Free Support Forum - aspose.com

Aspose.PDF.KIT => Verify Digital Signature

Hello,

I want to verify a singed pdf file.

1) this is how i sing the pdf file
Public Shared Sub SignPDFWithVisibleSignatureUsingAspose()
Dim oCertificate As Certificate = New Certificate(“testvcg.pfx”, “test”)
Dim oPdfFileSignature As PdfFileSignature = New PdfFileSignature(oCertificate)
oPdfFileSignature.BindPdf(“test2.pdf”)
Dim oRec As System.Drawing.Rectangle = New System.Drawing.Rectangle(100, 100, 100, 100)
oPdfFileSignature.Sign(1, “Approved”, “Ludwig Ghislain”, “Gent Belgium”, True, oRec)
oPdfFileSignature.Save(“singed_valid.pdf”)
Console.WriteLine(“has signature?” & oPdfFileSignature.IsContainSignature)
Console.ReadLine()
End Sub
2) this is how I read the singed file
Public Shared Sub ValidateSingedPDFUsingAspose()
Dim oCertificate As Certificate = New Certificate(“testvcg.pfx”, “test”)
Dim oPdfFileSignature As PdfFileSignature = New PdfFileSignature(oCertificate)
oPdfFileSignature.BindPdf(“singed_valid.pdf”)
Dim singatureAppearance As String = oPdfFileSignature.SignatureAppearance()
Console.WriteLine("Contains singature?: " & oPdfFileSignature.IsContainSignature())
Console.WriteLine(“SignModel” & oPdfFileSignature.SignModel)
Dim oList As ArrayList = oPdfFileSignature.GetSignNames()
For I As Integer = 0 To oList.Count - 1
Console.WriteLine(“signature name:” & oList(I))
Console.WriteLine(“coverswholedocument:” & oPdfFileSignature.IsCoversWholeDocument(oList(I)))
Console.WriteLine(“revision:” & oPdfFileSignature.GetRevision(oList(I)))
Console.WriteLine(“verifysigned:” & oPdfFileSignature.VerifySigned(oList(I)))
Console.WriteLine(“reason:” & oPdfFileSignature.GetReason(oList(I)))
Console.WriteLine(“location:” & oPdfFileSignature.GetLocation(oList(I)))
Console.WriteLine(“datatime:” & oPdfFileSignature.GetDateTime(oList(I)))
Next
Console.WriteLine(oPdfFileSignature.SignModel.ToString)
Console.ReadLine()
End Sub

The Result:
has signature?False

Contains singature?: True
SignModelAdobe.PPKLite
signature name:Signature1
coverswholedocument:True
revision:1
verifysigned:False
reason:Approved
location:Gent Belgium
datatime:29/10/2008 11:49:09
Adobe.PPKLite


The problem:

The oPdfFileSignature.VerifySinged expects an parameter “signName” and returns a string.
The name of the singature is: “Singature1” as you can see above.
Is it possible to change that name? so the VerifySinged method can be true and I can assume the document is singed with the correct certificate?

thx in advance


Ludwig

Hello Ludwig,

Thanks for considering Aspose.

We are working over this issue and will reply to you soon.

Hi,

We are sorry that we have not expressed it clearly in the document comments, you should use GetSignerName(oList(I)) in PdfFileSignature to get the name of person or organization who signing the pdf document. In your test code, the value of & oList(I) is the name of signature self in the pdf document.

If you have any other questions, please don't hesitate to inform me.

Hello,

thx for the information. Know I can check the SingerName and the result is as i expected.

The result of :

Console.WriteLine("verifysigned:" & oPdfFileSignature.VerifySigned(oList(I)))

is still False, what is the meaning of the verifysinged method?

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />Hello Ludwig,
The verifysigned method is to check the validity of signature. I have tested the issue and I’m able to reproduce the same problem. I have logged it in our issue tracking system as PDFKITNET-6357. We will try our best to solve this issue ASAP and inform you when getting any progress . We apologize for your inconvenience.

Hi, is there already a solution or fix for this issue ?

Regards,

Wim

Hi Wim,

We have fixed this bug and we will release a new version within this week.

Hello,

First off all thank you for fixing this bug.

Is the Aspose team considering to make it possible at the pdf.kit component for reading more information about the certificate? like for example certificate validity status, which algorithm there is used for signing, signer contact information, etc…

greetings

Ludwig




Hi,

Thanks for your suggestion. We are very glad to enhance the feature of digitally signning.

I am not very sure of the certificate validity status. Do you mean to get the CertificationLevel? Can you elaborate it?

Anyway, I will discuss your requirements with our developers to see if that could be supported in short time or not and let you know in this thread.

Thanks,

Hello,

It would be nice to have something to check for in code for the status of the certificate like is showed in the attached document. We have to process a lot of pdf files that are singed with a certificate and we only want the trusted certificates to be stored and also know who the document has singed.

maybe you can check http://www.globaltrustfinder.com/PDFSignatureVerificationStep1.aspx
and press the button “verify”, so you know what I mean. It would be a nice feature in the aspose components to have.



Hello Ghislain,

Thank you for your advice for aspose products.

We have investigated the requirements carefully and we can add such functions as below:

1.verifying if the certificates are trusted

2.getting the contact information of signatures

3.getting the algorithm of signatures

4.getting the common information of certificates.

I have logged it as PDFKITNET-6550 and We plan to finish this task whthin two weeks.

Hello,

I have a question about the first item: verifying the certificates are trusted. Do you mean something like: check with the public key if the certificate is trusted?

Maybe I can also explain a little why I’m asking those features. I’m working at Volvo Cars Gent where they want to store PDF invoices in an electronic archive database. There are some requirements from the Belgium government (like asked in the previous message) and we are looking for a component who can anwser those requirements.

Thank you for implementing those features in the aspose components, they will be very useful.

Hello,

As you say in the post, we plan to verify the certificates as below:

Checking whether the private key of certificate used for signature corresponds to the public key of certificates stored in your machine(these certificates are trusted).

For example, as for.Net version, we plan to design the following interface:

VerifyCertifactes(string signtureName,X509Store cerStore).

If you hava any advice, please let me know. Thank you!

Hello,

At our company we don’t want to store / install the certificates on the server machine.
We want to use the public key only to verify the signed pdf file. From all the customers/suppliers that deliver a electronic invoice in pdf file we don’t have the certificate.

Is it possible to create a 2nd method where we can use the public key to verify the signature on the pdf?

I think in other cases the method you describe can be useful too.



Hello,

In fact, the function VerifySigned(string signName) in PdfFileSignature uses public key to verify the signature on the pdf. You can try this method again and if you have any questions, please don't hesitate to inform me.

Hi,

Some clarification. our purpose is to store the public key of our suppliers & customers in a datastore. When we receive electronic invoices we must verify the files with the public key. The public key will be a byte array. I think the name of the certificate isn't enough. Is this possible ?

Regards,

Hello,

Now I have understood your reqirement, I think it is possible but we need some time to support this function.

Hello, are there already some results for this issue?

Regards

Wim De Vriendt
Volvo Cars Gent

Hi,

I am pleased to inform you that the issue has been resolved and I’ve contacted the development team to share the information, regarding the time, when the hotfix can be shared with you.

Hello,

In the new version of Aspose.Pdf.Kit for Net, we add a interface :VerifySignature(String signName, String xmlPublicKeyFile) in PdfFileSignature to support verifing signature using the public key. the xml public key file can be generated by RSACryptoServiceProvider in .Net,or it can be generated by other tools only if its' format is the same as generated by .Net.