Invalid Signature (internal cryptographic library 0x2726) when viewed the sign pdf

[Ford49]

This warning give me while signing pdf documents
ATTENTION: The pdf has been modified after at least a signature!
Please help me Sir

[damianofalcioni]

try to check for problems with the internal diagnostic utils:
Right click in the tray icon and press the "Check Problems" button. Maybe a conflicting bouncy castle library is in the java classpath.
If not try to use a different Java version like the Java6

[Ford49]

Sir there is no conflict with the library and i have change to java 6 but the same problem occurs

[damianofalcioni]

You can try recompiling commenting that line: SignEngine.java L165
This will skip the generated signature verification process. After you can check with another tool if the signature is correct or not. If is correct then there is an error in the verification process. If is not correct there is a problem in the signature process.

[Ford49]

It still gives me invalid signature
First Error encountered:
1)Impossible to perform a valid signature with the following certificate and libraries
Certificate: 'CN=XXXX, SERIALNUMBER=XXXX, ST=XXX, OID.2.5.4.17=XXXX, OU="XXXX,CID - XXX", OID.2.5.4.20=XXX, O=XX, C=XXX'
Libraries:
C:\WINDOWS\System32\SignatureP11.dll
2)I comment the exception line error 1 and I return certData it then give me the following error
ATTENTION: The pdf has been modified after at least a signature!
of course I can save the signed pdf but it was invalid
3)I have skipped the verification process still gives me invalid signature
:(

[damianofalcioni]

So the problem was not in the verification but in the certificate used for the signature!
You need to debug this function SignEngine.java#L181 and try to understand why your certificate is not recognized as valid for signature.
Probably your card did not support SHA256WithRSA but have a look at the debug and the catch clause.

[Ford49]

Yes Probably
Sir,Is there any other alternatives sir that could make this work?

[damianofalcioni]

Yes of course.
You just have to change the code trying different signature methods in order to find the one supported by your card. You may also need to use another digestOIDToUse parameter.
Good luck and do a pull request in case of success!

[Ford49]

Sir, I Want this software to work perfectly and i couldn't solve it I want to enquire if you could do it for me and how much would it cost? Thank you

…

On Tue, 9 Jul 2019 at 18:38, Damiano Falcioni ***@***.***> wrote: Closed #8 <#8>. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#8?email_source=notifications&email_token=AMRCAZNPGB43UWR4JITQQ5DP6SEUTA5CNFSM4H6KFYZ2YY3PNVWWK3TUL52HS4DFWZEXG43VMVCXMZLOORHG65DJMZUWGYLUNFXW5KTDN5WW2ZLOORPWSZGOSMXJSJI#event-2469304613>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AMRCAZMY45ZGHT3NH6I2MDDP6SEUTANCNFSM4H6KFYZQ> .

[damianofalcioni]

Hi,
sorry but this is not possible. The software is provided "as is" without warranty as it is open sourced under GNU Affero license. I did not provide commercial support.
Anyway as already said the solution to your problem is really simple. You have to use SHA1WithRSA instead of the current SHA256WithRSA signature method, so replace all this strings. Also change all the CMSSignedDataGenerator.DIGEST_SHA256 to CMSSignedDataGenerator.DIGEST_SHA1 and it should work!

[damianofalcioni]

Sorry, wrong suggestion. It is more convenient for you to uncomment the main method in SmartCardAccessJnaImpl.java (change the DLL path and provide the PIN as second argument of the cardManager.login function), execute it and check if also here the signature is invalid. Then debug from this point.

[Ford49]

This display when i execute java.lang.IndexOutOfBoundsException: Index: 1, Size: 1 at java.util.ArrayList.rangeCheck(Unknown Source) at java.util.ArrayList.get(Unknown Source)

…

On Thu, 18 Jul 2019 at 14:46, Damiano Falcioni ***@***.***> wrote: Sorry, wrong suggestion. It is more convenient for you to uncomment the main method in SmartCardAccessJnaImpl.java, execute it (remember first to provide your pin as second argument of the cardManager.login function) and check if also here the signature is invalid. Then debug from this point. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#8?email_source=notifications&email_token=AMRCAZMLASGGGBQYMEFELVDQAAYFPA5CNFSM4H6KFYZ2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2H3PWI#issuecomment-512735193>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AMRCAZMSEQFCTXSLYGDSASDQAAYFPANCNFSM4H6KFYZQ> .