I have a smart card reader. I want to sign a pdf with it. I almost succedded but i get an error when i open pdf in acrobat reader:
Signed by DENİZ KASAR
"Document has been altered or corrupted since it was signed"
Here is my certs, raw and final pdf.
toBeSignedSTR
BF080D04029AB900082C6DC1E1E21E947C5B61F57BD91B974138657DBA7FFDB0
signedDataSTR
7FC9509A4A025B4B92A61464F94D5C3DA1EC66AF7C4D0E6C96436DCDDF46E415CDD220B817CFCAD06F47E2C7F3CF724EC018519D783D93B5A7478533C3C7D1992DE36E7FFDC586DBE9A30987098587354623B12A915A6CAE49585E0DE8C67FC4E06AD760EFF37E06C6C2CD81617B06AE60CFD3547C512A2D47D71F818D64F72405A681E6FAC3FC74346E313A5F7DA343FAF202108786CA6070A185BA711B41DA9D4AA13D6024BC697422D3298B78B5500A18BDC8DAFAD907DE42F997F2B244337904E5D63D40FF36D7266BC3D5169F9CBC63295EFC5B65951194FD6ED6AED5CCDD0818D3D7D86C29C14090BB31BFD8B273A546EDC19319A6757381D482A97EB8
private void button2_Click(object sender, EventArgs e)
{
string rawPDF = System.IO.Path.Combine(Application.StartupPath, "files", "pdf_raw.pdf");
string tempPDF = System.IO.Path.Combine(Application.StartupPath, "files", "pdf_temp.pdf");
string finalPDF = System.IO.Path.Combine(Application.StartupPath, "files", "pdf_signed.pdf");
var chain = tckk_api_basic_samples.pcsc.CertValidation.GetChain();
var dotNetCert = tckk_api_basic_samples.pcsc.CertValidation.GetSigningCert();
var x509cert = new myalias.Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(dotNetCert.GetRawCertData());
var sgn = new PdfPKCS7(null, chain, "SHA256", false);
var toBeSigned = CreatePDF(rawPDF, tempPDF, chain, x509cert);// return DigestAlgorithms.Digest(sap.GetRangeStream(), "SHA256");
var att = sgn.getAuthenticatedAttributeBytes(toBeSigned, null, null, CryptoStandard.CMS);//77bytes
//SIGNING func
var signedData = tckk_api_basic_samples.pcsc.Sign_Validate.Sign(att, "578310");//256bytes
sgn.SetExternalDigest(signedData, null, "RSA");
byte[] encodedSignature = sgn.GetEncodedPKCS7(att, null, null, null, CryptoStandard.CMS);
EmbedSignature2(tempPDF, finalPDF, encodedSignature);
Process.Start(finalPDF);
}
public static myalias::Org.BouncyCastle.X509.X509Certificate[] GetChain()
{
IServiceContainer4All serviceContainer = new TCKKServiceContainer(1);
X509Certificate certificate = serviceContainer.GetCertificateService().GetKimlikDogrulamaCertificate();
X509Chain x509chain = new X509Chain();
x509chain.ChainPolicy.RevocationMode = X509RevocationMode.NoCheck;
X509Certificate2 rootCert = new X509Certificate2(Resources.kokshs_t2);
X509Certificate2 intermediateCert = new X509Certificate2(Resources.kyshs_t2);
X509Certificate2 clientCert = new X509Certificate2(certificate);
x509chain.ChainPolicy.ExtraStore.Add(rootCert);
x509chain.ChainPolicy.ExtraStore.Add(intermediateCert);
if (x509chain.Build(clientCert))
{
var chain = new List<:org.bouncycastle.x509.x509certificate>();
foreach (X509ChainElement x509ChainElement in x509chain.ChainElements)
chain.Add(myalias::Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(x509ChainElement.Certificate));
return chain.ToArray();
}
else
return null;
}
private byte[] CreatePDF(string rawPDF, string tempPDF, myalias.Org.BouncyCastle.X509.X509Certificate cert)
{
byte[] toBeSigned = null;
using (PdfReader pdfReader = new PdfReader(rawPDF))
{
using (FileStream signedPdf = new FileStream(tempPDF, FileMode.Create))
{
PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, signedPdf, '\0');
PdfSignatureAppearance sap = pdfStamper.SignatureAppearance;
sap.SetVisibleSignature(new myalias.iTextSharp.text.Rectangle(36, 748, 250, 400), 1, "SIG");
sap.Reason = "MyRes";
sap.Location = "MyLoc";
sap.Certificate = cert;
IExternalSignatureContainer external = new ExternalBlankSignatureContainer(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_DETACHED);
MakeSignature.SignExternalContainer(sap, external, 8192);
toBeSigned = DigestAlgorithms.Digest(sap.GetRangeStream(), "SHA256");
}
}
return toBeSigned;
}
void EmbedSig(string tempPDF, string finalPDF, byte[] sign)
{
using (PdfReader reader = new PdfReader(tempPDF))
{
using (FileStream os = new FileStream(finalPDF, FileMode.Create))
{
IExternalSignatureContainer external = new MyExternalSignatureContainer(sign);
MakeSignature.SignDeferred(reader, "SIG", os, external);
}
}
}
class MyExternalSignatureContainer : IExternalSignatureContainer
{
byte[] sig = null;
public MyExternalSignatureContainer(byte[] sig)
{
this.sig = sig;
}
public void ModifySigningDictionary(myalias.iTextSharp.text.pdf.PdfDictionary signDic)
{
throw new NotImplementedException();
}
public byte[] Sign(Stream data)
{
return this.sig;
}
}