- Home
- Forum
- ASP.NET MVC - EJ 2
- How to add signed hash to pdf as signature
How to add signed hash to pdf as signature
I'm trying to digitally sign pdf file using digital signature on smart cards.
what I did is extracted hash value of the pdf file, then signed using the smart card. resulting signed hash.
then I need to add the signed hash into the pdf file, but I don't know how to add it since PdfSignature class do not take signed hash.
It only required PFX file which I can not extract from the smart card.
Can you help me with that? or do I need to use other tool?
SIGN IN To post a reply.
13 Replies
DB
Dilli Babu Nandha Gopal
Syncfusion Team
February 6, 2019 09:04 AM UTC
Hi Ahmad,
Greetings from Syncfusion.
Yes, it is possible to add signed hash to PdfSignature which illustrated in the following code example.:
Code Example:
|
//Load the existing PDF documnt.
PdfLoadedDocument document = new PdfLoadedDocument("../../Input.pdf");
//Get the page.
PdfLoadedPage page = document.Pages[0] as PdfLoadedPage;
//Create a new PDF signature instance.
PdfSignature signature = new PdfSignature(document, page, null, "Sig1");
//Set the signature bounds.
signature.Bounds = new RectangleF(0, 0, 200, 100);
//Call the compute hash event.
signature.ComputeHash += Signature_ComputeHash;
//Save the document.
document.Save("output.pdf");
//Close the document.
document.Close(true);
|
Note: The event ComputeHash only trigger while passing PdfCertificate as null in the PdfSignature overload.
Get hash and sign:
|
private void Signature_ComputeHash(object sender, PdfSignatureEventArgs ars)
{
//Get the document bytes.
byte[] documentBytes = ars.Data;
//Generate hash.
byte[] hash = SHA256.Create().ComputeHash(ars.Data);
//Include the signed data to PDF.
ars.SignedData = GetSignature(hash);
}
|
Regards,
Dilli babu.
AH
Ahmad
February 11, 2019 06:15 AM UTC
I have an error in the Signature_ComputeHash function
ars.SignedData = GetSignature(hash);
What is GetSignature ??
I signed the hash extracted from this function
byte[] hash = SHA256.Create().ComputeHash(ars.Data);
but I don't know how to add it to SignedData
----------------
Updated
after adding the signed hash to ars.SignedData
the signature on adobe shows this error
Error during signature verification.
ASN.1 parsing error:
Error encountered while BER decoding:
SK
Surya Kumar
Syncfusion Team
February 11, 2019 12:06 PM UTC
Hi Ahmad,
The exception which you have mentioned in last update will occur if the SignedData is not in PKCS7 format. So could you please ensure if the signed data is in PKCS7 format and let us know if it works .
Regards,
Surya Kumar
AH
Ahmad
February 12, 2019 07:15 AM UTC
okay now i'm using this signing method below. and the error is gone and I can see the signature with the certificate inside, but I have errors inside adobe reader
Signature is INVALID.
- The document has been altered or corrupted since the Signature was applied.
- The document is signed by the current user.
I don't know why it shows that the document is altered.
void Signature_ComputeHash(object sender, PdfSignatureEventArgs ars)
{
//Get the document bytes.
byte[] documentBytes = ars.Data;
//Generate hash.
byte[] hash = SHA256.Create().ComputeHash(ars.Data);
ars.SignedData = Sign(hash, cer);
}
public static byte[] Sign(byte[] data, X509Certificate2 certificate)
{
if (data == null)
throw new ArgumentNullException("data");
if (certificate == null)
throw new ArgumentNullException("certificate");
// setup the data to sign
ContentInfo content = new ContentInfo(data);
SignedCms signedCms = new SignedCms(content, false);
CmsSigner signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, certificate);
// create the signature
signedCms.ComputeSignature(signer);
return signedCms.Encode();
}
DB
Dilli Babu Nandha Gopal
Syncfusion Team
February 13, 2019 04:44 PM UTC
Hi Ahmad,
Greetings from Syncfusion.
We have created a sample to achieve your requirement without signature validation issue which can be downloaded from following link. http://www.syncfusion.com/downloads/support/forum/142454/ze/Sample-766666279
Please let us know if you have any questions.
