1

How to fix 'Unexpected byte range values defining scope of signed data. Details: The signature byte range is invalid' while adding external signature in multiple pages using PDFBOX (2.0.12)

The following code is working for single page signing while multi page signing not working.

PDDocument pddoc = PDDocument.load(file);
PDSignature pds = new PDSignature();
SignatureOptions signatureOptions;
PDRectangle rect;//coordinates to visible signature
File imgFile;//background image in visible signature
String signDisplayInfo;//data to be displayed in visible signature
createVisualSignatureTemplate // generates the visible signature


for(int i=0;i<pageCount;i++) {
   signatureOptions.setVisualSignature(AddVisibleSignature.createVisualSignatureTemplate(pddoc, i, rect, imgFile,signDisplayInfo));
   signatureOptions.setPage(i);
   pddoc.addSignature(pds, signatureOptions);
}
externalSigning = pddoc.saveIncrementalForExternalSigning(fos);
InputStream dataToSign = externalSigning.getContent();
hash = DigestUtils.sha256Hex(dataToSign);

After preparing the hash, is being sent to another server to get the signature. After getting the response adding the signature into the pdf.

String pkcs7Response = responseSignature;
byte[] sigbytes = java.util.Base64.getDecoder().decode(pkcs7Response);                   
externalSigning.setSignature(sigbytes);
pddoc.save(fos);
pddoc.close();

Error during signature verification.

Unexpected byte range values defining scope of signed data.

Details: The signature byte range is invalid

Community
  • 1
  • 1
Shashichandra Achar
  • 11
  • 1
  • 2
  • 1
    You sign only once, and that signs the whole PDF, even if the signature can be seen only on one page. If you need to sign several times (several people), you'll have to reload the saved file. – Tilman Hausherr Sep 12 '19 at 08:18
  • 1
    Hi @TilmanHausherr I want the visual appearance to be displayed in all pages in pdf by single person – Shashichandra Achar Sep 12 '19 at 08:42
  • Have you tried the proof-of-concept at the bottom of [this answer](https://stackoverflow.com/a/52834362/1729265) in the [CreateMultipleVisualizations](https://github.com/mkl-public/testarea-pdfbox2/blob/master/src/test/java/mkl/testarea/pdfbox2/sign/CreateMultipleVisualizations.java#L95) test `testCreateSignatureWithMultipleVisualizations`using the helper method `addSignatureField`? That answer was created at the time PDFBox was at version 2.0.12, so chances are it can work for you. – mkl Sep 12 '19 at 09:44
  • That being said, though, please be aware that single signatures with multiple visualizations are brittle; several strategies for their creation are meanwhile (ISO 32000-2) considered invalid, and the remaining one is not invalid most likely only by oversight, see the section *A discussion of your actual task* of the afore mentioned [answer](https://stackoverflow.com/a/52834362/1729265). – mkl Sep 12 '19 at 09:50
  • Hi @mkl yeah I have seen that already, but not tried as I am using ExternalSigningSupport as signature is coming from different server. The flow is like -- I am preparing the PDF and then generating hash and sending to a server which will send back the signature and I am adding that signature into PDF using ExternalSigningSupport. – Shashichandra Achar Sep 12 '19 at 10:08
  • My task is to add a visual signature in all pages of a PDF. – Shashichandra Achar Sep 12 '19 at 10:11
  • *"I have seen that already, but not tried. I am using ExternalSigningSupport as signature is coming from different server"* - Then you should try. What keeps you from replacing the `PDDocument.saveIncremental` call there by your `PDDocument.saveIncrementalForExternalSigning` and external `SigningSupport` handling? In that case you can use `pdDocument.addSignature(signature)` instead of `pdDocument.addSignature(signature, this)`. – mkl Sep 12 '19 at 10:14
  • That is also not working as unable to set the signature as stream is getting closed by PDDocument.saveIncremental. – Shashichandra Achar Sep 12 '19 at 11:17
  • *"That is also not working as unable to set the signature as stream is getting closed by PDDocument.saveIncremental"* - allow me to quote from above: *What keeps you from replacing the `PDDocument.saveIncremental` call there by your `PDDocument.saveIncrementalForExternalSigning`?* – mkl Sep 12 '19 at 11:41
  • I need to add the external signature in diffrent method. In that method I need to pass the OutputStream refrence and ExternalSigning refrence, PDDocument reference. So, _PDDocument.saveIncrementalForExternalSigning()_ saves PDF incrementally without closing for external signature creation scenario. But _PDDocument.saveIncremental()_ closes the OutputStream. – Shashichandra Achar Sep 12 '19 at 12:15
  • So, what keeps you from replacing the `PDDocument.saveIncremental` call in the code (from the referenced answer) by your `PDDocument.saveIncrementalForExternalSigning`? – mkl Sep 12 '19 at 12:15
  • Because i am adding visual signature appearance in each page and after that hash i'm getting and sending to different server to get signature, which need to be added in pdf. So basically i'm working on external signature signing – Shashichandra Achar Sep 17 '19 at 07:16
  • That's why I keep proposing that you adapt the example code from the other answer by replacing the `PDDocument.saveIncremental` therein with the `PDDocument.saveIncrementalForExternalSigning`. That way you can use the example code from the other answer with external signing. – mkl Sep 17 '19 at 10:51
  • I used _PDDocument.saveIncremental_ as for the example code but i'm getting **Stream Closed** exception while adding the external sing which i'm getting from another server. – Shashichandra Achar Sep 17 '19 at 13:38
  • Try it with `PDDocument.saveIncrementalForExternalSigning`. – mkl Sep 18 '19 at 08:29
  • From the day one i'm using _PDDocument.saveIncrementalForExternalSigning_ method itself for single page signature everything is working perfect. But for multi page signature after completion of signing when i opened the PDF in signature properties its showing **The signature byte range is invalid** – Shashichandra Achar Sep 18 '19 at 11:58
  • Which is because you can't use this to sign several times in the same cycle. And please don't insist on signing every page. Nobody does that. Even Adobe doesn't do it. The signature is either invisible (verification can seen in the signature panel), or visible (same, plus something fancy usually on the first or on the last page). – Tilman Hausherr Sep 24 '19 at 08:55

1 Answers1

0

Same problem.. Unexpected byte range value defining scope of signed data..

Using foxit..

Right click signature.. Then click show signed version..

You will get your signed version and save it..

Arun Kumar R
  • 1
  • 1
    Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Apr 17 '22 at 05:48