DigiDoc3 client - Error 162: Failed to validate signature / libdigidoc code: 162 message: Signers cert does not have non-repudiation bit set!
Since version 3.6 of the ID-card software the signature may be displayed as invalid in the DigiDoc3 client and the following error message is visible under the “See details" section: libdigidoc code: 162 message: Signers cert does not have non-repudiation bit set!
This document does not involve a digital signature in the meaning of the Digital Signatures Act of Estonia. A valid digital signature must be issued with a certificate which should include the application field Non-repudiation.
- If you have received such a file then let the sender know that the file was defective.
- If you are the author of such a file then recreate the digitally signed file and make sure that your PIN2 number is asked upon issuing the digital signature. If the signature was issued in the information system of your company then inform the system administrator.
Earlier versions of the Digidoc client, the SK Digidoc Client or other environments providing the signature verification functionality may erroneously declare the signature valid but it is not a legal signature in the meaning of the Digital Signatures Act.
Several significant security improvements were made in version 3.6 of the software, affecting the verification of signatures. Additional validations have been added, for example the validation of the application field of the key specified in the annexed certificate upon verification of the signature.
Such defective digitally signed files can occur if the application uses a library that does not contain validations of whether the signature is issued with the correct certificate role. One of the most common situations is when the application fails to check which certificate is used for the signing – the authentication or the signing certificate.
Additional information about the libraries is available at http://id.ee/?id=30290