Currently I'm searching for a way to sign a pdf file. All work that builds
the signature part in the pdf file is done. Now I stuck on the signature
part and I'm searching for the right tool for me. Let me explain my problem:
I hava a prepared pdf-file that only includes the data which have to be
signed (the space for the signature content is cutted).
The pdf specifications says this about the (signatur)Content part:
The signature value. When ByteRange is specified (comment: it is!), the
value is a hexadecimal string (see "Hexadecimal Strings" on page 32)
representing the value of the byte range digest. [...]
For public-key signatures, Contents is commonly either a DER-encoded
PKCS#1 binary data object or a DER-encoded PKCS#7 binary data object.
The subfilter I defined in the PDF is: adbe.pkcs7.detached
The pdf specifications says:
When PKCS#7 signatures are used, the value of Contents is a PKCS#7 signature
object. The value of SubFilter can be one of the following:
- adbe.pkcs7.detached: No data is encapsulated in the PKCS#7 signed-data
so my main question is: Can I use OpenSSL to build such a signature object?
I prefer to build it via CLI, cause I use a PHP API for PDF
creation/manipulation. For now I cannot find a solution via CLI... if I
build a smime message and include this signature object into the signature
content, the certificate is ok, but (for sure) the signature is not valid.
Is it possible with OpenSSL-CLI or I'm totaly wrong? I hope I gave enough
informations... if not please tell me and I'll give em!