search

vbuch / node-signpdf

Simple signing of PDFs in node.
MIT License
676 stars 174 forks source link

PKCS#12 MAC could not be verified. Invalid password? #242

Closed sibutorovic closed 3 months ago

sibutorovic commented 3 months ago

Describe the bug and the expected behaviour signer.sign is returning PKCS#12 MAC could not be verified. Invalid password? error when trying to sign with the correct passphrase

Is it a bug in signing or in the helpers? Signing

To Reproduce Below is the code that generates this error. Used the same code to sign a PDF with a passphrase-less certificate and had no problem but when switching to a certificate with passphrase it starts to fail. Important: the certificate i am using is expired, I don't know if that is relevant.

let resolved = path.resolve(process.env.LAMBDA_TASK_ROOT, "certificate2.p12")
  var certificateBuffer = fs.readFileSync(resolved, function (err, data) {
      if (err) throw err;
  });
  var signer = new P12Signer.P12Signer(certificateBuffer);

  pdflibAddPlaceholder.pdflibAddPlaceholder({
    pdfDoc: pdfDoc,
    reason: 'The user is declaring consent through JavaScript.',
    contactInfo: 'signpdf@example.com',
    name: 'John Doe',
    location: 'Free Text Str., Free World',
  });

  const pdfBytes = await pdfDoc.save()
  let signedPdfBytes = await signpdf.default.sign(pdfBytes, signer, { passphrase: 'correct_pass' })
sibutorovic commented 3 months ago

Solved. For anyone with the same issue you need to pass the passphrase in the signer constructor instead of the sign method like this:

var signer = new P12Signer.P12Signer(certificateBuffer, { passphrase: 'correct_pass' });