Regards,
Dilli babu.
AH
Ahmad
February 14, 2019 06:12 AM UTC
The sample is working great with the certificate you provide, but when I use my certificate I got an exception
System.OverflowException
HResult=0x80131516
Message=Arithmetic operation resulted in an overflow.
Source=Syncfusion.Pdf.Base
StackTrace:
at Syncfusion.Pdf.Security.PdfSignatureDictionary.DocumentSaved(Object sender, DocumentSavedEventArgs e)
at Syncfusion.Pdf.PdfDocumentBase.OnDocumentSaved(DocumentSavedEventArgs args)
at Syncfusion.Pdf.Parsing.PdfLoadedDocument.AppendDocument(PdfWriter writer)
at Syncfusion.Pdf.Parsing.PdfLoadedDocument.Save(Stream stream)
at Syncfusion.Pdf.PdfDocumentBase.Save(String filename)
at ConsoleApplication1.Program.Main(String[] args) in C:\Users\Desktop\Sample\ConsoleApplication1\Program.cs:line 50
my certificate info are:
Signature algorithm sha1RSA
Public Key RSA(2048 Bits)
Key Usage Digital Signature, Non-Repudiation (c0)
DB
Dilli Babu Nandha Gopal
Syncfusion Team
February 14, 2019 11:09 AM UTC
Hi Ahmad,
We have fixed the similar kind of issue and the issue fix was included in our 2018 Volume 4 SP1 release (16.4.0.52). So, could you please update your assemblies to this version and let us know if it works. Essential Studio Service pack can be downloaded from following link.
If issue continues, please provide us the certificate which causes this issue so that we can analyze and find the root cause of this issue and provide you a solution.
Regards,
Dilli babu.
AH
Ahmad
February 21, 2019 08:23 AM UTC
I already have the latest version also I can't give you the certificate because its non-exportable in the Smart Card.
I will try to create a self-signed that have same issue and send it to you.
Also with the example you provide, the signing is done with the full data of the pdf not the hash value.
What I need is to sign the hash and then add the signed hash to the pdf file.
DB
Dilli Babu Nandha Gopal
Syncfusion Team
March 8, 2019 05:29 AM UTC
Hi Ahmad,
We are signing only with the hash value of the PDF not the full PDF document, we only passing the hash value from the event arguments. Please share us the self signed certificate in which reproduces the issue which will helpful for us to investigate further on this.
Regards,
Dilli babu.
AH
Ahmad
March 10, 2019 04:50 AM UTC
from the example you provide in the Signature_ComputeHash function
you are taking the Data from PdfSignatureEventArgs which is the full pdf Data.
Then you sign the data and re add it to SignedData in the PdfSignatureEventArgs.
There's no hash what so ever in these steps.
is there another way to do that?
also, as for the certificate you should receive from Nada Hamdeh.
DB
Dilli Babu Nandha Gopal
Syncfusion Team
March 11, 2019 03:34 PM UTC
Hi Ahmad,
Currently we are working on modifying the sample as per your requirement. We have received the certificate from you. Meanwhile kindly share us the password for the certificate so that we can use that certificate in the sample.
Regards,
Dilli babu.
CC
Chad Church
Syncfusion Team
March 12, 2019 11:10 AM UTC
Hi Dilli,
Customer has shared the password.
The password is 12345
Best,
Chad
DB
Dilli Babu Nandha Gopal
Syncfusion Team
March 18, 2019 12:46 PM UTC
Hi Chad,
We regret for the delay.
At present we do only support to add signed hash to PdfSignature by taking full PDF data from PdfSignatureEventArgs and we do not support to provide hash of the PDF file to sign the PDF document externally. We have logged a feature request to for this. We will implement this feature any of upcoming releases.
The status of this feature implementation can be tracked using following link
Please let us know if you need any further assistance on this.
Regards,
Dilli babu
SIGN IN To post a reply.
- 13 Replies
- 4 Participants
-
AH Ahmad
- Feb 5, 2019 08:39 AM UTC
- Mar 18, 2019 12:46 PM UTC
