Error in digital signature

Question

I'm using itext 5.5.6 to sign a PDF document, using the: Code sample 4.1: Signing a document using PKCS#11
of the book: Digital Signatures for PDF documents

But I have the following error when validating adobe reader:

Error during signature verification.

Error encountered while validating:

Internal cryptographic library error.

Error Code: 0x2726

I have not found the solution to the error,

attached the document signed: firmado.pdf

I appreciate your comments, Regards.

Unfortunately your link storage.dataokey.com:5001/fbsharing/ZUyUMrem does not seem to work; at least it times out on me. — mkl
The link to the PDF is broken. There's no info on the cryptographic library you're using, no info which device your are using (smart card, HSM), no info on the drivers that are used. This question is unanswerable. — Bruno Lowagie
At least there is a hsm tag. But still way too few information. — mkl
Thanks for the quick replies, Sorry I've updated the link, this is: drive.google.com/file/d/0B8ecaPhsvnYSbC1IWDJkd19GeFk/… I am using Thales nShield Edge HSM and PKCS11 — user3587281

mkl mkl · Accepted Answer · 2015-06-18T21:55:37

A first tentative analysis results in the observations that

the signature is correctly embedded,
the messageDigest signed attribute contains the correct hash of the signed byte ranges of the PDF, but
the signature bytes do not constitute a signature of the signed attributes with the private key associated with the given certificate.

This means essentially that the signature you retrieved via P11 is incorrect while iText seems to operate correctly. This may be due to

the fact that the Code sample 4.1 was originally made for a SafeNet Luna while you use a Thales nShield Edge and some adaptions are required, or
a mixup in the installation of your Thales client or the Thales Edge itself.

Unfortunately I'm not deep into HSMs and therefore cannot tell the exact problem.

Error in digital signature

1 Answers