PDF_NOT_ETSI error while trying to verify a signature with DSS Validation Tool
Closed this issue · 4 comments
Hello! I finally ended my PAdES signature creation using PDFNet and OPENSSL and it is recognized by Adobe PDF Reader, but I have a problem while trying to verify it is DSS validation tool. I received the following error:
and in the detailed version, I saw this problem:
I tried to compare the signature with one realised with DSS tool, but I was not able to see the difference between those 2.
I attach here both signatures decoded from DER using Cyberchef:
-my signature
my_signature.txt
-dss signature
dss_signature.txt
Could you help me?
Best Wishes,
Ionut Corbu
Could you please provide a complete PDF file for analysis?
Sure! Here is the file signed with DSS file:
file_signed.pdf
and here is the file obtained using my solution:
file_signed.pdf
I verified the signed attributes, but i don't know if the problem is there or not.
Your CMS contains an empty eContent attribute, which shall not be present for a CMS within a PDF signature. The CMS in PDF shall be of a detached format, while your signature "commits" that it covers the encapsulated content, thus DSS invalidates the signature.
This is your signature:
and below is a CMS created by DSS:
As you see, DSS omits the eContent attribute when creating a signature.
Adobe, apparently, does not check the attribute, which is, in fact, invalid. See ISO 32000-1 for adbe.pkcs7.detached subFilter:
12.8.3.3 CMS (PKCS #7) signatures
...
No data shall be encapsulated in the CMSSignedData field.
...
And ETS EN 319 142-1:
4.1 General requirements for PAdES signatures based on PDF signatures
NOTE: Given that PAdES signatures are enveloped inside a PDF document and are detached in the sense of a CMS signature, the signature placement is implied by ISO 32000-1 [1]. In ISO 32000-1 [1], section 12.8.3.3.1 reads "No data shall be encapsulated in the PKCS#7 SignedData field".
Remove the encapsulated content and your signature should be valid (unless there is any other issue).
Closed