In this case Acrobat Reader will indicate, for example, in the following way: Simply change a single bit of content signed to invalidate the signature. When a document is electronically signed, it can not be altered absolutely nothing signed content. Normally this can be checked because, when you close the document, Acrobat asks if we want to save the changes made to it. When Acrobat Reader opens these documents, reconstructs, and therefore alter its contents. This is the case, among others, those documents generated by scanning documents utilities as some versions of Hewlett-Packard.
Pdf signature problem pdf#
In some other questions I found that it could be a problem with transferring the byte array between the server and client, but I have checked and the values are the same, both base64 and the byte array.Acrobat Reader does some repairs on those PDF documents that are not built properly. I choose the RSASSA-PKCS1-v1_5 alg to get the signature and verify it successfully afterwards. I have checked my client side and can't find anything problematic. Usage of SignPDFHash SignPDFHash(Path.Combine(_configuration, "SignMeMightySigner.pdf"),Convert.FromBase64String(dto.base64signature), Convert.FromBase64String(dto.base64certificateValue)) Usage of GetPDFHash byte bytesToSign = GetPDFHash(Path.Combine(_configuration, "SignMeMightySigner.pdf"), Convert.FromBase64String(dto.base64certificateValue)) PdfHash = SHA256Managed.Create().ComputeHash(authenticatedAttributeBytes)
PdfHash = SHA256.Create().ComputeHash(authenticatedAttributeBytes) PdfHash = DigestAlgorithms.Digest(new MemoryStream(authenticatedAttributeBytes), messageDigest) Tried 3 different ways of hashing, with same result: Var preparedSigPdfFilePath = $" 133ĮDIT: Hashing authenticatedAttributeBytes and then returning that hash to be signed by the client. Private byte GetPDFHash(string pdfFilePath, byte certificateValue) private const string SIG_FIELD_NAME = "sigField1"
Pdf signature problem full#
Note: There is no way for me (that I know of) to do what I want in 1 step, as the signing is initiated by a client in an Electron app.Ĭlicking on Certificate details shows my full certificate details. Mkl further mentions a way to do it successfully in 2 steps, but I am missing some more explanation on how exactly to achieve that. If you check Grazina's question we can see that such an implementation is successful, when you do the process in one step. Pgkdev referred to Priyanka's question, where I found out that I am probably having issues regarding the 2-step process of signing the document in which the hash values are no longer the same. As mentioned above the client-side is straightforward with the signing process and I do not suspect any problems arising there (I am open for review of that though). On reviewing the signature in Acrobat Reader, I am presented with the dreaded document altered/corrupted, same as the OP pgkdev. I recently built on my previous implementation with the help of External signing PDF with iTextsharp (3) where I used getAuthenticatedAttributeBytes for getting the hash to be signed (as suggested by mkl). I can successfully sign the hash and verify it afterwards.
Pdf signature problem trial#
The process of signing the hash with the smart card token is pretty much straightforward with node-webcrypto-p11 at the moment (with a lot of trial and error needed to get here). The signature is then sent back to the server for attaching into the PDF file using iTextSharp. The client then signs the given hash using a private key obtained from a smart card through a PKCS#11 interface.
The goal is to implement a PDF signing process in which the server (.NET Core service) provides the hash to be signed to the client on request (Electron).
0 kommentar(er)
