Also I would not recommend SHA1.
On Sun, Jan 13, 2019 at 8:58 PM Michal Sudolsky <[email protected]> wrote: > Hi, > > From attached cpp file: > > ``` > > unsigned char* p7Buf = (unsigned char*) malloc(p7Len); > > unsigned char *p; > > p=p7Buf; > > if (p7Buf != NULL) { > > int len = i2d_PKCS7(p7, &p); > > printf("%i", len); > > std::cout << "p7Buf filled"; > > } > > PKCS7_free(p7); > > //std::cout << "buffer value"<<p7Buf<< std::endl; > > printf("%x\n", *p); > return (char *) p; > ``` > > 1. Function i2d_PKCS7 returns DER bytes which can contain null bytes so it > cannot be treated as C++ null terminated string here "PdfData > sigData(ossl->signature());". You will need also length returned from > i2d_PKCS7 and call different constructor "PdfData sigData(signature_data, > signature_len);". > > 2. From docs about i2d_PKCS7 " > https://www.openssl.org/docs/man1.1.0/crypto/i2d_PKCS7.html": "i2d_TYPE() > encodes the structure pointed to by a into DER format. If ppout is not > NULL, it writes the DER encoded data to the buffer at *ppout, and > increments it to point after the data just written.". So p which is here > returned will actually point at the end of DER bytes. Maybe better would be > to return p7Buf from function "signature". > > There can be other problems and there are memory leaks. > > You can look at stackoverflow or some open source code how to properly use > it. > > Look at "PKCS7_sign" (after is pkcs7 done you can use i2d_PKCS7 instead of > BIO): > https://github.com/openssl/openssl/blob/master/crypto/pkcs7/pk7_smime.c > https://github.com/openssl/openssl/blob/master/apps/smime.c > > I see that your code is "similar" to this " > https://gist.github.com/diorahman/d91fd79c939e2bd3ee89";. > > You can use i2d_PKCS7 in this way (you do not need to allocate memory, let > openssl do it and call it only once): > > ``` > unsigned char *signature = NULL; > int len = i2d_PKCS7(p7, &signature); > > PdfData sigData(signature, len); // PdfData will copy it > > OPENSSL_free(signature); > PKCS7_free(p7); > > // use sigData > ``` > > On Sun, Jan 13, 2019 at 7:09 PM Susheela S <[email protected]> wrote: > >> Hi, >> >> I have tried to sign PDF document using latest version of PoDoFo 0.9.6 >> and openssl has been used for reading the certificate. I have attached the >> .ccp file which has the code. The PDF file get created, but when it shows >> "invalid signature' on mouse over the signature field. "Error encountered >> while BER decoding:Error during signature verification" is shown on >> clicking the signature in the PDF document. >> >> Can you please help me to fix this issue? >> >> I have also attached PDF created with signature from the attached code. >> >> >> Thanks, >> Susheela >> _______________________________________________ >> Podofo-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/podofo-users >> >
_______________________________________________ Podofo-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/podofo-users
