I am developing a PHP application that automatically signs pdf files and I am very confused about certain aspects. I read the PDF specifications and managed through the part of adding annotation, objects, empty signature field, etc but I don't seem to understand anything about computing the hash for the /Contents in the signature dictionary. The documentation is pretty vague about this part. Here's what I am interested in:
what specific hash algorithm do I have to apply to the newly generated pdf file with the dummy signature?
(I should mention that I am inclining using for the /SubFilter adbe.pkcs7.detached or adbe.pkcs7.sha1,)
what is the content of the pkcs7 envelope and how do I generate it?
how to convert the pkcs7 envelope to hex?
I must mention I have no training in cryptography and I've come to this forum after a few days of documenting on the subject without any succes.
PDF digital signatures for beginnersYou REALLY need to understand at least the basics of cryptography and digital signatures to even understand the answers to the questions that you are asking. Start by getting a good book on the subject - or at least reading up at some websites.
PDF digital signatures for beginnersI am at the point where I have a certificate, a private key (in PEM or DER format) and a binary string (the data that needs to be hashed). I would be helpfull if someone could explain me (in plain english, like telling a story) what to do to obtain the final value of the signature that's going to go in the final version of the file (ie: the value for the /Contents).
I must say that I've tried a work-around: tried openssl_pkcs7_sign that signs an S/MIME message and tried to extract the signature from there and I got to the point where when opening the file in Acrobat I get the message that the signature is invalid because the document has been altered or corrupted since it was applied. Since this?doesn't work I am ready to implement the hashing function from 0, but I didn't find anywhere an example, structure or any other information on the pkcs7 envelope for pdf files. I am glad for any help, even if it means just some reading suggestions (with titles, maybe links, not just saying that I need to do more reading, please).
I am also attaching a file and maybe someone can analyze it and tell me what is wrong with it. I know there is some unnecesary data n the file, but I believe it has nothing to do with the signature.
Have you read the PDF Reference/ISO 32000-1 which describes how signatures are done? Have you read the PKCS#7 documentation to understand how things are packaged inside?
Now given that - what specific problem are you having?
Nice
ReplyDeleteGreat ! You have provided a very useful guidance about pdf digital signature in this article. I will first try to learn about the mechanism that is used in the creation of digital certificates.
ReplyDeletedigital signature PDF