Invalid signature on Adobe Reader: "signer's identity has not yet been verified" #111

[dody87]

I've tried with several p12 certificates and when I sign via my Nodejs approach it returns an invalid signature on Adobe.

However, signing just with Adobe the signature seems to be valid (just with a warning).

` "use strict" const sign = require('pdf-signer') const fs = require('fs')

const init = async () => {
    const p12Buffer = fs.readFileSync(`./cert_salta.p12`)
    const pdfBuffer = fs.readFileSync(`./test.pdf`)

    const signedPdf = await sign.sign(pdfBuffer, p12Buffer, 'reingenio', {
        reason: '1',
        email: 'rodrigo.ruizdiaz@reingenio.com.ar',
        location: 'Salta, ARS',
        signerName: 'Rodrigo Ruiz Diaz',
        shouldAnnotationAppearOnFirstPage: false,
        annotationAppearanceOptions: {
            signatureCoordinates: { left: 0, bottom: 700, right: 190, top: 860 },
            signatureDetails: [
                {
                    value: 'firmado por: Rodrigo Ruiz Diaz',
                    fontSize: 7,
                    transformOptions: { rotate: 0, space: 1, tilt: 0, xPos: 20, yPos: 20 },
                },
                {
                    value: `Fecha: ${new Date().toLocaleDateString()}`,
                    fontSize: 7,
                    transformOptions: { rotate: 0, space: 1, tilt: 0, xPos: 20, yPos: 30 },
                },
            ],
        },
    })

    fs.writeFileSync('./signed.pdf', signedPdf)
}

init()

`

Thanks.

[vizicsaba89]

Hi @dody87!

Thank you for opening the issue.

Is it possible to send us the .p12 certificate for testint purposes?

[dody87]

Hi @dody87!

Thank you for opening the issue.

Is it possible to send us the .p12 certificate for testint purposes?

Thanks to you, sure! I will send you via email.

[vizicsaba89]

@dody87 i think the problem occours when you have a cert with special / utf8 characters (for example OU=Oficina Nacional de Tecnologías de Información).

We're working on it, but in the meantime you can try to create a cert without utf-8 chars in it and use that as a signature.

[dody87]

@dody87 i think the problem occours when you have a cert with special / utf8 characters (for example OU=Oficina Nacional de Tecnologías de Información).

We're working on it, but in the meantime you can try to create a cert without utf-8 chars in it and use that as a signature.

Thanks, Csaba, I will ask them to provide me a new one without these special characters and will back to you with some news.

[dody87]

I've tried with no special characters and it's the same issue.

[bopos]

Hi I have the same problem. Tested with two certificates one with special characters and one without. The certificate with special characteres doesn't work.

Do you have some news ? Thanks

[vizicsaba89]

I think that the node-forge dependency is not handling special chars correctly. Because both of us (me and @pankucsi) have a full time job, we have limited time to investigate problems, and this ones seems to be a more complex one, but we're working on it.

Thank you for your patience folks!

[bernardodesousa]

Hi! I'm having a similar problem. Acrobat says the certificate has "invalid policy constrains". LibreOffice, however, says the document is partially signed, and that the certificate is all good.

No one found a solution yet?

[avisangray]

@dody87 what type of certificate you using? issue might likely be with type of p12 you using.

[dqtkien]

Hi, I had faced with this issue, pls try to downgrade node-forge to exact version 0.10.0.