Hi Michal, Thank you very much for your response.
Yes, initially I tried different approach using OpenSSL but had issues, so while I was searching for solution I found the signing code from the link mentioned by you (https://gist.github.com/diorahman/d91fd79c939e2bd3ee89). I forgot to mention the link in my mail. sorry! about that. Thanks, Susheela On Mon, Jan 14, 2019 at 1:40 AM Michal Sudolsky <sudols...@gmail.com> wrote: > Also I would not recommend SHA1. > > > On Sun, Jan 13, 2019 at 8:58 PM Michal Sudolsky <sudols...@gmail.com> > wrote: > >> Hi, >> >> From attached cpp file: >> >> ``` >> >> unsigned char* p7Buf = (unsigned char*) malloc(p7Len); >> >> unsigned char *p; >> >> p=p7Buf; >> >> if (p7Buf != NULL) { >> >> int len = i2d_PKCS7(p7, &p); >> >> printf("%i", len); >> >> std::cout << "p7Buf filled"; >> >> } >> >> PKCS7_free(p7); >> >> //std::cout << "buffer value"<<p7Buf<< std::endl; >> >> printf("%x\n", *p); >> return (char *) p; >> ``` >> >> 1. Function i2d_PKCS7 returns DER bytes which can contain null bytes so >> it cannot be treated as C++ null terminated string here "PdfData >> sigData(ossl->signature());". You will need also length returned from >> i2d_PKCS7 and call different constructor "PdfData >> sigData(signature_data, signature_len);". >> >> 2. From docs about i2d_PKCS7 " >> https://www.openssl.org/docs/man1.1.0/crypto/i2d_PKCS7.html": >> "i2d_TYPE() encodes the structure pointed to by a into DER format. If ppout >> is not NULL, it writes the DER encoded data to the buffer at *ppout, and >> increments it to point after the data just written.". So p which is here >> returned will actually point at the end of DER bytes. Maybe better would be >> to return p7Buf from function "signature". >> >> There can be other problems and there are memory leaks. >> >> You can look at stackoverflow or some open source code how to properly >> use it. >> >> Look at "PKCS7_sign" (after is pkcs7 done you can use i2d_PKCS7 instead >> of BIO): >> https://github.com/openssl/openssl/blob/master/crypto/pkcs7/pk7_smime.c >> https://github.com/openssl/openssl/blob/master/apps/smime.c >> >> I see that your code is "similar" to this " >> https://gist.github.com/diorahman/d91fd79c939e2bd3ee89". >> >> You can use i2d_PKCS7 in this way (you do not need to allocate memory, >> let openssl do it and call it only once): >> >> ``` >> unsigned char *signature = NULL; >> int len = i2d_PKCS7(p7, &signature); >> >> PdfData sigData(signature, len); // PdfData will copy it >> >> OPENSSL_free(signature); >> PKCS7_free(p7); >> >> // use sigData >> ``` >> >> On Sun, Jan 13, 2019 at 7:09 PM Susheela S <susheela...@gmail.com> wrote: >> >>> Hi, >>> >>> I have tried to sign PDF document using latest version of PoDoFo 0.9.6 >>> and openssl has been used for reading the certificate. I have attached the >>> .ccp file which has the code. The PDF file get created, but when it shows >>> "invalid signature' on mouse over the signature field. "Error encountered >>> while BER decoding:Error during signature verification" is shown on >>> clicking the signature in the PDF document. >>> >>> Can you please help me to fix this issue? >>> >>> I have also attached PDF created with signature from the attached code. >>> >>> >>> Thanks, >>> Susheela >>> _______________________________________________ >>> Podofo-users mailing list >>> Podofo-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/podofo-users >>> >>
_______________________________________________ Podofo-users mailing list Podofo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/podofo-users