As a safer solution, attached here is a wrapper that hides the DigSig.api using an LD_PRELOAD shared object, for just its own execution. The result is that you can fill out forms when invoking the wrapper explicitly (using the command acroread-noDigSig ), but signature verification still happens when invoking acroread the normal way.
Debian package: File:Acroread-form-wrap 1.1 amd64.deb
Source: File:Acroread-form-wrap.tar
