![]() ![]() ![]() When the SubFilter value is, the value of Contents shall be a DER-encoded CMS SignedData binary data object containing the signature. ![]() This subtype is specified as: 12.8.3.4.2 Signature dictionary for PAdES signatures You chose to switch to the subtype : external = new ExternalBlankSignatureContainer(PdfName.ADOBE_PPKLITE, PdfName.ETSI_CADES_DETACHED) Furthermore, this subtype is deprecated, so there is even more cause to switch. (ISO 32000-2 section 12.8.3.3 "CMS (PKCS #7) signatures")Īs SHA1 in this subtype is used without alternative, you must use a different subtype when replacing SHA1 by SHA256. To support backward compatibility, PDF readers should process this value for this key, but PDF writers shall not use this value. The value 1 for the SubFilter key has been deprecated with PDF 2.0. The digest of that SignedData shall be incorporated as the normal CMS digest. The SHA1 digest of the document’s byte range shall be encapsulated in the CMS SignedData field with ContentInfo of type Data. You used to generate PDF signatures of subtype 1: external = new ExternalBlankSignatureContainer(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_SHA1) In your switch away from SHA1 usage you change the type and, therefore, not only have to replace SHA1 by SHA256 everywhere, you also have to generate your signature containers differently. There are different sub-types of PDF signatures which have different requirements on the signature to embed. I research all related entries but I did not get any result to handle this problem. Result = SHA1Managed.Create().ComputeHash(appearance.GetRangeStream()) ĮDIT: Signed PDF - Invalid signature with SHA256 IExternalSignatureContainer external = new ExternalBlankSignatureContainer(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_SHA1) public byte GetHashToSign(byte unsignedPdfBytes, out string signatureFieldName, out byte tempFile) Here is the method i used to calculate hash with SHA-1 on the server. Acrobat Reader verifies the signature as follows. On the other hand, when i use the SHA-1, i did not get any error. MakeSignature.SignDeferred(pdfReader, signatureFieldName, os, external) IExternalSignatureContainer external = new MyExternalSignatureContainer(signedBytes) Using (FileStream os = File.OpenWrite(signedPdfPath)) Using (PdfReader pdfReader = new PdfReader(tempPdfBytes)) public void EmbedSignature(byte tempPdfBytes, string signatureFieldName, byte signedBytes, string signedPdfPath) Here is the method i used to embed signed hash. Result = SHA256Managed.Create().ComputeHash(appearance.GetRangeStream()) Īfter the client signs the given hash, i embed signed hash to pdf on the server. MakeSignature.SignExternalContainer(appearance, external, 30000) SignatureFieldName = appearance.FieldName PdfSignatureAppearance appearance = stamper.SignatureAppearance PdfStamper stamper = PdfStamper.CreateSignature(reader, stream, '\0') IExternalSignatureContainer external = new ExternalBlankSignatureContainer(PdfName.ADOBE_PPKLITE, PdfName.ETSI_CADES_DETACHED) Using (MemoryStream stream = new MemoryStream()) Using (PdfReader reader = new PdfReader(unsignedPdfBytes)) Here is the method i used to calculate hash on the server. On reviewing the signature in Acrobat Reader, it gives me the error "The document has been altered or corrupted since the signature was applied". The signature is then sent back to the server for attaching into the PDF file using iTextSharp 5.5.4. The client then signs the given hash using a private key obtained from a smart card through a PKCS#11 interface. The goal is to implement a PDF signing process in which the server provides the hash to be signed to the client on request. ![]()
0 Comments
Leave a Reply. |