Validating a signed PDF in PHP

Question

Validating a signed PDF in PHP

I have a signed PDF. It was signed using TCPDF. Now I want to check it out. This is my decision:

Get signed pdf content.
Get the original contents and base of the character values in the / ByRange field.
Get the encrypted digest message from the signature value. This is the octet string at the end of the signature value.
Use the Openssl_public_decrypt () function to decrypt the encrypted digest message using the public key. Then we have a line that has a prefix ("3021300906052b0e03021a05000414"). This prefix denotes the SHA-1 hash function used. After removing the prefix, we get the digest message D1.
Use the SHA1 () function for the original contents of the hash, we get a D2 message for digests.
Compare D1 with D2. If D1 = D2, then the signature is valid and vice versa.

My problem is the last step, when I compare D1 with D2, they are not equal. I do not know why. Thanks for any help.

+4

php tcpdf signature sign

xuanhai266 Apr 12 '14 at 9:49

source share

1 answer

Hardik vyas · Answer 1 · 2014-04-12T14:03:49+0000

You should try based on following example
<?php
// $data and $signature are assumed to contain the data and the signature

// fetch public key from certificate and ready it
$pubkeyid = openssl_pkey_get_public("file://src/openssl-0.9.6/demos/sign/cert.pem");

// state whether signature is okay or not
$ok = openssl_verify($data, $signature, $pubkeyid);
if ($ok == 1) {
    echo "good";
} elseif ($ok == 0) {
    echo "bad";
} else {
    echo "ugly, error checking signature";
}
// free the key from memory
openssl_free_key($pubkeyid);
?>
more Examples ad explanation
 http://www.php.net/manual/en/function.openssl-verify.php

Validating a signed PDF in PHP

More articles: