Hi Michael Thanks a lot for your efforts. That explains why the signature can be successfully verified in iTextSharp, since the Sort method isn't called in the C# version of BouncyCastle. If I prevent BouncyCastle (Java, custom build) from sorting the set, the signature passes verification as expected.
Now I'm not exactly sure how to further handle this problem. As far as I can see, the isSorted variable in the ASN1Set is always false (private member). The toDERObject of the ASN1Set sorts the items and that leads to the verification problem. Even if the constructor receives the doSort parameter as false, the Set is being sorted by the toDERObject method, and that might wrong. From my point of view, if the ASN1Set receives false as doSort parameter (Constructor), this should be taken into account in the toDERObject Method of the ASN1Set But since it's my first step with both libraries (iText and BouncyCastle) I might be wrong. Regards Stephan On 09.07.2013 11:55, mkl wrote: > Stephan, > > Stephan Wagner (calac) wrote >> The call that fails is when the digest is verified in the verify() >> method of PdfPKCS7 class: >> >> boolean sigVerify = sig.verify(digest); > The cause is interesting. Only a little bit before that failing line the > signed attributes are considered by the signature: > > sig.update(sigAttr); > > These sigAttr are retrieved from the signature container in a somewhat > mangled way in the PdfPkcs7 constructor: > > ASN1TaggedObject tagsig = > (ASN1TaggedObject)signerInfo.getObjectAt(next); > ASN1Set sseq = ASN1Set.getInstance(tagsig, false); > sigAttr = sseq.getEncoded(ASN1Encoding.DER); > > And at least in the case of your signature, > sseq.getEncoded(ASN1Encoding.DER) SORTS the contents of the set before > DER-encoding. (It uses DEROutputStream which in turn calls the toDERObject > method of the set which (because the Sorted-attribute of the set is false) > sorts it. > > This sorting indeed does change the order of the set: Originally the > SigningCertificate was first, after sorting it is last. And this obviously > breaks the signature. > > But why does sorting change the order? The signed attributes (being a DER > encoded SET, cf. RFC 5652) should have been sorted to start with! > > Thus, either the signed attributes of your signature are not correctly > sorted (in which case your signature is broken) or BouncyCastle's sorting > routine ASN1Set.sort is broken... > > As I'm not that knowledgeable concerning ASN.1 encoding details, I don't > dare tell whether it's your signature or BouncyCastle. But wouldn't such an > error in BC have been found long ago? Unless there were recent changes in > that BC method, that is... > > Regards, Michael > > PS: looking at the initial bytes of the signed attributes set contents in > your signature (30 81 B3 ..., 30 1C ..., 30 18 ..., and 30 23 ...) and > comparing to the BC-sorted order (30 18 ..., 30 1C ..., 30 23 ..., and 30 81 > B3 ...) I am very much tempted to say that BC is right and your signature's > signed attributes are unsorted, i.e. not DER encoded, and, therefore, > broken. > > > > -- > View this message in context: > http://itext-general.2136553.n4.nabble.com/Signed-PDF-fails-to-verify-in-iText-Java-but-succeeds-in-iTextSharp-and-Acrobat-Reader-tp4658692p4658707.html > Sent from the iText - General mailing list archive at Nabble.com. > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > iText-questions mailing list > iText-questions@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/itext-questions > > iText(R) is a registered trademark of 1T3XT BVBA. > Many questions posted to this list can (and will) be answered with a > reference to the iText book: http://www.itextpdf.com/book/ > Please check the keywords list before you ask for examples: > http://itextpdf.com/themes/keywords.php ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
