I'm working on some PDF files and I'm not finding a clear explanation for the questions posted here. On a digitally signed PDF file we have the below temporary signature:
<< /Type /Sig /Filter /Adobe.PPKLite /SubFilter /adbe.pkcs7.detached/ByteRange[O1 L1 O2 L2] /Contents<0000....0000>
O1 = offset 1 (zero)
L1 = Length 1 (Content length before signature)
O2 = offset 2 (L1 + signature length)
L2 = Length 2 (Content length after signature)
I have these questions:
1 - The content to be "hashed" should include "<" and ">" (In the begin and the end of signature placeholder 0000....0000)?
2 - The length of signature is 11742? Does this includes "<" and ">"?
3 - On the ByteRange the second parameter is the length from the beginning of file up to "<" (before signature placeholder 0000....0000) or including it? Same as on previous question, the last parameter on ByteRange does includes the ">" character (at the end of signature placeholder 0000....0000)?
If someone can redirect me to a technical manual regarding this it will be very helpful.
After reading the technical manuals and experimenting with PDF now I have the answers.
1 - The content to be "hashed" should include "<" and ">" (In the begin and the end of signature placeholder 0000....0000)?
No, "<" and ">" and should not be part of the data to be "hashed/signed". After the signing process "<" and ">" should be used as a delimiters for hexadecimal signature. Example: /Contents<3255....0000>
2 - The length of signature is 11742? Does this includes "<" and ">"?
Not necessary. As long this length of "signature placeholder" is longer then signed and timestamped data.
3 - On the ByteRange the second parameter is the length from the beginning of file up to "<" (before signature placeholder 0000....0000) or including it? Same as on previous question, the last parameter on ByteRange does includes the ">" character (at the end of signature placeholder 0000....0000)?
The second parameter is the offset of "<" (before signature placeholder) or, using the same logic, the content length from the beginning of file up to "<" (Without including it)
The last parameter does not include the ">" to calculate the length of the remaining data.
Additional clarification after the comments of mkl (https://stackoverflow.com/users/1729265/mkl)
O2 = offset 2 (L1 + signature length)
O2 = offset 2 = L1 + signature length + 2. This because the placeholder includes "<" and ">"
EXAMPLE:
{100-BYTES-DATA-BEFORE}<0000....0000>{50-BYTES-DATA-AFTER}
Data to be hashed/signed/timestamped
{100-BYTES-DATA-BEFORE} + {50-BYTES-DATA-AFTER}
Signature placeholder = 11742 Bytes (11742 zeros)
ByteRange[O 100 11844 50]
After data sign and/or timestamp:
{100-BYTES-DATA-BEFORE} + < + 4321....0000 + > + {50-BYTES-DATA-AFTER}