Check and validate digital signature

07/09/2021 - 308 view

Check and validate digital signature

Digital signature in PDF

Changing the PDF file manually will damage the user's file. Although PDF is not a format for word processing, document editing and is not recommended to do so, it is still possible to change the content of the file. So putting digital signature on PDF file is necessary.

A digitally signed file

The image above shows a digitally signed BUI XUAN CHINH file. The green check mark tells us the document is "signed and all signatures are valid". The Signatures panel informs us that the file is "signed by Chinh".

When creating a digital signature for a PDF, it is necessary to specify the signature used (a / Filter entry). In iText, the /Adobe.PPKLite filter will usually be used. It works better with iText than any other filter: an interactive PDF processor can use any handler as long as the handler supports the specified format / SubFilter.

A signed PDF

The image above shows the schematic of a signed PDF file. A PDF starts with %PDF – version number and ends with %%EOF. /ByteRange – File will be divided into 3 parts, Digital signature will be inserted with suitable size in the middle. Any spaces not used for digital signatures will be overwritten with 00.

Icons to identify authenticated signatures

The red X always means that the signature is faulty: the content has been changed or corrupted, or one of the certificates is invalid… Never trust the signature.

Contents of digital signature

The image on the content of the digital signature is inserted into the PDF file: the person's private key, and the certificate contains the person's public key and identifying information.

In short, the complete document is secured with a digital signature. It cannot sign specific pages.

In PKCS#1 signatures, the certificate is an entry in the signature. It is not part of the actual signature. For CMS and CAdES-based signatures, the certificate (or certificate chain) is embedded in the digital signature. The signature also contains a summary of the original document signed with the private key. Additionally, the signature may contain a timestamp.

Digital Signatures in XML

XML Digital Signatures (also known as XMLDSig , XML_DSig , XML_Sig ) defines an XML syntax for digital signatures as recommended by the W3C. Functionally, it shares many similarities with PKCS#7 but is more extensible and geared towards signing XML documents.

Contents of digital signature

XML signatures can be used to sign data. Any type, typically XML documents, anything accessed via a URL can be signed. An XML signature used to sign a resource outside the XML file is called a detached signature; if it is used to sign part of the file containing it, it is called a wrapped signature; if it contains signed data in itself then it is called wrapper signature. The basic structure of XML Signatures:

Advantages and disadvantages of XML digital signature

+ Advantages of XML digital signature

XML signatures are more flexible than other forms of digital signatures, because it does not operate on binary data, but on Infoset XML, which allows operation on subsets of data, there are many ways to associate signatures. and signed information, and perform the conversion. Another core concept is normalization, which is just "essential" signing, eliminating meaningless differences like spaces and line endings.

+ Disadvantages of XML digital signature

There are downsides to XML security architecture in general, and to the suitability of XML normalization in particular as a front-end to signing and encrypting XML data due to its complexity, capital handling requirements, and more. its have and poor performance characteristics. The implementation of XML normalization causes large latency compared to performance, transaction-sensitive SOA applications.

Without the right policy and implementation, using XML Dsig in SOAP and WS_Security can lead to vulnerabilities, like XML packet signatures.


Previous page Send email Print page