Reputation: 85
Unicode Issue Pdf while adding digital signature
i have an issue regarding signing PDF file using digital signature certificate coming from Smart Card all signatures have appearance without unicode as the following [![All Signatures][1]][1]
and when i select the signature it coming like below without unicode too
and after signing the document it still the same ,
kindly note that the Certificate issuer name is in arabic language so please how to fix it thank you very much .
Upvotes: 1
Views: 500
Answers (1)
Reputation: 96009
The problem is due to how the Arabic name is encoded in the certificate.
In the certificate in question the name in Arabic script is contained in the subjectAltName extension and it is encoded as a TeletexString:
032F 75: SEQUENCE {
<06 03>
0331 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
: (X.509 extension)
<04 6E>
0336 6E: OCTET STRING, encapsulates {
<30 6C>
0338 6C: SEQUENCE {
<A4 4A>
033A 4A: [4] {
<30 48>
033C 48: SEQUENCE {
<31 46>
033E 46: SET {
<30 44>
0340 44: SEQUENCE {
<06 03>
0342 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 DN component)
<14 3D>
0347 3D: TeletexString
: 'Ù.ØÙ.د اÙ.بدراÙ.Ù. عبداÙ.عزÙ.ز اÙ'
: '.بدراÙ.Ù.'
: }
: }
: }
: }
<81 1E>
0386 1E: [1] '[email protected]'
: }
: }
: }
(As the OP redacted the email address in his screenshots, I did the same here.)
A TeletexString (= T61String) type in ASN.1
denotes an arbtrary string of T.61 characters. T.61 is an eight-bit extension to the ASCII character set. Special "escape" sequences specify the interpretation of subsequent character values as, for example, Japanese; the initial interpretation is Latin. The character set includes non-printing control characters. The T61String type allows only the Latin and Japanese character interepretations, and implementors' agreements for directory names exclude control characters [NIST92]. A T61String value can have any length, including zero. This type is a string type.
Thus, while T.61 does generically allow Arabic script, its use in the TeletexString (= T61String) type in ASN.1 does not.
(You can find the exact definition of allowed characters in ISO/IEC 8824-1 in combination with the ISO International Register of Coded Character Sets to be used with Escape Sequences.)
As usual, some applications have a TeletexString implementation which exactly covers the specified extend and some have implementations that covers more, up to the whole T.61 character set.
Adobe Reader in particular seems to be among the former, at least it does not cover the Arabic script in your subjectAltName. The certificate viewer of Microsoft Windows, on the other hand, is among the latter, in particular it does cover your subjectAltName.
That been said, the use of TeletexString in this context is questionable anyways, according to RFC 5280:
Implementations may encounter certificates and CRLs with names encoded using TeletexString, BMPString, or UniversalString, but support for these is OPTIONAL.
Thus, you actually can be happy that your certificate is accepted at all as Adobe could as well have chosen not to support TeletexString at all anymore and reject your certificate for that reason...
To get a more universal acceptance (by RFC compliant software) of the Arabic script in your subjectAltName, you should try and persuade your certificate authority to re-issue your certificate but use UTF8String for Arabic script instead of TeletexString. There may be some broken legacy applications, though, that hickup with such a corrected certificate...
Upvotes: 2
Related Questions
- How to show digital signature VALUE in signature appearance of PDF file with iTextSharp
- PDFTron Digital Signature
- How do e-Signature companies create valid digital signatures
- "detached" digital signatures in PDF
- Insert digital signature into existing pdf file
- Digital Signatures for PDF documents
- PDF digital signature on page icon indicating signature validity
- Error in digital signature
- CAdES Digital Signature
- Changing signature appearance after signing pdf file with iTextSharp