CODEWITHSUNDEEP
c#pdfitext
Johandre
Johandre

Reputation: 105

PDF/A Conformance issue

So I've got my ItextSharp set up, and I've got the signing process to work to a degree, embedding images and fonts are working but I get the following validation error when I sign the document(Not certifying), "A string is longer than 65535 bytes." and this is causing my document not to conform to the PDF/A-1a standard. I've inspected the code and it seems the problem is lying in the MakeSignature.SignDetached method for ITextSharp(5.5.6) any particular reason that this would be occurring?

Signed Document with error: https://drive.google.com/file/d/0B9RyqgJoa6W8Q1ZySkhjUS1iTmM/view?usp=sharing 

private void SignDocumentSigningBlock(Certificate certificate, SigningInformation information, SigningBlock block, PdfSignatureAppearance appearance, PdfStamper stamper, byte[] signatureImage)
{
    X509Certificate2 x509Certificate = new X509Certificate2(certificate.Bytes, certificate.Password, X509KeyStorageFlags.Exportable);

    appearance.SetVisibleSignature(block.Name);
    SignDocumentSigningBlockWithImage(signatureImage, appearance);
    SignDocumentSigningBlockWithText(appearance, x509Certificate);

    using (RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509Certificate.PrivateKey)
    {
        IExternalSignature externalSignature = new PrivateKeySignature(DotNetUtilities.GetRsaKeyPair(rsa).Private, _settingManager["DocumentSigningEncryptionHashAlgorithm"]);
        MakeSignature.SignDetached(appearance, externalSignature, SignDocumentSigningBlockBuildChain(x509Certificate), null, null, new TSAClientBouncyCastle(_settingManager["DocumentSigningTimestampingServiceAddress"]), Int32.Parse(_settingManager["DocumentSigningEstimatedTimestampSize"]), CryptoStandard.CMS);
    }
}

Any advice or help would be appreciated. Kind regards

Update

I've signed the document reducing the estimated size to 20400, but I still have the same warning when doing the compliance check. Link to the new document: https://drive.google.com/file/d/0B9RyqgJoa6W8UkpGODhLWHl5bTQ/view?usp=sharing

Upvotes: 0

Views: 478

Answers (1)

mkl
mkl

Reputation: 95928

Your MakeSignature.SignDetached call

MakeSignature.SignDetached(appearance, externalSignature, SignDocumentSigningBlockBuildChain(x509Certificate), null, null, new TSAClientBouncyCastle(_settingManager["DocumentSigningTimestampingServiceAddress"]), Int32.Parse(_settingManager["DocumentSigningEstimatedTimestampSize"]), CryptoStandard.CMS);

explicitly asks iTextSharp to reserve space for

Int32.Parse(_settingManager["DocumentSigningEstimatedTimestampSize"])

many bytes to embed the signature.

Thus, please reduce the _settingManager["DocumentSigningEstimatedTimestampSize"] value.

A value of 0 asks iTextSharp to make a rough estimate. Such an estimate may exceed some limits and, therefore, should not be used in your case.

By the way, the name DocumentSigningEstimatedTimestampSize is misleading here.

PS: If you embed additional material like CRLs, OCSP responses, or time stamps into your signature, the signature size to expect grows. For PDF/A-1a conformance please put as little of such additional information into the signature as possible.

Upvotes: 1

Related Questions