AdobeAcrobatForms

From LiluxWiki
Revision as of 21:43, 18 May 2024 by AlainKnaff (talk | contribs) (In 2024, PPKLite.api needs to be hidden too)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Message d'erreur déclaration impôts 2022

Filling out PDF forms using Adobe Reader / Luxembourgish tax declaration

The problem

Since January 9th, 2023, when attempting to fill out forms in Adobe Acrobat Reader (such as the Luxembourgish tax declaration), you get the following error message:

 This document enabled extended features in Adobe Reader. The use of the extended
 features has expired.
 Please ask the document author for the latest version of the document.

or

 This document enabled extended features in Adobe Reader. The document has been
 changed since it was created and use of extended features is no longer available.
 Please contact the author for the original version of this document.

This is due to the Adobe root certificate used for document signing having expired. Adobe apparently did make available an updated certificate at the following page: Adobe Root CA G2 Certificate. The needed certificate can be downloaded from near the bottom of the page, it is called Adobe_Root_CA_G2.txt

However, importing this into Adobe reader, using Document->ManageTrustedIdentities->AddContacts does not work. The new certificate does show up in the trust store, but form documents still cannot be filled in.

The solution

It turns out that Adobe Reader does the signature verification using a plugin that is shipped with the product. Removing (or renaming) the plugin file disables signature verification and allows all forms:

 rm /opt/Adobe/Reader9/Reader/intellinux/plug_ins/DigSig.api

N.B. In 2024, PPKLite.api needs to be removed (or hidden) too.

A safer solution

The downside of the simple solution above is that you are no longer protected against other PDF documents downloaded from the internet that you might inadvertantly open using Acrobat reader. As a safer solution, attached here is a wrapper that hides the DigSig.api using an LD_PRELOAD shared object, for just its own execution. The result is that you can fill out forms when invoking the wrapper explicitly (using the command acroread-noDigSig ), but signature verification still happens when invoking acroread the normal way.

Debian package: File:Acroread-form-wrap 1.1 amd64.deb

Source: File:Acroread-form-wrap.tar