We have become aware that some correct QES signatures of our partners are not correctly interpreted and thus validated by the Validator of Switzerland (https://validator.ch). These are inserted visual signature fields that lead to a high nesting depth in the signature object. The problem has been addressed at the responsible office of the validator and cannot be traced back to errors at the partner or even Swisscom Trust Services in the issuing process. Thus, valid signatures are incorrectly displayed as "invalid" (red cross). UPDATE: the high nesting depth, which could possibly lead to problems, was not identified as a problem with any of our partners. In this respect, in the case of negative feedback, there may actually be errors in the composition of the signed hashes in the PDF. These must be evaluated with the provider of the signature application. UPDATE 24-03-2023: a detailed analysis of the problem has revealed the following: The Swiss Confederation's new validator was introduced at the beginning of 2022. In addition to the certificates and the signature, the new validator also checks the structure of a signed document. Further explanations on the validation process can be found under the following link:
The Validator (admin.ch) Excerpt from the description of the validation process:
"The processing of the document by the validator is limited to the calculation of the cryptographic hash value of the document, as well as the extraction of the signatures contained in the document with the attached certificates. The validator then checks for each electronic signature present in the document,
- whether the hash value matches the signature,
- whether the time stamp is valid (if a time stamp is required for this type of signature),
- whether the certificate contained in the signature was valid at the time of the signature,
- whether the certificate corresponds to the document type automatically determined by the logic of the validator
- whether the document has been modified since it was electronically signed (and whether the electronic signature has been "broken" as a result)."
In the last point of the check, the PDF document is checked for changes. Unfortunately, a change in the PDF document is not always due to a change in content. Annotations are often inserted into the PDF document by the signature platforms, which do not represent a change in content. Despite the complex validation logic, the validator often shows such annotations as a change in the validated PDF document. It is important to understand that despite the negative validation, the signature is not really invalid in every case. In most cases, as shown above, the signatures are still valid.