1

I'm new to digital signatures on PDF documents. I hope you can help me.

I'm using iText7 to validate the document integrity. I've used some iText7 methods to validate such as verifySignatureIntegrityAndAuthenticity() and signatureCoversWholeDocument based on this link avoiding-pdf-digital-signature-vulnerabilities-itext. However, it's required to make a manual validation. For instance, the steps showed in the following link pdf-and-digital-signatures

  1. Decrypt the signed hash using the signer's certificate; the result is message digest hash1.
  2. Hash the bytes of the PDF, excluding the bytes of the signature itself; the result is a message digest hash2.
  3. Compare hash1 with hash2; if they aren't identical, the document has been tampered with.

So, the problem is that I can't get the pdf hash excluding the signature value (step 2) with iText7.

I've already gotten the signed byte ranges hash (I thinks it correspond to the step 1) with the digestAttr value obtained from the signature. I followed the answer of this question: obtaining-the-hash-digest-from-a-pcks7-signed-pdf-file-with-itext. Also, I already have the authenticated attributes (DigestValue).

Also, I can generate the pdf hash but its value is different from signed byte ranges hash. I think is because I'm getting the hash including the signature value.

I've been trying to get the pdf hash excluding the signature value but without success. Thus, I can't go through the step 3 (compare the two hashes).

I will be very grateful if you could help me.

Alexander Sánchez
  • 11
  • 1
  • It could help others help you if you included what you have tried in the form of a [minimal reproduceable example](https://stackoverflow.com/help/minimal-reproducible-example) – kHLVT Apr 04 '22 at 08:32
  • Just in case anyone attempts to use the approach mentioned in this question and the referenced knowledgebase article: That three step approach works only for a special case! First of all step 1 only works for RSA signatures, not (EC)DSA ones. Furthermore, the hash value in the signed hash most often is not the hash of the document ranges but the hash of the signed attributes in the signature container. One of these signed attributes in turn is the hash of the document ranges. Only in seldom simple cases the document ranges hash is signed directly. – mkl Feb 03 '23 at 08:44

1 Answers1

0

The Signature dictionary (type=Sig) contains an array named ByteRange. This array defines two ranges, the range of bytes to use before the signature object and the bytes coming after the signature object.

While validating, you have to check whether this range is not excluding any other parts of the document, except later added signatures.

Glenner003
  • 1,450
  • 10
  • 20