How to compute PDF signature hash?
This question is related to this one, but a bit more specific. I am suspecting I am not computing the hash of my pdf properly.
I would like to compute the SHA256 hash o
-
In short
You try to extract the wrong hash value from the signature container.
In detail
I didn't recognize this earlier because I'm not really an openssl expert. Analyzing the example PDF, though, the cause of the confusion became clear.
In a PKCS#7 / CMS signature container there usually are (at least) two hash values of interest:
- the hash value of the signed document data in the
messageDigestsigned attribute and - the hash value of the signed attributes (in case of the old RSA signing scheme) in the encrypted signature bytes.
The
messageDigestsigned attribute in the signature container in your example document looks like this (appearances might differ if you asn1-dump in openssl but the value should be recognizable nonetheless):5306 47: . . . . . . SEQUENCE { <06 09> 5308 9: . . . . . . . OBJECT IDENTIFIER messageDigest (1 2 840 113549 1 9 4) : . . . . . . . . (PKCS #9) <31 22> 5319 34: . . . . . . . SET { <04 20> 5321 32: . . . . . . . . OCTET STRING : . . . . . . . . . 04 B6 9F 55 F1 2F A5 CC ...U./.. : . . . . . . . . . 79 23 F4 30 71 54 F2 70 y#.0qT.p : . . . . . . . . . 2E FD E4 3B 32 E4 A8 D9 ...;2... : . . . . . . . . . DB B0 50 7A 56 FC EC D3 : . . . . . . . . } : . . . . . . . } : . . . . . . }As you can recognize, this attribute contains the hash value you calculated.
You on the other hand try to extract the signed hash value from the decrypted signature bytes which is not the hash of the document but instead the hash of the signed attributes!
Additionally something appears to go wrong in that extraction step, the value you should retrieve is
AB86B27177E388A1EE69A5C7479D74621E84473E0CAB5C647471B724FEFCE826and not the
2a3f629f7bdce750321da7f219ec5759dc9ed14818acbd3cd0b6092d5371c03ayou got.
讨论(0) - the hash value of the signed document data in the
加载中...
- 热议问题