cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
1
Upvote

Issue validating signatures

rafaeln88263720
New Here ,
Jul 25, 2019 Jul 25, 2019

Copy link to clipboard

Copied

Hello,

I am having an issue validating some signatures while using Adobe Acrobat Reader.

I have a digitaly signed pdf document that appears as invalid on Acrobat Reader DC but appears as valid both in iText and FoxitReader.

When I open the file in Adobe Reader DC and validate the signature i get this message:

Error during signature verification. 

Error encountered while validating: 

Error encountered while BER decoding:

When I try to access the certificates by clicking "Certificate Details" nothing happens.

On the other side, whenever I validate the signature with either FoxitReader or iText the signature appears as valid and I can access the certificate chain used for the signature.

The certificate is not a "signing certificate" (e.g.  Certificate doesn't have the "non-repudiation" or "digitalSignature" Key usages), which we purposely ignore for this signature. Also Acrobat Reader would give a diferent error if such was the only problem.

Additionaly, if I corrupt the hash used in the signature (with the same certificate), i get to access the certificate chain in the document  with Adobe ReaderDC, even though i get the error stating that the signature has been corrupted or modified.

The documents are:

signed and no corrupted hash

https://novabase-my.sharepoint.com/:b:/g/personal/nb23287_novabase_pt/Ec9xaPs_D5lDgq5r0CW7qIIB1pPigS...

signed and with corrupted hash

https://novabase-my.sharepoint.com/:b:/g/personal/nb23287_novabase_pt/EfF73zifP6JOhDSog3cF_M0BiWIQuG...

Would appreciate any help on understanding why this happens.

Thanks in advance,

Views

8.5K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

rafaeln88263720
New Here , Aug 19, 2019 Aug 19, 2019

It is now solved, the signable hash had to be "wrapped on a digestinfo object" (https://people.eecs.berkeley.edu/~jonah/bc/org/bouncycastle/asn1/x509/DigestInfo.html) before signing it.

Votes

Translate

Translate
replies 4 Replies 4
latest latest Jump to latest reply
rafaeln88263720
New Here ,
Aug 19, 2019 Aug 19, 2019

Copy link to clipboard

Copied

It is now solved, the signable hash had to be "wrapped on a digestinfo object" (https://people.eecs.berkeley.edu/~jonah/bc/org/bouncycastle/asn1/x509/DigestInfo.html) before signing it.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
lwnh
Community Beginner ,
Apr 05, 2021 Apr 05, 2021

Copy link to clipboard

Copied

In Response To rafaeln88263720

Hi Rafael. I am facing the same problem, but I don't understand exactly what and where the DigestInfo should be used. Would you mind give a few more details? I'd appreciate it so much.

 

Best regards.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
rafaeln81681232
New Here ,
Dec 18, 2023 Dec 18, 2023

Copy link to clipboard

Copied

In Response To lwnh

Hello I am really sorry for not having noticed your reply.
I know It is an old thread but I got a notification and will reply here for other people that might search for this in the future.

//bytes is a byte[] containing the data from the PDF needed to be signed 
byte[] hash = MessageDigest.getInstance("SHA256", "BC").digest(bytes);
DigestInfo digestInfo2 = new DigestInfo(new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256), hash);
hash = digestInfo2.getEncoded(ASN1Encoding.DER);
//hash is then sent to a third party and comes signed.
//The signed hash is then incorporated into the pre-prepared PDF file as one would normally do during a signature

 
Before I would just send the results of "MessageDigest.getInstance("SHA256", "BC").digest(hash);" to be signed and that was giving the error I described in the thread.
By adding the "DigestInfo" part I was then able to sign using third parties and  get that sweet green Adobe validation checkmark (or yellow depending on the service's certificate).

Once again I am really sorry I have only noticed your question more than two years after.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
lwnh
Community Beginner ,
Dec 18, 2023 Dec 18, 2023

Copy link to clipboard

Copied

LATEST
In Response To rafaeln81681232

Hi:

 

No problem at all. Finally we managed to solve the problem too.

 

Best regards

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
About Acrobat Reader
About Acrobat Reader
Reader Help
Acrobat Reader Help
FAQs
Download Offline installer
Extract .msi installer
About Reader Customization
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices