2

I have a signed pdf I am attaching a certificate(.pfx) to the document through itextsharp. Everything in the code is tested and working fine but when I download and open the pdf in acrobat reader it says the signature is not valid I have changed preferences tried almost every setting since yesterday but there isn't any luck.

two things I noticed in certificate detail that for its "intended" property: the DIGITAL signature is not mentioned whereas encrypt document etc is mentioned is this the reason it is not validating the document for signature. and the second thing it says: certificate has error: not valid for usage

code for attaching certificate;

 var pathCert = 
 Server.MapPath("..../App_Data/Certificates/.....sdd.pfx");

string Password = "**************";
var pass = Password.ToCharArray();

System.Security.Cryptography.X509Certificates.X509Store store =
new System.Security.Cryptography.X509Certificates.X509Store
(Cryptography.X509Certificates.StoreLocation.CurrentUser);



store.Open(System.Security.
Cryptography.X509Certificates.OpenFlags.ReadOnly);


string PfxFileName = pathCert;
string PfxPassword = Password;

System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new 


 System.Security.Cryptography.X509Certificates.X509Certificate2
 (PfxFileName, PfxPassword, Security.Cryptography.X509Certificates.
 X509KeyStorageFlags.MachineKeySet);


 string SourcePdfFileName = "(Directory)/Desktop/tetsing/test.pdf";
 string DestPdfFileName = "(Directory)/Desktop/tetsing/test_Signed.pdf";
 Org.BouncyCastle.X509.X509CertificateParser cp = new 
 Org.BouncyCastle.X509.X509CertificateParser();
 Org.BouncyCastle.X509.X509Certificate[] chain = new 
 Org.BouncyCastle.X509.X509Certificate[] { 
 cp.ReadCertificate(cert.RawData) };
 iTextSharp.text.pdf.security.IExternalSignature externalSignature = new 
 iTextSharp.text.pdf.security.X509Certificate2Signature(cert, "SHA-1");
 PdfReader pdfReader = new PdfReader(SourcePdfFileName);
 FileStream signedPdf = new FileStream(DestPdfFileName, FileMode.Create);  
 //the output pdf file
 PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, signedPdf, 
 '\0');
 PdfSignatureAppearance signatureAppearance = 
 pdfStamper.SignatureAppearance;

 signatureAppearance.Reason = "Signed Document";
 signatureAppearance.Location = "Unknown";
 signatureAppearance.SignatureRenderingMode = 
 PdfSignatureAppearance.RenderingMode.DESCRIPTION;
 MakeSignature.SignDetached(signatureAppearance, externalSignature, 
 chain, 
 null, null, null, 0, CryptoStandard.CMS);

 pdfReader.Close();
ShazLi
  • 21
  • 2

2 Answers2

0

Adobe acrobat reader is very picky on the certificate key usage and intended purpose (Key Usage and Enhanced Key Usage) and other details of the certificate. Have you tried a certificate with Digital Signature as key usage and Code Signing as intended purpose?

Here is a blog post that shows how to self sign a certificate with that properties for doing signatures if you do not have access to a real publicly trusted signing certificate.

Daniel Fisher lennybacon
  • 3,865
  • 1
  • 30
  • 38
0

certificate has error: not valid for usage

According to the Adobe Digital Signatures Guide for IT, Adobe Acrobat accepts only

  • one or more of the following Key usage values (if any)

    • nonRepudiation
    • signTransaction (11.0.09 only)
    • digitalSignature (11.0.10 and later)

  • and one or more of the following Extended key usage values (if any)

    • emailProtection
    • codeSigning
    • anyExtendedKeyUsage
    • 1.2.840.113583.1.1.5 (Adobe Authentic Documents Trust)

Please check your certificate accordingly and replace it if it does not fulfill this condition.

mkl
  • 90,588
  • 15
  • 125
  • 265