PDF Digital Signature in java and signature verification in c# (iText)

Question

I'm developing a webserver in c# that performs digital signatures validations, to ensure that the pdf files weren't modified. I'm using iText and iTextSharp for this.

But the client-side is based on a java applet. I perform the digital signatures in that java applet. In java i'm able to make the signatures and then verify them. But if I verify the signature in C# it is given a nullreferenceexception.

Here is my Java digital signature code:

           String path = "C:/Users/a/Desktop/cert.pfx";
    String keystore_password = "fgf";
    String key_password = "fgf";

    ////

    BouncyCastleProvider provider = new BouncyCastleProvider();
    Security.addProvider(provider);


    KeyStore ks = KeyStore.getInstance("pkcs12", "BC");
    ks.load(new FileInputStream(path), keystore_password.toCharArray());

    String alias = (String)ks.aliases().nextElement();

    PrivateKey pk = (PrivateKey) ks.getKey(alias, key_password.toCharArray());

    Certificate[] chain = ks.getCertificateChain(alias);

            PdfReader reader = new PdfReader(src);
    dest = "C:/Users/a/Desktop/" + dest;
    FileOutputStream os = new FileOutputStream(dest);
    PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0');

    PdfSignatureAppearance appearance = stamper.getSignatureAppearance();


    ExternalSignature es = new PrivateKeySignature(pk, "SHA-256", "BC");
    ExternalDigest digest = new BouncyCastleDigest();

    MakeSignature.signDetached(appearance, digest, es, chain, null, null, null, 0, CryptoStandard.CMS);

And my C# verification code:

             PdfReader reader = new PdfReader(pdfFile);
            AcroFields af = reader.AcroFields;
            var names = af.GetSignatureNames();

            if (names.Count == 0)
            {
                throw new InvalidOperationException("No Signature present in pdf file.");
            }


            foreach (string name in names)
            {
                if (!af.SignatureCoversWholeDocument(name))
                {
                    throw new InvalidOperationException(string.Format("The signature: {0} does not covers the whole document.", name));
                }


                PdfPKCS7 pk = af.VerifySignature(name);
                var cal = pk.SignDate;
                var pkc = pk.Certificates;

                if (!pk.Verify())
                {
                    Console.WriteLine("The signature is not valid.");
                    return false;
                }
             }

In the line af.VerifySignature(name); the NullReferenceException is thrown up!

The fun thing is, if I perform the signatures with C# code I'm able to verify it in java, since I add these instructions: BouncyCastleProvider provider = new BouncyCastleProvider(); Security.addProvider(provider);

I think my problem relies on some byte conversions... But in C# I don't know how to call a bouncycastleprovider.

Can you help me? My best regards: William.

In the line af.VerifySignature(name); the NullReferenceException is thrown up! - can you provide something like a stacktrace? — mkl
The stackTrace: at org.bouncycastle.security.SignerUtil.getSigner(String algorithm) at iTextSharp.text.pdf.PdfPKCS7..ctor(Byte[] contentsKey) at iTextSharp.text.pdf.AcroFields.VerifySignature(String name) at SignatureLibrary.iText.PDFValidation(String pdfFile) in c:\\Users\\guilhermesousa\\Documents\\Visual Studio 2012\\Projects\\SignatureLibrary\\SignatureLibrary\\iText.cs:line 122" — William
Which is your iTextSharp version? I cannot find a PdfPKCS7 constructor with only one Byte[] parameter... — mkl
I think it is the 5.5.0 version.. But i'm not sure. My dll just says itextsharp. But why are you trying to construct a PdfPKCS7? You just have to assign it to the af.VerifySignature(name); to build it. — William
The stacktrace line iTextSharp.text.pdf.PdfPKCS7..ctor(Byte[] contentsKey) indicates that you are not actually using version 5.5.0 but a version from before 5.3.0 because PdfPKCS7 in 5.3.0 had been refactored into the namespace iTextSharp.text.pdf.security. Thus, please update your iTextSharp, test again, and if you still get that NullReferenceException, post an updated stacktrace. — mkl

mkl mkl · Accepted Answer · 2014-03-17T12:46:52

The stacktrace posted by the OP in a comment

...
at org.bouncycastle.security.SignerUtil.getSigner(String algorithm)
at iTextSharp.text.pdf.PdfPKCS7..ctor(Byte[] contentsKey)
at iTextSharp.text.pdf.AcroFields.VerifySignature(String name)
at SignatureLibrary.iText.PDFValidation(String pdfFile)
in ...\\SignatureLibrary\\SignatureLibrary\\iText.cs:line 122

contains the line iTextSharp.text.pdf.PdfPKCS7..ctor(Byte[] contentsKey) which indicates that the OP was not using the current iTextSharp version 5.5.0 but instead a version from before 5.3.0 (published June 2012): in version 5.3.0 PdfPKCS7 had been refactored into the namespace iTextSharp.text.pdf.security.

This refactoring was part of a major update of the whole iText signature creation and verification code, an update which introduced many new features.

Thus, the OP was advised to update the iTextSharp assembly, and indeed:

I downloaded the latest itextsharp version and it worked well the verification.

PDF Digital Signature in java and signature verification in c# (iText)

1 Answers