Closed andres-blanco closed 4 years ago
Just commented on your issue in forge. Also take a look at what I've written here https://github.com/vbuch/node-signpdf/issues/32#issuecomment-530269128
Hey, i found the correct way to sign the pdf content, you can see this answer.
@vbuch how do you suggest to test this? There is this library that emulates a hardware token, do you think I should include this lib in the resources dir?
Great! I wouldn't include a whole library for automated testing. I would make it work for me (with a hardware token or with an emulated software one as proposed) and once I have the flow satisfactory for me, I would mock the library and hardcode stubs. But this is me. If you have a better approach, it would be welcome.
hi @andres-blanco
Do you have any idea how to use your example with fortify app to return the signature. thanks, I used it with graphene and it worked great.
I have this with fortify, but the signature in invalid in the pdf:
var provider = await ws.getCrypto($$('providers').getValue()) var signer = {} signer.sign = await new Promise(resolve => { resolve(async (md, algo) => { // https://stackoverflow.com/a/47106124 var prefix = Buffer.from([ 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 ]) var buf = Buffer.concat([prefix, Buffer.from(md.digest().toHex(), 'hex')])
var sigmd = await provider.subtle.sign('RSASSA-PKCS1-V1_5', key, buf)
var pvt = pvtsutils.Convert.ToBinary(sigmd)
return pvt
// return Buffer.from(sigmd).toString('binary') // sigmd.toString('binary')
})
})
links example fortify https://github.com/PeculiarVentures/fortify-examples/blob/gh-pages/example5.html https://peculiarventures.github.io/fortify-examples/example5.html
thanks.!
It's hard to know for me since I am not familiar with fortify. One thing you could try is seeing if avoiding the prefix works. For what is worth, I used this tool to inspect the signature asn1 package: https://lapo.it/asn1js/ I also used https://mupdf.com/index.html (mutool sign) to verify the signatures in the command line in linux. sorry that I cannot help further
My example above can signing pdf . I using node-signpdf, graphene-pk11, pvpkcs11.
This issue has been automatically marked as stale because it has not had activity in the past 90 days. It will be closed if no further activity occurs. Thank you for your contributions.
@andres-blanco Hi Andres, Sorry for wake up this one. I'm also found the issue to use this with PKCS#11 (With HSM) Any recommendation for me to use this for digital signature (Signing PDF).
@andres-blanco Hi Andres, Sorry for wake up this one. I'm also found the issue to use this with PKCS#11 (With HSM) Any recommendation for me to use this for digital signature (Signing PDF).
I made some tests with bittersweet results. I managed to add the digital signature to a pdf and it checked out in adobe pdf reader. When I tried using a signature that was signed with a CA I couldn't do it, the signature was always corrupted. In the end I didn't use it. If you want you can see the code here: https://github.com/SIU-Toba/node-signpdf/tree/feature/pkcs11-token I ended up using pdfbox for java because it's a really mature pdf library
@andres-blanco Hi Andres, Sorry for wake up this one. I'm also found the issue to use this with PKCS#11 (With HSM) Any recommendation for me to use this for digital signature (Signing PDF).
I made some tests with bittersweet results. I managed to add the digital signature to a pdf and it checked out in adobe pdf reader. When I tried using a signature that was signed with a CA I couldn't do it, the signature was always corrupted. In the end I didn't use it. If you want you can see the code here: https://github.com/SIU-Toba/node-signpdf/tree/feature/pkcs11-token I ended up using pdfbox for java because it's a really mature pdf library
@andres-blanco buenos días, tambien estoy buscando una solución para generar y firmar PDFs mediante la lectura de certificados desde una aplicación web NextJS que se conecta al cliente Fortify Local. Me comentas si tenias un problema similiar y de ser asi como lo resolviste. Gracias.
@wil512on did you found out how to adapt this example to use Fortify? I'm not sure how to generate a forge.asn1 from the certificates returned by Fortify.
Hey, I have a branch working with pkcs11 tokens. It's still a WIP but it works. The relevant code is here: https://github.com/SIU-Toba/node-signpdf/blob/feature/pkcs11-token/src/signpdf.js#L137
The problem I have is that the token needs the raw byte buffer to digest and sign. The node-forge lib sends a message digest object as parameter, so I don't have access to the raw bytes. I created this issue in node-forge https://github.com/digitalbazaar/forge/issues/729
Does anybody here knows how can I obtain the raw signable buffer from the message digest sent by node-forge? This is important if you want to use signed attributes.