Verifying PDF Signature in Java using Bouncy Castle and PDFBox

Question

I am trying to verify digitally signed PDF document in Java.

I\'m using Apache PDFBox 2.0.6 to get the signature and the original PDF that was signed, then I\'m using B

Answer 1

In my case there was an error in the code where I set the signature and signedData. I accidentally swappped the values.

So, instead of:

signedData = pdfUtils.getSignature(signedData);
byte[] sig = pdfUtils.getSignedContent(signedData);

It should be:

byte[] sig = pdfUtils.getSignature(signedData);
signedData = pdfUtils.getSignedContent(signedData); 

Now, it's working. The file I was testing it with, was signed using adbe.pkcs7.detached. However, it wouldn't work if other signing methonds were used.

So, thanks to @Tilman Hausherr for pointing me to the ShowSignature.java example. That's how signature verification should be done.

And, also thanks to @mkl for detailed explanation.

I now understand that when a signature is created signature fields are added and hash is calculated from that new value. That's why the verification is working. You don't need the original PDF without the signature fields.