
itext8 signing return pdf with error ber validation

I need to undergone some changes in my code from itext5 to itext8. Its a 2 step signing, creating hash and signed at CA API, before being embedded back to pdf. Everything works, use some references here. However, it returns error while validating document. I already implemented using the same PdfPkcs7, but it still returns error. The signed pdf can be downloaded from here. Please help shed some light already spent couple nights on this. I was using iText 8.0.2.

public class PDF_prepareHash {
    //global variable
    static Logger logger = LogManager.getLogger(PDF_prepareHash.class.getName());
    static Timestamp timestamp = new Timestamp(System.currentTimeMillis());
    static Instant instant = timestamp.toInstant();
    static String txId=Long.toString(instant.toEpochMilli());
    static String ORI="D:\\pdf"+File.separator+"files"+File.separator+txId+".pdf";
    static String TEMP="D:\\pdf"+File.separator+"files"+File.separator+txId+"-TEMP.pdf";
    static String DEST="D:\\pdf"+File.separator+"files"+File.separator+txId+"-SIGNED.pdf";
    public static PdfPKCS7 sgn;
    //variable for get sign hash
    private static String signature=null;
    //function for prepare hash
    public static String prepareHash(String certx509,SignatureDetails sd,String name, String userId)
        JSONObject obj = new JSONObject();
            BouncyCastleProvider providerBC = new BouncyCastleProvider();
            String x509b64 = certx509;
            String certString="-----BEGIN CERTIFICATE-----\n" +x509b64+"\n-----END CERTIFICATE-----";
            byte[] certinByte= certString.getBytes();
            X509Certificate x509 = fromByteArrayToX509Certificate(certinByte);
            Certificate cert = loadCertificate(certinByte);
            Certificate[] chain = new Certificate[1];
            chain[0] = cert;
            FileBase64Converter fileB64 = new FileBase64Converter();
            fileB64.base64ToFile(sd.getPdfb64(), ORI);
            PDF_prepareHash app = new PDF_prepareHash();
            String json_hh = emptySignature_hash(chain, sd.getVisibility(), sd.getPage(), sd.getX1(), sd.getY1(), sd.getX2(), sd.getY2(), name, userId);
                obj.put("StatusCode", "000");
                obj.put("StatusMsg", "Successfully prepare hash");
                obj.put("Data", json_hh);
      "prepareHash: Status Code: 000");
      "prepareHash: Status Msg: Successfully prepare hash");
                return obj.toString();
        }catch(GeneralSecurityException e){
            logger.fatal("GeneralSecurityException: " + e.getMessage());
        }catch(JSONException e){
            logger.fatal("JSONException: " + e.getMessage());
        return null;
    public static String emptySignature_hash(Certificate[] chain, Boolean visibility, Integer page, Integer x1, Integer y1, Integer x2, Integer y2,String name,String userId)
        try {
            JSONObject obj = new JSONObject();
            PdfReader reader = new PdfReader(ORI);
            FileOutputStream os = new FileOutputStream(TEMP);
            PdfSigner signer = new PdfSigner(reader, os, new StampingProperties());
            String timeStamp = new SimpleDateFormat("dd/MM/yyyy HH:mm:ss z").format(new Timestamp(System.currentTimeMillis()));
            Rectangle rect = new Rectangle(36, 748, 200, 100);
            PdfSignatureAppearance sap = signer.getSignatureAppearance();
                .setLayer2Text("Digitally signed by\n"+name+", "+userId+"\nDate: "+timeStamp)
            signer.setFieldName("signature"); // this field already exists
            BouncyCastleDigest digest = new BouncyCastleDigest();
            sgn = new PdfPKCS7(null, chain, DigestAlgorithms.SHA256, null, digest,false);
            //IExternalSignatureContainer like BlankContainer
            PreSignatureContainer external = new PreSignatureContainer(PdfName.Adobe_PPKLite,PdfName.Adbe_pkcs7_detached) {};
            signer.signExternalContainer( external, 8192);
            byte[] hash=external.getHash();
            byte[] sh = sgn.getAuthenticatedAttributeBytes(hash,PdfSigner.CryptoStandard.CMS, null, null);
            MessageDigest messageDigest = MessageDigest.getInstance("SHA256");
            byte[] hash_byte = messageDigest.digest();
            obj.put("digest", Base64.getEncoder().encodeToString(hash));
            obj.put("hash", Base64.getEncoder().encodeToString(hash_byte));
            return obj.toString();
        } catch (IOException ex) {
            logger.fatal("IOException: " + ex.getMessage());
        } catch (InvalidKeyException ex) {
            logger.fatal("InvalidKeyException: " + ex.getMessage());
        } catch (NoSuchProviderException ex) {
            logger.fatal("NoSuchProviderException: " + ex.getMessage());
        } catch (NoSuchAlgorithmException ex) {
            logger.fatal("NoSuchAlgorithmException: " + ex.getMessage());
        } catch (GeneralSecurityException ex) {
            logger.fatal("GeneralSecurityException: " + ex.getMessage());
        return null;
    //function for get sign hash
    public static String serveSigning(String userId, String hash,String digest,String x509b64)
        JSONObject obj = new JSONObject();

