I'm trying to sign the document from an external remote service. The signing process is happening in two phases. The remote service is expecting the base64 encoded hash in the first phase and issuing a token after the authentication and in the second phase, we're passing the same hash again with the received token and getting the base64 signed hash. I'm attaching the incorrectly signed document here. document
If someone can analyze it and guide me to evaluate the cause behind the invalid signature. I'm using iText7 for performing pdf related operations.
Updated
I've made some corrections as per the feedback. The document is getting altered now. Altered Document
This section focusses on the original example file, document - 2021-05-01T170114.722.pdf.
There are two apparent issues in the PDF. As you don't share your pivotal code, I can only guess about the cause.
The 111794 bytes long file you shared actually is a concatenation of two PDFs, first a PDF prepared for signing with only 00s in the signature container placeholder, and then the same file with something else in there. Each of the two PDFs is exactly 55897 bytes long.
A typical cause for this is using a file stream for output that was opened with file mode Append instead of Create, probably in combination with using the same file as input and output.
You created a signature with subfilter adbe.pkcs7.detached. This implies that the data to embed in the signature placeholder must be a CMS signature container (CMS is the successor of PKCS#7). In your signed file, though, there only is a naked signature value, no signature container.
A typical cause for this is using an IExternalSignatureContainer implementation during signing (usually in context with PdfSigner.signDeferred or PdfSigner.signExternalContainer) whose sign method incorrectly returns a naked signature value, not a signature container.
The use case you describe, i.e. usage of a signing service that expects a hash and returns a signed hash, sounds like your service indeed returns merely a naked signature value, no signature container.
In general that is a typical situation in which one does not use deferred signing but instead uses PdfSigner.signDetached with an IExternalSignature implementation whose sign method first hashes its argument byte array, then communicates the hash value to the service and retrieves a signed hash, and finally returns that signed hash.
This section focusses on the example file from your first update, document - 2021-05-03T200650.926.pdf.
As you said you made corrections to fix the issues listed above for your first file. The issues to be found in your second file are in details. Nonetheless, you still do not share your pivotal code, so I can still only guess about the causes of the issues.
messageDigest Attribute ValueIn your signature you use the SHA256 hashing algorithm.
The messageDigest signed attribute has this value:
80FE8AC2DE959A2C791A72A68176EB312D77BD201F8D07CD5A42CC9A4370AAFB
but this doesn't match the hash of the signed bytes of the PDF which is
83134B9C1C7CAE9E4FB0A1FCB37A30A6783F81AF70F6EF4B68865E83C2E11717
Apparently you either have an error in your hash calculation routine or you simply hash the wrong data. As you don't show your code, I cannot tell what you do wrong.
Your signature bytes sign the hash value
80FE8AC2DE959A2C791A72A68176EB312D77BD201F8D07CD5A42CC9A4370AAFB
but this doesn't match the hash of the signed attributes which is
9C0D3D2249E69AFA1078F03159332C439B8407A526CBA77C9E9B2701A7EE8131
Apparently you either have an error in your hash calculation routine or you simply hash the wrong data. As you don't show your code, I cannot tell what you do wrong.
The only thing apparent is that you claim the same hash value in both cases. But it is extremely unplausible that those hashes coincide.