Skip to main content
rafaeln88263720
rafaeln88263720
Participant
July 25, 2019
Answered

Issue validating signatures

  • July 25, 2019
  • 1 reply
  • 11912 views

Hello,

I am having an issue validating some signatures while using Adobe Acrobat Reader.

I have a digitaly signed pdf document that appears as invalid on Acrobat Reader DC but appears as valid both in iText and FoxitReader.

When I open the file in Adobe Reader DC and validate the signature i get this message:

Error during signature verification. 

Error encountered while validating: 

Error encountered while BER decoding:

When I try to access the certificates by clicking "Certificate Details" nothing happens.

On the other side, whenever I validate the signature with either FoxitReader or iText the signature appears as valid and I can access the certificate chain used for the signature.

The certificate is not a "signing certificate" (e.g.  Certificate doesn't have the "non-repudiation" or "digitalSignature" Key usages), which we purposely ignore for this signature. Also Acrobat Reader would give a diferent error if such was the only problem.

Additionaly, if I corrupt the hash used in the signature (with the same certificate), i get to access the certificate chain in the document  with Adobe ReaderDC, even though i get the error stating that the signature has been corrupted or modified.

The documents are:

signed and no corrupted hash

https://novabase-my.sharepoint.com/:b:/g/personal/nb23287_novabase_pt/Ec9xaPs_D5lDgq5r0CW7qIIB1pPigSeLyzVgNyj0FPv8QA?e=H…

signed and with corrupted hash

https://novabase-my.sharepoint.com/:b:/g/personal/nb23287_novabase_pt/EfF73zifP6JOhDSog3cF_M0BiWIQuGNvd1CBn8enpiLsoA?e=J…

Would appreciate any help on understanding why this happens.

Thanks in advance,

    This topic has been closed for replies.
    Correct answer rafaeln88263720

    It is now solved, the signable hash had to be "wrapped on a digestinfo object" (https://people.eecs.berkeley.edu/~jonah/bc/org/bouncycastle/asn1/x509/DigestInfo.html) before signing it.

    1 reply

    rafaeln88263720
    rafaeln88263720AuthorCorrect answer
    Participant
    August 19, 2019

    It is now solved, the signable hash had to be "wrapped on a digestinfo object" (https://people.eecs.berkeley.edu/~jonah/bc/org/bouncycastle/asn1/x509/DigestInfo.html) before signing it.

    L
    lwnh
    Participant
    April 5, 2021

    Hi Rafael. I am facing the same problem, but I don't understand exactly what and where the DigestInfo should be used. Would you mind give a few more details? I'd appreciate it so much.

     

    Best regards.

      R
      rafaeln81681232
      Participant
      December 18, 2023

      Hello I am really sorry for not having noticed your reply.
      I know It is an old thread but I got a notification and will reply here for other people that might search for this in the future.

      //bytes is a byte[] containing the data from the PDF needed to be signed 
byte[] hash = MessageDigest.getInstance("SHA256", "BC").digest(bytes);
DigestInfo digestInfo2 = new DigestInfo(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256), hash);
hash = digestInfo2.getEncoded(ASN1Encoding.DER);
//hash is then sent to a third party and comes signed.
//The signed hash is then incorporated into the pre-prepared PDF file as one would normally do during a signature

       
      Before I would just send the results of "MessageDigest.getInstance("SHA256", "BC").digest(hash);" to be signed and that was giving the error I described in the thread.
      By adding the "      DigestInfo" part I was then able to sign using third parties and  get that sweet green Adobe validation checkmark (or yellow depending on the service's certificate).

      Once again I am really sorry I have only noticed your question more than two years after.

      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices