Forum


Replies: 3   Views: 873
Signpdf with cert pem to usb certeurop certificat
Topic closed:
Please note this is an old forum thread. Information in this post may be out-to-date and/or erroneous.
Every phpdocx version includes new features and improvements. Previously unsupported features may have been added to newer releases, or past issues may have been corrected.
We encourage you to download the current phpdocx version and check the Documentation available.

Posted by dev-info  · 02-03-2023 - 09:42

Good morning,
I have a Certeurope USB key which allows me to sign Electronically PDF documents.
I would like to be able to sign PDF with this programming certificate.
I tried with the SingPDF function (I have version 10 of PHPDOCX)
The signature is done well but the signature is not validated.


The error message (when you open the PDF) is: signing authentication error, error during Decoding BER

To recover the certificate of the Certeurope key, I open the software "Trusted Key Manager" I enter the pin code of the USB key, I will in information, and I export the .PEM (we can also export a certificate .der But I don't know)

Here is how I proceed:



            $sign = new Phpdocx\Sign\SignPDF();
      
            $sign->setPDF('test.pdf');
            $sign->setPrivateKey('cert.pem', 'xxxx');
            $sign->setX509Certificate('cert.pem');

            $sign->sign('output_sign.pdf');

 

 

Do you have an idea of the procedure to follow so that the signature is valid?


(I opened the signature on Nitro Pro, Acrobat Reader and PDF Creator) The problem is the same, and there is no information indicated in the signature, as if the PEM had not been read correctly

When I sign with the key connected to my computer, via Adobe Reader, ONME asks to do the box where the signature will be, and the signature is validated


Thank you for your answers.

Christophe

 

 

Posted by dev-info  · 02-03-2023 - 12:33

Thank you for your answer, I will send it to you by email.

Posted by admin  · 02-03-2023 - 13:01

Hello,

Thanks for sending the sample PEM file.

The PEM file only contains a certificate section:

-----BEGIN CERTIFICATE-----

(...)

-----END CERTIFICATE-----

It doesn't contain a private key. You need to use a PEM file with all contents to be able to sign files. Please check the samples included in the package, which also includes a sample PEM file.

A DER file is a binary encoding file that can be used to store certificates and private keys. phpdocx works with PEM files, maybe you can transform your DER file to PEM:

https://www.ssl.com/guide/pem-der-crt-and-cer-x-509-encodings-and-conversions/

https://www.oreilly.com/library/view/linux-security-cookbook/0596003919/ch04s10.html

Please check the samples included in the package and the documentation available on the following page: https://www.phpdocx.com/documentation/introduction/digital-signature-docx-pdf-PHP

As you can read on this page:

  • You need to include the path to your RSA private key in the setPrivateKey() method indicating the password if required (we include here the options associated with a "fake" digital certificate included with the module only for testing purposes).
  •  
  • The setPrivateKey() method only admits .pem format. If you want to use pfx format you should first transform it to .pem with the transformPfxToPem() method.

You need to use a PEM file to sign documents, not a DER file.

Regards.