LTV Support for HSM Signed PDF
Hello,
I am signing a PDF externally via an HSM using the ComputeHash event on the PdfSignature object.
I am trying to achieve LTV in Adobe reader, however Adobe says the Signature is not LTV enabled.
I see some discussion in this post: https://www.syncfusion.com/forums/140722/cannot-sign-pdf-with-ltv-enabled
Is there any planned support for HSM based LTV?
Using CreateLongTermValidity does not seem to work, I get the error: "There are errors in the formatting or information contained in the signature"
Additionally validating the signed PDF does not seem to be working in this manner either.
Does ValidateSignature() work when using the Compute hash event?
SIGN IN To post a reply.
4 Replies
SB
Scott Barber
May 6, 2020 01:26 AM UTC
Following up, I managed to get it to work, I did not realise I needed to include the entire certificate chain in the CreateLongTermValidity call.
So my PDF is successfully LTV enabled and I can confirm that in Adobe Reader.
However, the ValidateSignature function is still showing an error.
PdfSignatureValidationResult result = signatureField.ValidateSignature();
When I attempt to include the root certificates it throws a null reference.
PdfSignatureValidationResult result = signatureField.ValidateSignature(collection);
GK
Gowthamraj Kumar
Syncfusion Team
May 6, 2020 12:59 PM UTC
Hi Scott,
Thank you for using Syncfusion products.
We suspect that the reported error occurs only in document specific. Can you please provide the complete code snippet, certificate and sample to reproduce this issue in our end. So, that it will be helpful for us to analyze and assist you further on this.
Regards,
Gowthamraj K
SB
Scott Barber
May 7, 2020 01:33 AM UTC
Hi,
Is there somewhere I can privately upload an example document?
Here is the code sample of how I am signing:
var returnStream = new MemoryStream();
using (var sfDocument = new PdfLoadedDocument(stream))
{
//Creates a digital signature
var signature = new PdfSignature(sfDocument, sfDocument.Pages[sfDocument.Pages.Count - 1], null, signedName);
signature.ContactInfo = contactInfo;
signature.Reason = reason;
signature.LocationInfo = location;
signature.SignedName = signedName;
signature.Certificated = true;
signature.DocumentPermissions = PdfCertificationFlags.AllowFormFill;
// Add long term validity
signature.CreateLongTermValidity(certchain);
signature.ComputeHash += (o, e) =>
{
//Get the document bytes.
byte[] documentBytes = e.Data;
e.SignedData = SignViaHSM(certchain.Last(), documentBytes);
};
// Save out the result
sfDocument.Save(returnStream);
}
return returnStream;
}
This returns a valid PDF according to Adobe reader.
When I then try to validate like this it says invalid:
var doc = new PdfLoadedDocument(stream);
var form = doc.Form;
List<PdfSignatureValidationResult> results = null;
//Validate all the digital signatures present in the PDF document.
bool isvalid = form.Fields.ValidateSignatures(out results); //<------- isValid = false, "There are errors in the formatting or information contained in the signature."
And if I try to include the root certificates it throws a null reference exception:
bool isvalid = form.Fields.ValidateSignatures(collection, out results); //<--- NullReferenceException
SL
Sowmiya Loganathan
Syncfusion Team
May 7, 2020 01:55 PM UTC
Hi Scott,
We have create an incident under your direct-trac account. Please follow that incident for further follow up.
Regards,
Sowmiya Loganathan
SIGN IN To post a reply.
- 4 Replies
- 3 Participants
-
SB Scott Barber
- May 6, 2020 12:38 AM UTC
- May 7, 2020 01:55 PM UTC