        Scanner myObj = new Scanner(;  // Create a Scanner object
        System.out.println("Enter signature");

        String casignature = myObj.nextLine();  // Read user input

        byte[] extSignature = Base64.getDecoder().decode(signature);
        Certificate[] chain = null;

        try {
            String certString="-----BEGIN CERTIFICATE-----\n" +x509b64+"\n-----END CERTIFICATE-----";
            byte[] certinByte= certString.getBytes();
            X509Certificate x509 = fromByteArrayToX509Certificate(certinByte);
            Certificate cert = loadCertificate(certinByte);
            chain = new Certificate[1];
            chain[0] = cert;
        } catch (CertificateException e) {
            logger.fatal("IOException: " + e.getMessage());
            return null;

        //embed signature
        String extSignature_b64 = Base64.getEncoder().encodeToString(extSignature);
        PDF_prepareHash.createSignature(digest, extSignature_b64, chain);
        obj.put("StatusCode", "000");
        obj.put("StatusMsg", "Embed signature succesfully ");"[GetSignHash] Successfully embed prepared hash");

        return obj.toString();
    //function for embed signature
    public static void createSignature(String hash, String extSignature, Certificate[] chain)
        try {
//            BouncyCastleDigest digest = new BouncyCastleDigest();
//            PdfPKCS7 sgn = new PdfPKCS7(null, chain, DigestAlgorithms.SHA256, null, digest, false);
            sgn.setExternalSignatureValue(Base64.getDecoder().decode(extSignature), null, "ECDSA");
            ITSAClient tsc = null;
            Security.addProvider(new BouncyCastleProvider());
            String TSA_URL="";
            String TSA_ACCNT=null;
            String TSA_PASSW=null;

            try {
                tsc = new TSAClientBouncyCastle(TSA_URL, TSA_ACCNT, TSA_PASSW);
            } catch(Exception e) {
                logger.error("Error timestamping services: "+e.toString());
            byte[] hh_sign = sgn.getEncodedPKCS7(Base64.getDecoder().decode(hash), PdfSigner.CryptoStandard.CMS, tsc, null, null);

            PdfReader reader = new PdfReader(TEMP);
            FileOutputStream os = new FileOutputStream(DEST);
            PdfSigner signer = new PdfSigner(reader, os, new StampingProperties());
            MyExternalSignatureContainer external = new MyExternalSignatureContainer(hh_sign,chain);

            PdfSigner.signDeferred(signer.getDocument(), "signature", os, external);
            //close pdf files
        } catch(IOException ex) {
            logger.fatal("IOException: " + ex.getMessage());
        } catch (GeneralSecurityException ex) { 
            logger.fatal("GeneralSecurityException: " + ex.getMessage());
    //global function
    public static X509Certificate fromByteArrayToX509Certificate(byte[] bytes) throws CertificateException 
        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
        InputStream in = new ByteArrayInputStream(bytes);
        X509Certificate x509cert = (X509Certificate)certFactory.generateCertificate(in);
        return x509cert;
    public static Certificate loadCertificate(byte[] bytes) throws CertificateException 
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        InputStream in = new ByteArrayInputStream(bytes);
        Certificate c=null;
        try {
            c =(Certificate)cf.generateCertificate(in);
        catch (CertificateException ex) {
            logger.error("[] Certificate loadCertificate: "+ex.getMessage());
        finally {
            try {
            } catch (IOException ex) {
                logger.error("[] Certificate loadCertificate: "+ex.getMessage());
        try {
        } catch (IOException ex) {
            logger.error("[] Certificate loadCertificate: "+ex.getMessage());
        return c;


  • In the example file a major issue became visible: You expect your signature to be an ECDSA signature:

    sgn.setExternalSignatureValue(Base64.getDecoder().decode(extSignature), null, "ECDSA");

    but the public key in your certificate (and so also your private key) is a RSA key, so your signature is a RSA signature. This of course does not match at all.

    A minor issue is that for injecting the resulting signature container you initialize two objects to write to the same output:

    PdfReader reader = new PdfReader(TEMP);
    FileOutputStream os = new FileOutputStream(DEST);
    PdfSigner signer = new PdfSigner(reader, os, new StampingProperties());
    MyExternalSignatureContainer external = new MyExternalSignatureContainer(hh_sign,chain);
    PdfSigner.signDeferred(signer.getDocument(), "signature", os, external);
    //close pdf files

    Both the PdfSigner signer and the static method PdfSigner.signDeferred can write to the same output stream which can result in a quite a mix-up. Apparently, though, signer does not write anything in your code, so the mix-up does not occur.

    PdfSigner.signDeferred only uses the PdfDocument in the first parameter to read from. Thus, instead of creating a PdfSigner and retrieving its internal PdfDocument you can simply create a PdfDocument for your PdfReader.