Simple PDF PAdES Signature Verification Technical Specification

# Simple PDF PAdES Signature Verification Technical Specification ## 1. Introduction This technical specification outlines a simple process for verifying PAdES signatures in PDF documents using the iText library. PAdES (PDF Advanced Electronic Signatures) is an ISO standard for electronic signatures in PDF documents, ensuring long-term validation and compliance. ## 2. Overview The process involves opening a PDF document, retrieving signature information, and verifying the integrity and authenticity of each signature. ## 3. Dependencies - iText library: A comprehensive PDF library for creating, manipulating, and extracting content from PDF documents. - BouncyCastle library: A cryptography library providing support for various cryptographic operations. ## 4. Inputs - Path to the PDF document to be verified. ## 5. Outputs - Verification status of each signature in the document. - Certificate information associated with each signature. ## 6. Process 1. Open the PDF document specified by the input path. 2. Retrieve the list of signature names from the document. 3. For each signature name: a. Read the signature data. b. Verify the signature integrity and authenticity. c. Retrieve information about the signing certificate. d. Print verification status and certificate information. 4. Close the PDF document. ## 7. Sample Code Implementation ```csharp using iText.Commons.Bouncycastle.Cert; using iText.Forms; using iText.Kernel.Pdf; using iText.Kernel.Pdf.Canvas.Parser; using iText.Signatures; string originalPdfPath = "dummy.pdf"; string signedPdfPath = "dummy_sign.pdf"; bool isSignatureValid = VerifySignature(signedPdfPath); if (!isSignatureValid) { Console.WriteLine("Signature verification failed."); } string originalContent = ExtractText(originalPdfPath); string signedContent = ExtractText(signedPdfPath); if (originalContent == signedContent) { Console.WriteLine("PDF files are identical."); } else { Console.WriteLine("PDF files are different."); } Console.ReadLine(); bool VerifySignature(string signedPdfPath) { using (PdfReader reader = new PdfReader(signedPdfPath)) { using (PdfDocument pdfDoc = new PdfDocument(reader)) { PdfAcroForm acroForm = PdfAcroForm.GetAcroForm(pdfDoc, false); SignatureUtil signatureUtil = new SignatureUtil(pdfDoc); foreach (string signatureName in signatureUtil.GetSignatureNames()) { PdfPKCS7 pkcs7 = signatureUtil.ReadSignatureData(signatureName); if (!pkcs7.VerifySignatureIntegrityAndAuthenticity()) { return false; // Invalid certificate } else { foreach (IX509Certificate certificate in pkcs7.GetCertificates()) { // Check if certificate is valid from ca server Console.WriteLine($"Serial Number: {certificate.GetSerialNumber().ToString()}"); Console.WriteLine($"Issuer DN: {certificate.GetIssuerDN().ToString()}"); Console.WriteLine($"Subject DN: {certificate.GetSubjectDN().ToString()}"); } } } } } return true; } string ExtractText(string pdfPath) { PdfDocument pdfDoc = new PdfDocument(new PdfReader(pdfPath)); StringWriter output = new StringWriter(); for (int i = 1; i <= pdfDoc.GetNumberOfPages(); i++) { output.WriteLine(PdfTextExtractor.GetTextFromPage(pdfDoc.GetPage(i))); } pdfDoc.Close(); return output.ToString(); } ``` ## 8. Code Explanation - The code defines a class PAdESSignatureVerifier responsible for verifying PAdES signatures. - The VerifySignatures method opens the specified PDF document, retrieves signature information, and iterates through each signature. - For each signature, the VerifySignature method reads the signature data, verifies its integrity, and prints the verification status and certificate information. - The main method Main invokes the VerifySignatures method with the path to the PDF document to be verified. ## 9. Conclusion This technical specification provides a straightforward guide for verifying PAdES signatures in PDF documents using the iText library. It outlines the steps involved in the process and provides sample code for implementation.