Skip to main content
rafaeln88263720
rafaeln88263720
Participant
July 25, 2019
해결됨

Issue validating signatures

  • July 25, 2019
  • 1 답변
  • 11912 조회

Hello,

I am having an issue validating some signatures while using Adobe Acrobat Reader.

I have a digitaly signed pdf document that appears as invalid on Acrobat Reader DC but appears as valid both in iText and FoxitReader.

When I open the file in Adobe Reader DC and validate the signature i get this message:

Error during signature verification. 

Error encountered while validating: 

Error encountered while BER decoding:

When I try to access the certificates by clicking "Certificate Details" nothing happens.

On the other side, whenever I validate the signature with either FoxitReader or iText the signature appears as valid and I can access the certificate chain used for the signature.

The certificate is not a "signing certificate" (e.g.  Certificate doesn't have the "non-repudiation" or "digitalSignature" Key usages), which we purposely ignore for this signature. Also Acrobat Reader would give a diferent error if such was the only problem.

Additionaly, if I corrupt the hash used in the signature (with the same certificate), i get to access the certificate chain in the document  with Adobe ReaderDC, even though i get the error stating that the signature has been corrupted or modified.

The documents are:

signed and no corrupted hash

https://novabase-my.sharepoint.com/:b:/g/personal/nb23287_novabase_pt/Ec9xaPs_D5lDgq5r0CW7qIIB1pPigSeLyzVgNyj0FPv8QA?e=H…

signed and with corrupted hash

https://novabase-my.sharepoint.com/:b:/g/personal/nb23287_novabase_pt/EfF73zifP6JOhDSog3cF_M0BiWIQuGNvd1CBn8enpiLsoA?e=J…

Would appreciate any help on understanding why this happens.

Thanks in advance,

    이 주제는 답변이 닫혔습니다.
    최고의 답변: rafaeln88263720

    It is now solved, the signable hash had to be "wrapped on a digestinfo object" (https://people.eecs.berkeley.edu/~jonah/bc/org/bouncycastle/asn1/x509/DigestInfo.html) before signing it.

    1 답변

    rafaeln88263720
    rafaeln88263720작성자답변
    Participant
    August 19, 2019

    It is now solved, the signable hash had to be "wrapped on a digestinfo object" (https://people.eecs.berkeley.edu/~jonah/bc/org/bouncycastle/asn1/x509/DigestInfo.html) before signing it.

    L
    lwnh
    Participant
    April 5, 2021

    Hi Rafael. I am facing the same problem, but I don't understand exactly what and where the DigestInfo should be used. Would you mind give a few more details? I'd appreciate it so much.

     

    Best regards.

      R
      rafaeln81681232
      Participant
      December 18, 2023

      Hello I am really sorry for not having noticed your reply.
      I know It is an old thread but I got a notification and will reply here for other people that might search for this in the future.

      //bytes is a byte[] containing the data from the PDF needed to be signed 
byte[] hash = MessageDigest.getInstance("SHA256", "BC").digest(bytes);
DigestInfo digestInfo2 = new DigestInfo(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256), hash);
hash = digestInfo2.getEncoded(ASN1Encoding.DER);
//hash is then sent to a third party and comes signed.
//The signed hash is then incorporated into the pre-prepared PDF file as one would normally do during a signature

       
      Before I would just send the results of "MessageDigest.getInstance("SHA256", "BC").digest(hash);" to be signed and that was giving the error I described in the thread.
      By adding the "      DigestInfo" part I was then able to sign using third parties and  get that sweet green Adobe validation checkmark (or yellow depending on the service's certificate).

      Once again I am really sorry I have only noticed your question more than two years after.

      약관 및 조건Accessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices