1

I'm writing a service where I pre-sign a pdf file with an empty container, take a hash of a byte range from the pdf file and send it to another service, that will allow a user to sign the hash using a mobile phone. I get back a certificate that I will inject into the signature container in the pre-signed pdf file.

Everything works so far, except that I want to have visible signatures in the document. The visible signatures require the certificate to get information from it (like who signed it and when) but it seems that I need to add the visible signature before I actually sign it.

My question is therefore, is it possible to change the appearance of the signature within the document after signing it? The visible signature image seems to be outside the signed byte range of the document.

I am pre-signing the file with a blank container: 

IExternalSignatureContainer external = new ExternalBlankSignatureContainer(PdfName.ADOBE_PPKLITE,                                                                                 PdfName.ETSI_CADES_DETACHED);
MakeSignature.SignExternalContainer(_sap, external, 8192 * 2);

Where _sap is the SignatureAppearance from a stamper initialized the following way: 

PdfStamper stamper = PdfStamper.CreateSignature(reader, baos, '\0', null, true);

The returning a hash of the byterange from the SignatureAppearance:

Stream data = _sap.GetRangeStream();
_hash = DigestAlgorithms.Digest(data, DigestAlgorithms.SHA1);
_hashStr = Convert.ToBase64String(_hash);
return _hashStr;

And then when I get the certification I create a custom container: 

IExternalSignatureContainer container = new CustomContainer(cert);
MakeSignature.SignDeferred(reader, _signatureFieldName, baos, container);

The custom container doesn't do anything except to return the cert in it's public byte[] Sign(Stream data) method.

The signing itself works, the digital signatures are valid but I just need to change the text of the visible signature itself. I would think that it's possible, since the visible signature doesn't actually have anything to do with the certificate itself, it's just a convenience to display the name from the certificate, especially with multiple signatures.

Axel Örn Sigurðsson
  • 372
  • 2
  • 12
  • I've read this question several times and I don't quite get, why presentation of signature has to be changed after signing. User certificate is available before actual signing, so all needed information can be added to visual presentation in preparation step eliminating all problems related to changing anything after signing. – divanov Feb 22 '14 at 09:02

1 Answers1

4

You were right when you wrote: it seems that I need to add the visible signature before I actually sign it. You were wrong when you wrote: I would think that it's possible.

The appearance of the signature consists of dictionaries and streams stored in the PDF document. These objects are part of the bytes that are hashed and subsequently signed. You can't change these bytes without breaking the signature.

Bruno Lowagie
  • 75,994
  • 9
  • 109
  • 165
  • 2
    What the op could try, though, is adding a text field when preparing the pdf for signing located above the signature visualization. After signing the document he could fill those fields in an added revision... ;) – mkl Jan 28 '14 at 17:37
  • 1
    Good suggestion by mkl! – Bruno Lowagie Jan 28 '14 at 17:45
  • Thanks Bruno, that's what I thought. And thank mkl, I'm defnintely going to try that out, that could be exactly what I need. – Axel Örn Sigurðsson Jan 28 '14 at 20:21
  • I just tried it out and it works, but there's one issue. The text field is rendered under the signature image itself. I'm setting the visible signature with `_sap.SetVisibleSignature(..)` and then after that `stamper.AddAnnotation(..)` before finally pre signing, but the order in the pdf file is not kept? Is it possible somehow to set the z-index or something like that. – Axel Örn Sigurðsson Jan 29 '14 at 10:16
  • 1
    I ended up solving that issue by having the visible signature being an empty transparent box and setting the image as a `PushbuttonField` with `LAYOUT_ICON_ONLY`. Then I'm able to draw the text above the image and the whole thing is clickable from a pdf reader to get to the signature. – Axel Örn Sigurðsson Jan 29 '14 at 13:01