Error during signature verification. Signature contains incorrect, unrecognized, corrupted or suspicious data. Support Information: SigDict /Contents illegal data

@Keshav_pki @Ravinder5FC4 @kadobe @vladan saveljic @Bernd Alheit @YatharthS 

Does anyone help me with this issue. If there is a solution already?

I have a signed PDF document along with Time-stamp and DSS. But when opened in Adobe reader, Signature is not valid and have the following error:

Signature contains incorrect, unrecognized, corrupted or suspicious data. Support Information: SigDict /Contents illegal data

I verified the Signature Field /Annot dictionary it seems normal. /Annot references a Signature dictionary via its /V field. And the Signature dictionary has /Type /Sig which constains all the mandatory fields.

Please share a representative example PDF for your issue.
There are multiple reasons for that message; as it says itself, it's probably merely something unknown to Adobe (e.g. EC signatures with brainpool curves) while other validation services may know these details and can validate without an issue.

@MikelKlink Thanks for asking details and trying to help. Unfortunaetly, I couldn't re-create a PDF document with the same issue and I am not allowed to share the original document as it is a confidential data.

Despite this, would you like to suggest some investigative methods that I can try to find the root cause? 

Many thanks.

As mentioned above, very many reasons are possible, so if you cannot share the document in question here, you should contact someone knowledgeable in respect to integrated PDF signatures and present the document to them (under a NDA) for analysis.

Ok thanks for your suggestions. 

Can you pls suggest other validation services pls!! it would be of great help.

Can you pls suggest other validation services pls!! it would be of great help.

Suggesting other validation services makes only sense after inspecting the signed PDF in which Adobe Acrobat sees "illegal data".

Thus, please share an representative example of your problem PDFs for analysis. Depending on the analysis result, a suggestion may be possible.

Can you name a public website that verifies the signature OK, so we can try it and compare?

for example, https://validator.docusign.com/

Your PDF including your signature is broken in a number of ways:

First of all a number of offsets are incorrect:

• The startxref entry at the end claims that the cross reference table is located at position 20305. This obviously is wrong, the file is only 15446 bytes long.
• Most entries in the incremental update cross reference table are beyond 19000, i.e. also obviously wrong.
• The signed byte ranges are claimed to be 3304 bytes starting at offset 0 and 850 bytes starting at offset 19690; the second range again is obviously wrong.

I would assume that the signature creator originally indeed reserved a placeholder from offset 3304 to 19690 for the signature, but when injecting the signature replaced that whole placeholder by the shorter signature container.

Then the embedded signature container is weird as it has embedded the actual signed bytes of the PDF. This is incorrect, the embedded signature container shall not contain the signed data.

I enlarged the placeholder again to the claimed size, and indeed the offsets are corrected, see the attached file. Adobe Reader is slightly more happy with this, at least it parses the signature container. But it in particular recognizes that the self-signed signer certificate contained in it is broken, its signature value is kaputt. Thus, it still (correctly) tells you that your signature is invalid.

It actually is a bad sign docusign that their https://validator.docusign.com/ does not show any of these errors. Thanks for demonstrating how bad that validator is.

@Lana2287583331qf 

Hello, is there any sloution? My file freezes so much 😞

As @Keshav_pki, @Ravinder5FC4, and @Red5E0F could not share example documents, there was no solution for them.

In @rossi.nicolas' case his file simply was completely broken (and apparently broken by a signing software that worked incorrectly), so the solution there was to sign using an application that does sign correctly.

As long as you don't share an example PDF that's representative for your issue, you're unlikely to find any analysis let alone solution here.

Hi @MikelKlink , today that issue was solved. Now we are using Fortifyapp client to read token information and make the digital signature using node-signpdf libary to sign the document and we are having another problem in the process. If we try to sign a pdf that was signed previously with Acrobat for example and after that we use node-signpdf we have a diferent /type/sig section. The sign made by acrobat have a format like this:

<</Coments

Filter/Adobe.PPKLite/Type/Sig/ByteRange [0 177162 207164 1458 ]

>>

and the sign made by node-signpdf have in the first place Type/sig/byterange and after that de Comments.

We are using the addplainplaceholder of node-signpdf to make that section.

Summary, the pdf document that supposedly has two digital signature inside, just verify the last one when i open it in Acrobat reader soft.

TIA.

Now we ... make the digital signature using node-signpdf libary to sign the document and we are having another problem in the process. If we try to sign a pdf that was signed previously with Acrobat for example and after that we use node-signpdf we have a diferent /type/sig section. ...

I don't really understand the issue:

• Are the entries of your new signature dictionary in another order than those of the old signature? That would be harmless, as long as name/value pairs remain together, the order of the pairs is arbitrary.
• Or has the dictionary of the old signature changed, too? That indeed would be bad, the whole original PDF must remain unchanged in the new one.

Unfortunately I don't know node-sign at all, so I cannot tell you how to use it. Just make sure that it adds the new signature in an incremental update of the PDF, at least if there already are signatures in the PDF.

There are some errors in your signed PDF:

• The ByteRange entry is incorrect. For signatures in general the signed byte ranges should be exactly the whole signed revision except the value of the signature Contents key, and for PAdES signatures they must be - and Adobe Acrobat only accepts signatures with byte ranges of that kind. Your signed ranges are a bit off, though:
  

  ...

  

  The Contents value starts at 0x3521 = 13601 but according to your ByteRange value it should start at 13589. Similarly it ends at 0x40db = 16603 but it should end at 16591.

• Your signed attributes are not properly DER encoded:
  

  The algorithm SHA256 is the DEFAULT value of the signingCertificateV2 attribute. Thus, it must be left out of the DER encoding.

(There might be more issues but these two lept to the eye.)

Adobe Acrobat is very sensitive in regard to the ByteRange value but probably not in regard to the DER encoding. Other validators, though, may also insist on proper DER encoding.

I understand and I fix the ByteRange but is still not been verified by Adobe, I update the PDF file.

Please take a look at the details of the signature properties:

"The dopcument has not been modified since the signature was applied." Thus, the signature now mathematically is ok (except for the non-DER encoding of the signingCertificateV2 attribute; as mentioned above, though, Adobe is quite lax in this regard). The remaining problem is your certificate, it is not meant for creating document signatures:

As you can see its Key usage is "Sign CRL, Sign Certificate (CA)" which are values apropriate for root or intermediate certificate authority certificates but not for end user certificates that are meant to sign documents (PDFs, e-mails, whatnots).

You may want to take a look here: If your certificate has a key usage extension, it must contain "nonRepudiation" or "digitalSignature" among its values.

Thank you I've already resolved it, I will just update with the final PDF just in case it could help someone. 

Another question, I'm trying now to generate a multisignature by signing again the PDF, but we are using a library that when builds the incremental document it changes the references and so the original bytes (https://crates.io/crates/lopdf) in rust. Do you now any documentation or reference or library to correctly do the multisignature ?