3

I have a pdf file signed in Adobe Reader with some Key Algorithm, say 1024-bit RSA. How can I validate the signature in Node.js having both signed file and Public Key?

I know there is a native module crypto. But I cannot understand how to use it, here is an example from docs:

const verify = crypto.createVerify('RSA-SHA256');
verify.write('some data to sign'); // should I write pdf file byte stream here?
verify.end();

const publicKey = getPublicKeySomehow();
const signature = getSignatureToVerify(); // this is not clear, what is the signature in current context?
console.log(verify.verify(publicKey, signature));

Can anyone please shed some light on this?

UPD from what I found here is the proper way to use it:

const res = verify.verify(fs.readFileSync('cert.cer'), fs.readFileSync('signed_doc.pdf'))

but it throws the next error

Error: PEM_read_bio_PUBKEY failed
    at Error (native)
    at Verify.verify (crypto.js:311:23)

Question: can I use Verify.verify with p7c, cer certificates?

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
alex.mironov
  • 2,834
  • 6
  • 27
  • 41
  • 1
    You don't have a signature file, do you? Instead you have a signed document that already contains the signature. You can't verify the integrity of the pdf document based on file level verification. You need a pdf specific verifier. – Artjom B. Jul 22 '17 at 07:42
  • @ArtjomB. thanks, you're correct. As I cannot verify the integrity of pdf without using some specific tools probably I need another approach. In case a user has file signature, how it could be delivered to the server? – alex.mironov Jul 24 '17 at 06:04

0 Answers0