0

I need a public X509 cert for the signing of PDFs. I have the public key in RSA format (the private key is on an HSM). The current keys on the HSM are self-signed (This will ultimately be replaced by an AATL certificate).

I have used CertificateRequest to set up the certificate. However, in order to use X509Certificate2.Create to create a cert you need X509SignatureGenerator.CreateForRSA. That in turn requires the private key. That's where I am stuck.

AFAIK BouncyCastle also seems to require the private key. What am I missing? Every digitally-signed PDF on the planet contains a public-only cert to decrypt the hash.

[The HSM generates a PEM but that only contains the public key, so CreateFromPem doesn't work either as that seems to need full 'CERTIFICATE' details]

Philip
  • 1
  • 1
  • 4
  • `CertificateRequest` is for creating a *new* certificate, if you already have a certificate you would use one of the constructors of `X509Certificate2`. Unclear what you are trying to achieve: signing the files, or checking the signature? The former requires a private key, the latter does not. Not sure how you use an HSM private key though, presumably there's an API for it somewhere – Charlieface Jan 16 '22 at 14:12
  • 1
    If you’re trying to sign documents, you need to use the private key. You can verify the signature with the corresponding public key, but not sign. Otherwise what would stop anyone with the public key altering the document and re-signing it? – sellotape Jan 16 '22 at 14:13
  • You need detached signature. Send hash to HSM for signing using PKCS#11 and then inject signature (CMS) in pdf. BTW, my Co provides libraries for achieving the same. Also the browser extension in case you need to use cryptographic device on client's browser may be referred at https://stackoverflow.com/a/63173083/9659885 – Bharat Vasant Jan 17 '22 at 06:55
  • Apologies I was obviously not clear. The private key is on the HSM and that signs the hash perfectly. However, the PDF Standard requires a public certificate be added to a signed document. The public key contained in the public cert is ultimately used to decrypt the hash for comparison during the eventual signature validation process. Given the unusual circumstances, I am having to 'manufacture' a public certificate (from raw cert data and the downloaded RSA), which you seemingly cannot do with either the X509Certificate2 or the Certificate Request constructors. That is the goal... – Philip Jan 17 '22 at 07:44
  • How are you signing via the HSM? If you can get that signing operation into an RSA object that's the object you'd pass into `CreateForRSA`. – bartonjs Jan 18 '22 at 17:55
  • @bartonjs I get a PEM from the Google HSM and extract it into an RSA. The problem is that it only contains the public key (as would be expected from a HSM protecting the private key from any eyes). `CreateForRSA` needs a private key, of course, so I don't think that will work. Can we not somehow create the public Certificate without the private key (i.e. by using something bespoke method other than `CertificateRequest`). The HSM can be accessed to sign the Hash of the PDF, can it not also be used to sign the digest of a 'manufactured' public cert? The output I need is a valid .pfx. Please help – Philip Jan 21 '22 at 16:41
  • "The HSM can be accessed to sign the Hash of the PDF, can it not also be used to sign the digest of a 'manufactured' public cert?". That's why I asked how you do the signing. Take that operation, wrap it in a custom RSA class, done. – bartonjs Jan 21 '22 at 17:11
  • @bartonjs You wouldn't have a sample class handy perhaps? – Philip Jan 22 '22 at 09:48

0 Answers0