EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElPDFDocument.SignAndEncrypt

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#26768
Posted: 10/09/2013 08:37:21
by Petr Kykal (Standard support level)
Joined: 04/10/2013
Posts: 18

Hi,

I am currently using SignAndEncrypt method in Java applet to sign and encrypt PDF document. The signature is PAdES-T and encryption is done using public key. All works correctly.

Is it possible to verify the signature without decryption of the document?

If not and the signature is encrypted inside the document, is there any other way to do it in opposite order? First Encrypt, then add PAdES-T signature? The goal is ability to verify signature without decryption of the document.
#26769
Posted: 10/09/2013 10:20:44
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

No, it is not possible.
By standard, the signature signs the encrypted document, but fields in the signature are encrypted. So to verify the signature you need to specify decryption information.
#26770
Posted: 10/10/2013 00:35:25
by Petr Kykal (Standard support level)
Joined: 04/10/2013
Posts: 18

Thank you for your answer.

The information that the signature signs the encrypted document is sufficient for me.
#27394
Posted: 11/26/2013 09:48:30
by Petr Kykal (Standard support level)
Joined: 04/10/2013
Posts: 18

I want to ask another question to this topic. I am now in proccess of validation.
If I use SignAndEcrypt()and use Decrypt() in the future, the document is decrypted, but the validation says, that the signature is corrupted.

When I try to open the encrypted document using Adobe Reader and I have the private key for decryption installed in windows storage, it opens the document with "(SECURED)" annotation and the signature is valid.

Quote
By standard, the signature signs the encrypted document, but fields in the signature are encrypted.

Does that mean, that a decryption proccess corrupts the signature? So I must validate the signature only on the encrypted using providing SecurityHandler during verification and when I decrypt and store the document I will loose the signature data?
#27404
Posted: 11/26/2013 11:31:13
by Dmytro Bogatskyy (EldoS Corp.)

Hello,

Please take a look into PDFBlackbox\Processor sample, it should be able to verify signatures in such documents.
Quote
If I use SignAndEcrypt()and use Decrypt() in the future, the document is decrypted, but the validation says, that the signature is corrupted.

Did you validate signature immediately after decryption or you save a decrypted document first?
Quote
Does that mean, that a decryption proccess corrupts the signature? So I must validate the signature only on the encrypted using providing SecurityHandler during verification and when I decrypt and store the document I will loose the signature data?

The decryption is necessary to validate the signature, but the signature validation is performed over encrypted document. So, if you save the decrypted document then the signature becomes invalid.
#27434
Posted: 11/27/2013 04:32:29
by Petr Kykal (Standard support level)
Joined: 04/10/2013
Posts: 18

Thank you for your answer.

I have to use modified Processor example because of using PAdES, but it works.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 548 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!