With IvSign it is possible to verify a signed PDF file to confirm its integrity, its validity, the signatures it contains and the validity of those signatures.
As always, we need to authenticate ourselves and get a session token first:
Execute in a console (replacing the data in blue with the data received in the email)
curl -sS --user-agent WebSend --header 'Content-Type: application/json' --header 'Accept: application/json' --request POST --data '{"login":"USUARIO","pass":"PASSWORD","orgaid":"ORGAID","module":"integra","modkey":"K#t@g-n2a_d[3-G1","modver":"1.0"}' https://test.ivsign.net/Keyman/rest/v4/Auth/Login
REPLY:
{
"token":"KOCisd+DfGFOzcTxGwcthUsNQl0jaRFKUrrlB2OUPs0tNTIfORd7/zW1e8mb0iHuUMBuHitlLU8hewG/mJfFczw==",
"user":{"userid":"ivsdemo","extid":null,"orgaid":"orgademo","email":"demomail@ivnosys.com","name":"Usuario","lastname":"Demostraciones","lastip":"42.0.1.59","ident":null,"disabled":false,"createdate":"2019-03-11T13:54:55Z","lastlogin":"2019-03-11T14:02:34.9055158Z","previouslogin":null,"authprovider":"db","admin":false,"superadmin":false,"pass":null,"validation":null,"lang":"es","valid":true,"phone":null,"orgachain":"root.integra.orgademo.","disabledreason":null},
"error":{"code":"K0000","message":"OK","traceid":"CIK4QZVHU5V7G"}
}
We will need the token returned in the previous call (in blue) and the PDF document signed in base64 (Here is an exemple)
Then, we can make the call to verify the document.
curl -sS --user-agent WebSend --header 'Accept: application/json' --header 'Authentication: TOKEN' --header 'Content-Type: application/json' --request POST --data '{"document":"DocumentoPDFenBase64"}' https://test.ivsign.net/Keyman/rest/v4/verify/pades
Reply obtained from the verification service:
{
"error": {
"code": "K0000",
"message": "OK",
"traceid": "CIK4Q545SOPZC"
},
"valid": true,
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "4330BCC6ACFE64605AC73C528A4BEAA3",
"validfrom": "2018-04-06T11:22:25+02:00",
"validto": "2021-02-26T23:59:59+01:00",
"issuer": "CN=AC DNIE 001, OU=DNIE, O=DIRECCION GENERAL DE LA POLICIA, C=ES",
"issuercn": "AC DNIE 001",
"subject": "CN=\"Ficticio Activo, Ciudadano (FIRMA)\", G=Ciudadano, SN=Ficticio, SERIALNUMBER=99999018D, C=ES",
"subjectcn": "Ficticio Activo, Ciudadano (FIRMA)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [
"NonRepudiation"
],
"enhancedkeyusage": [],
"caname": "DGP",
"type": "PF",
"userinfo": {
"name": "Ciudadano",
"lastname": "Ficticio",
"ident": "99999018D",
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "4812E1518AD027A6ED8FCE38CA749ED6FE60363A",
"sha1sumissuer": "41CF9EC0733D58E43997A6C65DF797C3EE99407B"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "CIK4Q545SOPZC"
}
},
"signatureid": "Signature1",
"valid": true,
"integrity": true,
"profile": "Basic",
"extensions": "epes",
"envelop": "Enveloped",
"cer": "MIIFMjCCBBqgAwIBAgIQQzC8xqz+ZGBaxzxSikvqozANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJFUzEoMCYGA1UECgwfRElSRUNDSU9OIEdFTkVSQUwgREUgTEEgUE9MSUNJQTENMAsGA1UECwwERE5JRTEUMBIGA1UEAwwLQUMgRE5JRSAwMDEwHhcNMTgwNDA2MDkyMjI1WhcNMjEwMjI2MjI1OTU5WjB1MQswCQYDVQQGEwJFUzESMBAGA1UEBRMJOTk5OTkwMThEMREwDwYDVQQEDAhGaWN0aWNpbzESMBAGA1UEKgwJQ2l1ZGFkYW5vMSswKQYDVQQDDCJGaWN0aWNpbyBBY3Rpdm8sIENpdWRhZGFubyAoRklSTUEpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvy+Vgy//4S+0tSGTRHgAeK8nzR4xYm5eGWA3LOaVsaF80hfcmwUAhfxGM4zIEhNz2fSIqSf3ckxnzXeirxLlNgjsM+uyCc+xjiF9PaJp3i7HPQ6c8F3VN/ig+0jURgQ4sFd8nymUOqGBsDRTzVlXNW0GbM/R1P4nNR6oQTwSCXZztp6sfWI9HlA2aEqzuxI+wl/ccwMG7mc4O+T5Jbm7oJ59SNDPceXlmnA1zkHLL1U/2pWqtXevBnD5tD48ywtj1uIqko/vqC4oUV5WOfcYcZFDM9+Y17sCX/ylHNrhI5QIGM7DVMXNYpM6Pnsl/A/bmZ86AdfKqUFrXlDT2joM5QIDAQABo4IB1TCCAdEwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUtGpuINaPSc4CPd2yEFF2oGt5w1EwHwYDVR0jBBgwFoAUGomoxe6Pdl1VcYnzOzW9qgUAlW8wgZAGCCsGAQUFBwEDBIGDMIGAMAgGBgQAjkYBATAIBgYEAI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgEwSAYGBACORgEFMD4wHRYXaHR0cHM6Ly93d3cuZG5pZS5lcy9wZHMTAmVuMB0WF2h0dHBzOi8vd3d3LmRuaWUuZXMvcGRzEwJlczALBgYEAI5GAQMCAQ8wXwYIKwYBBQUHAQEEUzBRMB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5kbmllLmVzMC4GCCsGAQUFBzAChiJodHRwOi8vd3d3LmRuaWUuZXMvY2VydHMvQUMwMDEuY3J0MH0GA1UdIAR2MHQwcgYIYIVUAQICAgMwZjAiBggrBgEFBQcCARYWaHR0cDovL3d3dy5kbmllLmVzL2RwYzBABggrBgEFBQcCAjA0DDJESVJFQ0NJw5NOIEdFTkVSQUwgREUgTEEgUE9MSUPDjUEsIFZBVEVTLVMyODE2MDE1SDAOBgNVHQ8BAf8EBAMCBkAwDQYJKoZIhvcNAQELBQADggEBAKDWHwOakHTzfcQ+NFrZQW1ymSgglQK8B0TDJl5CRA0maDcrF1lqiiBTmSQ7yLTCfVnt0mnRxWXSeN5g35CkhGBtqm0PmDdSDn1aASAx1oU3P8L4LwkZOgWqzK84sz0OJriPBJJIrdSAmFS6kk99lYKw2erLZXuVnXyi7NEvARw5gp0LJA90WC8BG0UAjc0j2xg6tfU+h4s/OAD6iisWpmHgvYW5WmoTbJ1ZJdYbimBGWjTnf7umTAXhso6W+mugMoVTA/v7Q2a07aT2byrehghrcIlVkAjnd4A7MXjEXRXrUfKuc+Gumdl8cyftyM3DE7IZtUoX1uPjpwKWizEuafk=",
"signingtime": "2019-03-12T09:18:00",
"hashalgorithm": "SHA1",
"timestamps": null,
"validationtimestamps": null
}
]
}
With this we will be able to obtain all the relevant information from a signed PDF document, and if it is completely valid; if not, the reasons why it is not will be indicated (problems with the signing certificate, integrity of the document, corruption in the signature, among others).