1. Home
  2. Forum
  3. WPF
  4. LTV Support for HSM Signed PDF

LTV Support for HSM Signed PDF

Hello,
I am signing a PDF externally via an HSM using the ComputeHash event on the PdfSignature object.

I am trying to achieve LTV in Adobe reader, however Adobe says the Signature is not LTV enabled.

Is there any planned support for HSM based LTV?

Using CreateLongTermValidity does not seem to work, I get the error: "There are errors in the formatting or information contained in the signature"

Additionally validating the signed PDF does not seem to be working in this manner either.

Does ValidateSignature() work when using the Compute hash event? 

4 Replies
SB Scott Barber May 6, 2020 01:26 AM UTC

Following up, I managed to get it to work, I did not realise I needed to include the entire certificate chain in the CreateLongTermValidity call.

So my PDF is successfully LTV enabled and I can confirm that in Adobe Reader.

However, the ValidateSignature function is still showing an error.
PdfSignatureValidationResult result = signatureField.ValidateSignature();

When I attempt to include the root certificates it throws a null reference.

PdfSignatureValidationResult result = signatureField.ValidateSignature(collection);


GK Gowthamraj Kumar Syncfusion Team May 6, 2020 12:59 PM UTC

Hi Scott, 
 
Thank you for using Syncfusion products. 
 
We suspect that the reported error occurs only in document specific. Can you please provide the complete code snippet, certificate and sample to reproduce this issue in our end. So, that it will be helpful for us to analyze and assist you further on this.     
 
Regards, 
Gowthamraj K 


SB Scott Barber May 7, 2020 01:33 AM UTC

Hi,
Is there somewhere I can privately upload an example document?

Here is the code sample of how I am signing:
            var returnStream = new MemoryStream();

            using (var sfDocument = new PdfLoadedDocument(stream))
            {
                //Creates a digital signature 
                var signature = new PdfSignature(sfDocument, sfDocument.Pages[sfDocument.Pages.Count - 1], null, signedName);

                signature.ContactInfo = contactInfo;
                signature.Reason = reason;
                signature.LocationInfo = location;
                signature.SignedName = signedName;

                signature.Certificated = true;
                signature.DocumentPermissions = PdfCertificationFlags.AllowFormFill;

                // Add long term validity
                signature.CreateLongTermValidity(certchain);

                signature.ComputeHash += (o, e) =>
                {
                    //Get the document bytes.
                    byte[] documentBytes = e.Data;

e.SignedData = SignViaHSM(certchain.Last(), documentBytes);
                };

                // Save out the result
                sfDocument.Save(returnStream);
            }

            return returnStream;            
        }
This returns a valid PDF according to Adobe reader.

When I then try to validate like this it says invalid:
            var doc = new PdfLoadedDocument(stream);
            var form = doc.Form;

    List<PdfSignatureValidationResult> results = null;

     //Validate all the digital signatures present in the PDF document.
     bool isvalid = form.Fields.ValidateSignatures(out results); //<------- isValid = false, "There are errors in the formatting or information contained in the signature."
And if I try to include the root certificates it throws a null reference exception:

bool isvalid = form.Fields.ValidateSignatures(collection, out results); //<--- NullReferenceException

SL Sowmiya Loganathan Syncfusion Team May 7, 2020 01:55 PM UTC

Hi Scott,  
 
We have create an incident under your direct-trac account. Please follow that incident for further follow up.  
 
Regards, 
Sowmiya Loganathan 


Loader.
Up arrow icon