PDF signature generated PDF document certification invalid? (using external signature, web-eid, HSM)
I have a service that signs the data and provides me with a signed hash, it generates PKCS # 7 DigestInfo correctly as stated in rfc2315 # section-9.4
Something like that 
Code for the above system: https://pastebin.com/b3qZH6xW
//prepare signature
PDSignature signature = new PDSignature();
signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
signature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);
signature.setName("Ankit");
signature.setLocation("Bhopal, IN");
signature.setReason("Testing");
// TODO extract the above details from the signing certificate? Reason as a parameter?
// the signing date, needed for valid signature
signature.setSignDate(Calendar.getInstance());
if (accessPermissions == 0)
{
setMDPPermission(document, signature, 3);
}
FileOutputStream fos = new FileOutputStream(new File("signed_file.pdf"));
DetachedPkcs7 detachedPkcs7 = new DetachedPkcs7();
//populate signature options for visible signature. if any.
SignatureOptions signatureOptions = null;
document.addSignature(signature);
ExternalSigningSupport externalSigning = document.saveIncrementalForExternalSigning(fos);
InputStream dataToSign = externalSigning.getContent();
byte[] cmsSignature = detachedPkcs7.sign(dataToSign);
externalSigning.setSignature(cmsSignature);
The workflow is something like this
- Grab the original PDF
- add the signature dictionary and get the hash
- send the hash to the client
- Wait for the data in the standard input.
- Wait for the client to send the signed hash, this data will then be sent to the suspended program, that is, the data is sent to the standard input of the program
- add CMS. :)
I don't know why the PDF generated using this process has a signature shown as invalid.
source to share
There are at least two issues or communication with the client:
Invalid assumed hash algorithm in DigestInfo structure
The signature value returned by the client when decrypting using the public key of the subscriber's certificate contains this structure DigestInfo
:
0 81: SEQUENCE {
2 13: SEQUENCE {
4 9: OBJECT IDENTIFIER sha-512 (2 16 840 1 101 3 4 2 3)
15 0: NULL
: }
17 64: OCTET STRING
: '413140d54372f9baf481d4c54e2d5c7bcf28fd6087000280'
: 'e07976121dd54af2'
: }
In particular, he claims that SHA512 was used to compute the hash . However, it contains a digest value that is 32 bytes long, so it cannot be a SHA512 digest value!
So your statement
I have a service that signs the data and provides me with a signed hash, it generates PKCS # 7 DigestInfo correctly as stated in rfc2315 # section-9.4
either it is wrong, or your code communicating with the service is giving it the wrong data.
Thus, please correct your client or client communication component to force them to enter the correct OID of the digest algorithm into the signed structure DigestInfo
.
Invalid hash value
Even if the above OID is fixed, the hash value in it is wrong, correct SHA256 hash value for the signed ranges of your PDF
9a75434965d5cf2635eb963752494b408a480effabfca1d87b82e619040dfb4b
So please debug your toolchain to see where the wrong hash value came from.
Appendix: CMS Container Structure
Another flaw in your solution is that the structure of the generated CMS container is very simple. In particular, it contains no signed attributes at all. While this is allowed by the CMS specification, it is highly insecure against the many possible counterfeits. Therefore, it is unlikely that any CMS container profile in the current specifications considers this type of signature container to be valid.
Thus, unless your signed documents are only used in a very controlled environment with organizational measures to prevent these attacks, their value is effectively zero.
source to share