You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, comparing the CLI results to the python code, I get slightly different results in Adobe validation. (Please be patient, I have almost no experience in coding and I am pretty sure there will be a lot of rubbish in my codes.) Would you know what the difference is and would you know how to achieve a PAdES B-LTA signature without the "Miscellaneous change" when using a python code instead of CLI?
When I sign it using the python code, I get a "Miscellaneous change" in the Adobe verification:
When I sign it with CLI, Adobe does not show any "Miscellaneous change":
The python code for the signature (resulting in "Miscellaneous change"):
from asn1crypto import x509, algos
from asn1crypto.pem import unarmor
from cryptography.hazmat.primitives import hashes
from pyhanko_certvalidator import context
from pyhanko_certvalidator.context import ValidationContext
from pyhanko import stamp
from pyhanko.pdf_utils import text, images
from pyhanko.pdf_utils.font import opentype
from pyhanko.pdf_utils.incremental_writer import IncrementalPdfFileWriter
from pyhanko.sign import fields, signers, pkcs11, PdfSigner, timestamps
from pyhanko.sign.fields import MDPPerm
from pyhanko.sign.pkcs11 import open_pkcs11_session, Mechanism
from pyhanko.sign.general import load_cert_from_pemder
signature_mechanism = Mechanism.SHA512_RSA_PKCS
pkcs11_signer = pkcs11.PKCS11Signer(
pkcs11_session = pkcs11.open_pkcs11_session(
lib_location = 'PKCS11 DLL',
token_label = 'TOKEN LABEL',
user_pin = 'PIN',
),
cert_label = "CERT LABEL ON THE CARD",
ca_chain = [load_cert_from_pemder('INTERMEDIATE CERT PEM'),
load_cert_from_pemder('ROOT CERT PEM'),
],
prefer_pss = False,
bulk_fetch = True,
)
with open('simple.pdf', 'rb') as doc:
w = IncrementalPdfFileWriter(doc)
mytimestamp = timestamps.HTTPTimeStamper('http://timestamp.apple.com/ts01')
timestamper = mytimestamp
meta = signers.PdfSignatureMetadata(
docmdp_permissions = MDPPerm(1),
validation_context = ValidationContext(
crls = [
unarmor(open('INTERMEDIATE-SIGNER CRL PEM','rb').read())[2],
unarmor(open('ROOT-INTERMEDIATE CRL PEM','rb').read())[2],
],
trust_roots = [
load_cert_from_pemder('INTERMEDIATE CER - TRUST ANCHOR'),
load_cert_from_pemder('TIMESTAMP ROOT PEM'),
],
extra_trust_roots = [load_cert_from_pemder('ROOT PEM'),
],
other_certs = [
load_cert_from_pemder('ROOT CER AGAIN, RUBBISH'),
load_cert_from_pemder('INTERMEDIATE CER AGAIN, RUBBISH'),
load_cert_from_pemder('INTERMEDIATE TIMESTAMP CER'),
load_cert_from_pemder('SIGNING TIMESTAM CER, RUBBISH'),
],
allow_fetching = True
),
field_name = 'Signature1',
subfilter = fields.SigSeedSubFilter.PADES,
location = 'LOCATION',
reason = 'REASON',
contact_info = 'CONTACT',
md_algorithm = 'sha512',
certify = False,
embed_validation_info = True,
use_pades_lta = True,
)
pdf_signer = signers.PdfSigner(
meta,
signer = pkcs11_signer,
stamp_style = stamp.TextStampStyle(
# the 'signer' and 'ts' parameters will be interpolated by pyHanko, if present
stamp_text = 'Signed by: %(signer)s\nTime: %(ts)s',
text_box_style = text.TextBoxStyle(
font = opentype.GlyphAccumulatorFactory('PATH TO arial.ttf')
),
# background=images.PdfImage('stamp.png')
),
timestamper = timestamper
)
with open('simple_signed.pdf', 'wb') as outf:
pdf_signer.sign_pdf(
w, output=outf
)
The CLI code resulting in pure signature without the "miscellaneous change":
pyhanko.yml:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi, comparing the CLI results to the python code, I get slightly different results in Adobe validation. (Please be patient, I have almost no experience in coding and I am pretty sure there will be a lot of rubbish in my codes.) Would you know what the difference is and would you know how to achieve a PAdES B-LTA signature without the "Miscellaneous change" when using a python code instead of CLI?
When I sign it using the python code, I get a "Miscellaneous change" in the Adobe verification:
When I sign it with CLI, Adobe does not show any "Miscellaneous change":
The python code for the signature (resulting in "Miscellaneous change"):
The CLI code resulting in pure signature without the "miscellaneous change":
pyhanko.yml:
run with:
pyhanko --verbose sign addsig --field 1/40,700,150,750/Signature1 --style-name noto-qr --stamp-url "mailto:NAME< email >" --timestamp-url http://timestamp.apple.com/ts01 --with-validation-info --validation-context PS-QC --use-pades pkcs11 --p11-setup PS-QC blank.pdf blank_simple.pdf
and
pyhanko --verbose sign ltaupdate --timestamp-url http://timestamp.apple.com/ts01 --validation-context PS-QC blank_simple.pdf
Thanks a lot.
Beta Was this translation helpful? Give feedback.
All reactions