Error during signature verification. Signature contains incorrect, unrecognized, corrupted or suspicious data. Support Information: SigDict /Contents illegal data

@Keshav_pki @Ravinder5FC4 @kadobe @vladan saveljic @Bernd Alheit @YatharthS 

Does anyone help me with this issue. If there is a solution already?

I have a signed PDF document along with Time-stamp and DSS. But when opened in Adobe reader, Signature is not valid and have the following error:

Signature contains incorrect, unrecognized, corrupted or suspicious data. Support Information: SigDict /Contents illegal data

I verified the Signature Field /Annot dictionary it seems normal. /Annot references a Signature dictionary via its /V field. And the Signature dictionary has /Type /Sig which constains all the mandatory fields.

Please share a representative example PDF for your issue.
There are multiple reasons for that message; as it says itself, it's probably merely something unknown to Adobe (e.g. EC signatures with brainpool curves) while other validation services may know these details and can validate without an issue.

@MikelKlink Thanks for asking details and trying to help. Unfortunaetly, I couldn't re-create a PDF document with the same issue and I am not allowed to share the original document as it is a confidential data.

Despite this, would you like to suggest some investigative methods that I can try to find the root cause? 

Many thanks.

As mentioned above, very many reasons are possible, so if you cannot share the document in question here, you should contact someone knowledgeable in respect to integrated PDF signatures and present the document to them (under a NDA) for analysis.

Ok thanks for your suggestions. 

Can you pls suggest other validation services pls!! it would be of great help.

Can you pls suggest other validation services pls!! it would be of great help.

Suggesting other validation services makes only sense after inspecting the signed PDF in which Adobe Acrobat sees "illegal data".

Thus, please share an representative example of your problem PDFs for analysis. Depending on the analysis result, a suggestion may be possible.

Can you name a public website that verifies the signature OK, so we can try it and compare?

for example, https://validator.docusign.com/

Your PDF including your signature is broken in a number of ways:

First of all a number of offsets are incorrect:

• The startxref entry at the end claims that the cross reference table is located at position 20305. This obviously is wrong, the file is only 15446 bytes long.
• Most entries in the incremental update cross reference table are beyond 19000, i.e. also obviously wrong.
• The signed byte ranges are claimed to be 3304 bytes starting at offset 0 and 850 bytes starting at offset 19690; the second range again is obviously wrong.

I would assume that the signature creator originally indeed reserved a placeholder from offset 3304 to 19690 for the signature, but when injecting the signature replaced that whole placeholder by the shorter signature container.

Then the embedded signature container is weird as it has embedded the actual signed bytes of the PDF. This is incorrect, the embedded signature container shall not contain the signed data.

I enlarged the placeholder again to the claimed size, and indeed the offsets are corrected, see the attached file. Adobe Reader is slightly more happy with this, at least it parses the signature container. But it in particular recognizes that the self-signed signer certificate contained in it is broken, its signature value is kaputt. Thus, it still (correctly) tells you that your signature is invalid.

It actually is a bad sign docusign that their https://validator.docusign.com/ does not show any of these errors. Thanks for demonstrating how bad that validator is.

@Lana2287583331qf 

Hello, is there any sloution? My file freezes so much 😞

As @Keshav_pki, @Ravinder5FC4, and @Red5E0F could not share example documents, there was no solution for them.

In @rossi.nicolas' case his file simply was completely broken (and apparently broken by a signing software that worked incorrectly), so the solution there was to sign using an application that does sign correctly.

As long as you don't share an example PDF that's representative for your issue, you're unlikely to find any analysis let alone solution here.

Hi @MikelKlink , today that issue was solved. Now we are using Fortifyapp client to read token information and make the digital signature using node-signpdf libary to sign the document and we are having another problem in the process. If we try to sign a pdf that was signed previously with Acrobat for example and after that we use node-signpdf we have a diferent /type/sig section. The sign made by acrobat have a format like this:

<</Coments

Filter/Adobe.PPKLite/Type/Sig/ByteRange [0 177162 207164 1458 ]

>>

and the sign made by node-signpdf have in the first place Type/sig/byterange and after that de Comments.

We are using the addplainplaceholder of node-signpdf to make that section.

Summary, the pdf document that supposedly has two digital signature inside, just verify the last one when i open it in Acrobat reader soft.

TIA.

Now we ... make the digital signature using node-signpdf libary to sign the document and we are having another problem in the process. If we try to sign a pdf that was signed previously with Acrobat for example and after that we use node-signpdf we have a diferent /type/sig section. ...

I don't really understand the issue:

• Are the entries of your new signature dictionary in another order than those of the old signature? That would be harmless, as long as name/value pairs remain together, the order of the pairs is arbitrary.
• Or has the dictionary of the old signature changed, too? That indeed would be bad, the whole original PDF must remain unchanged in the new one.

Unfortunately I don't know node-sign at all, so I cannot tell you how to use it. Just make sure that it adds the new signature in an incremental update of the PDF, at least if there already are signatures in the PDF.