Smartcard Digital Signature - Document has been altered or corrupted since it was signed

0
votes

I saw a similar reply to a C# question about signature data being hashed twice, however not sure why my signature data here.

C# PKCS7 Smartchard Digital Signature corrupted

       String provider = sdk.getProviderName();
        List certList = new ArrayList();
        certList.add(signerCert);
        Store certs = new JcaCertStore(certList);
        CMSSignedDataGenerator cmsSignedDataGenerator = new CMSSignedDataGenerator();
        DigestCalculatorProvider digProvider = new JcaDigestCalculatorProviderBuilder().setProvider(provider).build();
        JcaSignerInfoGeneratorBuilder signerInfoGeneratorBuilder = new JcaSignerInfoGeneratorBuilder(digProvider);
        ContentSigner sha256Signer = new JcaContentSignerBuilder("SHA256withRSA").setProvider(provider).build(signerKey);
        cmsSignedDataGenerator.addSignerInfoGenerator(signerInfoGeneratorBuilder.build(sha256Signer, signerCert));
        cmsSignedDataGenerator.addCertificates(certs);
        CMSTypedData msg = new CMSProcessableByteArray(digest); 
        CMSSignedData cmsSignedData = cmsSignedDataGenerator.generate(msg);
        Map hashes = new HashMap();
        hashes.put(CMSAlgorithm.SHA256, digest);
        CMSSignedData finalCMSSignedData = new CMSSignedData(hashes, cmsSignedData.getEncoded());

        return finalCMSSignedData.getEncoded();`
1
pdfdigital-signaturebouncycastle
Your code does not show what you originally hashed or how you embed the CMS container into your pdf.mkl
Are we talking about a detached signature (separate .pkcs7 signature file next to the .pdf file) or an PDF integrated signature - visible or invisible embedded in the PDF (as it can be created using Acrobat for example)?Robert

1 Answers

0
votes

so it turned out that the data was being double digested. If we pass the raw data vs the digest, the signature that gets written is valid and unaltered