pdf-generationelectronic-signaturesignaturepadber

Error during BER decoding when opening PDF in Acobat Reader


So we banging our head against the wall with this problem. See example:

https://drive.google.com/file/d/13Ydz70FtOFO8CtUR5u74Ej-7k1gIsnUX/view?usp=sharing

Above document is signed using an external provider (sha256WithRSA) . When the document is opened in A.reader you get the message

At least one signature is invalid

and when clicking on the visible signature (last page your get a pop-up with the message:

Error during BER decoding

We parsed the /Contents of the /Sig object ( in the PDF 34 0 obj) as a ASN1Sequence object (Java) en checked it is a valid PKCS7 signed data object (it is). When validating the signature it fails (using a Java verifier program) but we don't know why. Below the contents of the /Contents (PKCS7 object) for your convenience:

ASN1Sequence [
  Element 0: 1
  Element 1: [[[[2.5.4.6, EE]], [[2.5.4.10, AS Sertifitseerimiskeskus]], [[2.5.4.97, NTREE-10747013]], [[2.5.4.3, TEST of EID-SK 2016]]], 49055107554612652537246105176508960687]
  Element 2: [2.16.840.1.101.3.4.2.1, NULL]
  Element 3: [CONTEXT 0][[1.2.840.113549.1.9.3, [1.2.840.113549.1.7.1]], [1.2.840.113549.1.9.5, [241101172455Z]], [1.2.840.113549.1.9.4, [#8eb3dcf8e0754f9375b4e3c502bf5cb4b0540bfff399c29ea6394138e6dd2ed0]], [1.2.840.113549.1.9.16.2.47, [[[[#40526c34d739c7f78b36f04432e9a4067c376e93c95fbe005f7c1aa58fca6cbd]]]]]]
  Element 4: [1.2.840.113549.1.1.11, NULL]
  Element 5: #3960410ed9dd02a26c2cd94790487563d165f50adcfd5946634ca80e0afb649e1c5fc026083c041f0acafc823f98fadd76eca169926f76322aa342f126de3e685460b8af982b9d8d3af29757796fe0d39abd0074d0951e7bc232517024d49f7dbcf9c0d4324dcdbbb03a6621953f6a55e572e3c51872abcabbc1265d4f875e1b904cf9546f497fb9bb25463375014b904d6077c23a49a3ea222553208d67b3e62c5b382de3fd150049b44c7175ce1bfe5a4336027a6dcd29905589a8ab97043c4c96082c77b656f7fe01235d42d4475f68701cf0def292296ebc6429d64290ccfe954a122e6cae452629087556359a5b2291c3facd02ff5c90270f6083bb43634d6556c322fb3d6f82086a0fd2f04c77f96184bbedffc7fcd0c2e39816ac9b8ec4988583ab4f9e5bd05717683aff82f9d3573c575bc4f38ef4d771d1e6ebf1b0432b4b801a3c424287cc72ac33ae4fe78a73241e54ebc961b617a4134f640e14d336823a813f23ac62596cc5a018add4adf084864e7afc927106e0ef43c14b66811626c282ea112ab2afbe23f8da03933494d329799577f6a28016707bacac6b372816930d198503e240805dc6ff97454757bda5fb94b8a658300c7935b03914368a05790805aea72df6c779d282763e193fdabe42d7cd3e9ca914104000746281ef7dd6752ff8b758222466d3ec9151ac0145cfa207552d5ad5aed7728d8dbd8d425a2937ea7ee09a05ebad5e6d7c76c5b31393dbadb0adecdbd1bd5e90656d8a07cfb27f2416159c5c93423563072a531cb713c7457ffa2040a7e403d38146c76d95073cd402d4ea1ae0ace10cb3faaba749e3e186fb968165971383cc7cd8a15c7461ba26fa7ead27a3b7a71a77160139deda13e3b161b62f9ca7c2965e6f0ac2be2eeff865efab6d3e903e56a1775dfaf0b572a3d673ce523b0951900651ea67c2e7d7ac4d6262eedf56d4f6f311a8b219c0d46fd713fa69b67d62bd4965d2861ed41ce3e33b83a17623c74287edce10146b1e30ee1fefeedd2e056a92fe220ff2491aa89a472f975243367b8ac5bb64fdbbb4bc6127e729f239de38a903
]

Any suggestions ? Thx a lot!


Solution

  • Summarizing the discussion in the comments to the question.

    A BER decoding issue can occur because of an error in the CMS/PKCS#7 signature container structure, and that's where one usually looks first. But that structure was ok in the case at hand. Alternatively, a BER decoding issue can occur when checking the contained signature value: RSASSA-PKCS1-v1_5 signatures essentially are RSA encrypted BER encoded DigestInfo structures containing a hash algorithm identifier and a hash value.

    Thus, I decrypted the enclosed signature value using the public key of the alleged signer certificate. As result I got something that is not a BER encoded ASN.1 structure at all, let alone a PKCS#1 DigestInfo object, nor does it match the alternative RSASSA-PSS signing scheme format. So this most likely is why Adobe Acrobat reports "Error during BER decoding"

    This kind of error often means that there is a key mismatch: The signature has not been created with the private key matching the public key in the alleged signer certificate but instead some other key.

    Indeed, in this case it turned out that

    there is a Auth cert and a Sign cert and we imported the Auth cert in the PDF.