stackoom
  简体   繁体   中英

Verifying certificate of signed and secured PDF in iText PDF Java

 原文  2018-01-16 16:09:55       java/ pdf/ encryption/ itext/ acrobat

Question

I secured a PDF using Adobe Acrobat and then signed it, but when I try to verify the signature using iText, it gives an error

Exception in thread "main" java.lang.IllegalArgumentException: can't decode PKCS7SignedData object
at com.itextpdf.text.pdf.security.PdfPKCS7.<init>(PdfPKCS7.java:214)
at com.itextpdf.text.pdf.AcroFields.verifySignature(AcroFields.java:2427)
at com.itextpdf.text.pdf.AcroFields.verifySignature(AcroFields.java:2373)
at C5_01_SignatureIntegrity.verifySignature(C5_01_SignatureIntegrity.java:19)
at C5_03_CertificateValidation.verifySignature(C5_03_CertificateValidation.java:42)
at C5_01_SignatureIntegrity.verifySignatures(C5_01_SignatureIntegrity.java:32)
at C5_03_CertificateValidation.main(C5_03_CertificateValidation.java:134)

I am using the sample code from https://developers.itextpdf.com/examples/security/digital-signatures-white-paper/digital-signatures-chapter-5#887-c5_03_certificatevalidation.java

I used a generic PDF, password protected from Adobe Acrobat and then self-signed it from Adobe Acrobat.

1 answers

solution1
 1 ACCPTED  2018-01-16 22:47:26

The iText 5 security API indeed cannot verify signatures of encrypted documents.

The cause is a deficiency of the decryption code: Just like most other strings it also "decrypts" the values of the Contents key of signature dictionaries. As these are not encrypted to start with, though, this "decryption" actually scrambles them. Thus, the PdfPKCS7 class cannot parse them as signature containers and throws the observed exception.

In contrast to this the iText 7 security API can verify such signatures.

In distinction from the iText 5 situation explained above, decryption of PDF strings here is deferred until their contents actually are used. The signature API, before accessing the content, marks the Contents PDF strings as not encrypted . Thus, their original value can be accessed as is.

(This is a bit risky because some code may retrieve the contents of those strings beforehand and so cause "decryption". On the other hand this removes the necessity to parse the PDF AcroForm information in the PdfReader ; as form parsing in general and signature parsing in particular are not part of the kernel module, such a necessity either would have resulted in duplication of code or merging of multiple modules.)

The issue is covered in more detail in this answer .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Verify if a PDF is digitally signed with iText java iText7 deferred with sign prefix producing invalid signed pdf Signing a PDF using a X.509 SmartCard certificate with iText in Java Edit iText PDF Java Itext PDF manipulation in java pdf/A merge itext 5 java jsp to pdf in java with itext java pdf generation in ITEXT How to detect a signed pdf is valid with iText? Itext signed pdf error when executing program
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM