This is Google's cache of https://stackoverflow.com/questions/46430367/how-to-retrieve-digital-signature-information-from-pdf-with-php/46603440.

It is a snapshot
of the page as it appeared on 21 Jul 2019 17:15:57 GMT. The current page could have changed in the meantime. Learn more.

Full version Text-only version View source

Tip: To quickly find your search term on this page, press Ctrl+F or ⌘-F (Mac) and use the find bar.

Stack Exchange
Stack Overflow
sign up log in

current community
Close

meta chat
Stack Overflow

your communities

Sign up or log in to view your list.

more stack exchange communities

company blog

By using our site, you acknowledge that you have read and understand our Cookie Policy, Privacy Policy, and our Terms of Service.

Questions
Jobs
Tags
Users
Badges
Ask

up vote 20 down vote favorite

How to retrieve digital signature information from PDF with PHP?

php pdf digital-signature pkcs#7

I have app that needs to retrieve some data (signer name) from digital signature "attached" on PDF files.

I have found only examples in Java and C# using the iText class AcroFields method GetSignatureNames

edit: I've tried pdftk with dump_data_fields and generate_fpdf and the result was that (unfortunately):
/Fields [
<<
/V /dftk.com.lowagie.text.pdf.PdfDictionary@3048918
/T (Signature1)
>>]

and

FieldType: Signature
FieldName: Signature1
FieldFlags: 0
FieldJustification: Left

Thanks in Advance !

share improve this question

asked Sep 26 '17 at 15:23
celsowm
celsowm 644●5●21●43
edited Sep 26 '17 at 16:39

2
Have you looked at the fdf functions? – Richard Housham Sep 26 '17 at 15:26
If the solution @Dennis posted, doesn't work for you then let me know and I would like to give this question a shot – Tarun Lalwani Oct 6 '17 at
11:18
Have you considered looking into adding the c code as an extension to php? – Nitin Oct 8 '17 at 15:50
Hi @TarunLalwani, the Dennis answer is almost complete but now I have some difficult to navigate on ASN1 tree from DER decode using
PHPASN1 – celsowm Oct 9 '17 at 15:45
Share the current code that you have, i will give that part a short – Tarun Lalwani Oct 9 '17 at 16:16

| show 2 more comments

2 Answers
2
order by active oldest votes
up vote 14 down vote accepted
+500

Well, it's complicated (I would say even impossible, but who knows) to achieve this only with PHP.

At first, please read article about digital signature in Adobe PDF

Second, after reading this you will know that signature is stored between b and c bytes according to /ByteRange[a b c d] indicator

Third, we can extract b and c from document and then extract signature itself (guide says it will be hexdecoded PKCS7# object).

<?php

$content = file_get_contents('test.pdf');

$regexp = '#ByteRange\[\s*(\d+) (\d+) (\d+)#'; // subexpressions are used to extract b and c

$result = [];
preg_match_all($regexp, $content, $result);

// $result[2][0] and $result[3][0] are b and c

if (isset($result[2]) && isset($result[3]) && isset($result[2][0]) && isset($result[3][0]))
{
$start = $result[2][0];
$end = $result[3][0];
if ($stream = fopen('test.pdf', 'rb')) {
$signature = stream_get_contents($stream, $end - $start - 2, $start + 1); // because we need to exclude < and > from start and end

fclose($stream);
}

file_put_contents('signature.pkcs7', hex2bin($signature));
}

Forth, after third step we have PKCS#7 object in file signature.pkcs7. Unfortunately, I don't know methods to extract information from signature using
PHP. So you must be able to run shell commands to use openssl

openssl pkcs7 -in signature.pkcs7 -inform DER -print_certs > info.txt

After running this command in file info.txt you will have a chain of certificates. Last one is the one you need. You can see the structure of the file and
parse needed data.

Please also refer to this question, this question and this topic

EDIT at 2017-10-09 I knowingly advised you to see exactly this question There is a code that you can adjust to your needs.

use ASN1\Type\Constructed\Sequence;
use ASN1\Element;
use X509\Certificate\Certificate;

$seq = Sequence::fromDER($binaryData);
$signed_data = $seq->getTagged(0)->asExplicit()->asSequence();
// ExtendedCertificatesAndCertificates: https://tools.ietf.org/html/rfc2315#section-6.6
$ecac = $signed_data->getTagged(0)->asImplicit(Element::TYPE_SET)->asSet();
// ExtendedCertificateOrCertificate: https://tools.ietf.org/html/rfc2315#section-6.5
$ecoc = $ecac->at($ecac->count() - 1);
$cert = Certificate::fromASN1($ecoc->asSequence());
$commonNameValue = $cert->tbsCertificate()->subject()->toString();
echo $commonNameValue;

I've adjusted it for you, but please make the rest by yourself.

https://stackoverflow.com/questions/46430367/how-to-retrieve-digital-signature-information-from-pdf-with-php/46603440#46603440
share improve this answer
answered Oct 6 '17 at 10:14
Denis Alimov
Denis Alimov 2,449●1●11●28
edited Jan 24 at 19:20
nowox
7,232●10●46●114

unfortunately the preg_match_all fails to this pdf with my signature: docdroid.net/oVB1AW2 – celsowm Oct 6 '17 at 14:58
1
@celsown Why you did not bother to take a look to the contents of your test.pdf file? Your ByteRange indicator is a bit different, you just need to
slightly change $regexp = '#ByteRange\s*\[(\d+) (\d+) (\d+)#'; – Denis Alimov Oct 6 '17 at 15:27
1
@TonyChiboucas yep, thank you. but I would rather implement java service using 3rd party libraries for this issue. and use it via shell command –
Denis Alimov Oct 7 '17 at 17:26
1
If you're going to call it via shell, why not just write a shell script instead? – Tony Chiboucas Oct 9 '17 at 13:41
1
 @celsowm I've edited my answer once again – Denis Alimov Oct 10 '17 at 17:45

| show 6 more comments

up vote 0 down vote

I've used iText and found it to be very reliable, I highly recommend it. you can always call the java code as a "microservice" from PHP.

https://stackoverflow.com/questions/46430367/how-to-retrieve-digital-signature-information-from-pdf-with-php/46701601#46701601
share improve this answer
answered Oct 12 '17 at 4:47
Felipe Valdes
Felipe Valdes 994●5●16

add a comment |

Your Answer
Body

Add picture

Upload
Cancel Add picture

Click here to upload your image (max 2 MiB)

Cancel and add another image

You can also provide a link from the web.

Cancel

Log in

or
Name
Email

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

meta chat tour help blog privacy policy legal contact us full site

2019 Stack Exchange, Inc