Stephan wrote
Now according to the standard, do you know which version is the correct
one?
According to ITU-T recomendations on ASN.1 distinguished encoding rules
(DER) of set components:/The encodings of the component values of a set
value shall appear in an order determined by their
Hi Michael
Thanks a lot for your efforts. That explains why the signature can be
successfully verified in iTextSharp, since the Sort method isn't called
in the C# version of BouncyCastle. If I prevent BouncyCastle (Java,
custom build) from sorting the set, the signature passes verification as
Michael
I have absolutely no control over the certificates neither the signature
workflow. Certificates are provided by the largest Swiss telecom
provider (Swisscom), and the signed documents are generated and signed
by another official government organization.
What bothers me is the point
Michael,
Thanks for the clarification. I can try to figure out what application
is used to create the signed PDFs but since there are already 10'000
PDFs archived, I guess that I have to prepare for both cases (old PDFs
with the signed attribute problem and possible new ones if they decide
to
Indeed, signed attribute /signing-certificate/ is incorrectly constructed.
Despite that, the integrity of signature is correct and validation should
pass. Besides, this attribute is specified in CAdES, while PDF signature
dictionary /SubFilter has adbe.pkcs7.detached value, thus conformance to
Make sure that you are using BouncyCastle 1.49. There was a problem
with 1.48 with some certificates.
Paulo
On Thu, Jul 4, 2013 at 5:40 PM, Stephan Wagner (calac)
stephan.wag...@calac.net wrote:
Hi, first of all I'm not what one calls a digital signature expert but I'm
wondering if somebody
Hi Paulo
Thanks a lot for the tip. I tried it but it didn't change the behavior
even when using the BouncyCastle 1.49. verify() still returns false.
Regards
Stephan
On 04.07.2013 19:17, Paulo Soares wrote:
Make sure that you are using BouncyCastle 1.49. There was a problem
with 1.48 with