TCPDF adding digital signature to the created pdf
Asked Answered
D

1

9

I have kind of weird problem.
I'm struggling with a pdf digital signature problem since a while and it did't working as I expect. Actually it doesn't work at all.

I used exacly same code as is posted in the Examples 52 page:

// set certificate file
$certificate = 'file://var/www/app/tcpdf/config/cert/tcpdf.crt';

// set additional information
$info = array(
    'Name' => 'TCPDF',
    'Location' => 'Office',
    'Reason' => 'Testing TCPDF',
    'ContactInfo' => 'http://www.tcpdf.org',
    );

// set document signature
$pdf->setSignature($certificate, $certificate, 'tcpdfdemo', '', 2, $info);

First problem was about

Warning: openssl_pkcs7_sign() [function.openssl-pkcs7-sign]: error getting private key in /var/www/app/tcpdf/tcpdf.php on line 7566

It was caused because I did not set privileges to execute cert directory. But after I set 777 magic happen.
From now on I do not see what is the error, and I do not see the error track but:

HTTP ERROR 324 (net::ERR_EMPTY_RESPONSE)

anyone can suggest me something?

Dumb answered 19/4, 2013 at 8:8 Comment(4)
It appears that your error is no longer with your use of tcpdf's signing features. I don't see anything in your code to show that you are outputting the signed pdf to the browser. Are you doing so? If not, then your response will be empty and possibly cause that error.Gamy
Can you show me some example of things about you write? if u mean those lines $pdf->Image('../images/tcpdf_signature.png', 180, 60, 15, 15, 'PNG'); $pdf->setSignatureAppearance(180, 60, 15, 15); I did try it with no successDumb
Mainly, I don't see in your code posted here a call to $pdf->Output('name.pdf', 'I'); in order to actually send the pdf out to the browser. The Output function has many options for saving or sending the pdf documented at linkGamy
Actually, your code doesn't work because you're using a relative path; I had the same problem. The path should be: file:///[...] - so an extra '/'. Also it's generally a bad idea to put CRT files in a public place - if someone obtains it he can sign stuff using your certificate, which is definitely a bad thing; you would be smart to put it somewhere you cannot access it from the web.Germen
G
19

From what I see, the error you are recieving is not caused by the code that you have posted in your question as that code is straignforward and exactly like that found in the TCPDF documentation. You can find an example of sending a signed pdf at TCPDF Documentation

The code there is as follows:

require_once('../config/lang/eng.php');
require_once('../tcpdf.php');

// create new PDF document
$pdf = new TCPDF(PDF_PAGE_ORIENTATION, PDF_UNIT, PDF_PAGE_FORMAT, true, 'UTF-8', false);

// set document information
$pdf->SetCreator(PDF_CREATOR);
$pdf->SetAuthor('Nicola Asuni');
$pdf->SetTitle('TCPDF Example 052');
$pdf->SetSubject('TCPDF Tutorial');
$pdf->SetKeywords('TCPDF, PDF, example, test, guide');

// set default header data
$pdf->SetHeaderData(PDF_HEADER_LOGO, PDF_HEADER_LOGO_WIDTH, PDF_HEADER_TITLE.' 052', PDF_HEADER_STRING);

// set header and footer fonts
$pdf->setHeaderFont(Array(PDF_FONT_NAME_MAIN, '', PDF_FONT_SIZE_MAIN));
$pdf->setFooterFont(Array(PDF_FONT_NAME_DATA, '', PDF_FONT_SIZE_DATA));

// set default monospaced font
$pdf->SetDefaultMonospacedFont(PDF_FONT_MONOSPACED);

//set margins
$pdf->SetMargins(PDF_MARGIN_LEFT, PDF_MARGIN_TOP, PDF_MARGIN_RIGHT);
$pdf->SetHeaderMargin(PDF_MARGIN_HEADER);
$pdf->SetFooterMargin(PDF_MARGIN_FOOTER);

//set auto page breaks
$pdf->SetAutoPageBreak(TRUE, PDF_MARGIN_BOTTOM);

//set image scale factor
$pdf->setImageScale(PDF_IMAGE_SCALE_RATIO);

//set some language-dependent strings
$pdf->setLanguageArray($l);

// ---------------------------------------------------------

/*
NOTES:
 - To create self-signed signature: openssl req -x509 -nodes -days 365000 -newkey rsa:1024 -keyout tcpdf.crt -out tcpdf.crt
 - To export crt to p12: openssl pkcs12 -export -in tcpdf.crt -out tcpdf.p12
 - To convert pfx certificate to pem: openssl pkcs12 -in tcpdf.pfx -out tcpdf.crt -nodes
*/

// set certificate file
$certificate = 'file://../config/cert/tcpdf.crt';

// set additional information
$info = array(
    'Name' => 'TCPDF',
    'Location' => 'Office',
    'Reason' => 'Testing TCPDF',
    'ContactInfo' => 'http://www.tcpdf.org',
    );

// set document signature
$pdf->setSignature($certificate, $certificate, 'tcpdfdemo', '', 2, $info);

// set font
$pdf->SetFont('helvetica', '', 12);

// add a page
$pdf->AddPage();

// print a line of text
$text = 'This is a <b color="#FF0000">digitally signed document</b> using the default (example) <b>tcpdf.crt</b> certificate.<br />To validate this signature you have to load the <b color="#006600">tcpdf.fdf</b> on the Arobat Reader to add the certificate to <i>List of Trusted Identities</i>.<br /><br />For more information check the source code of this example and the source code documentation for the <i>setSignature()</i> method.<br /><br /><a href="http://www.tcpdf.org">www.tcpdf.org</a>';
$pdf->writeHTML($text, true, 0, true, 0);

// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// *** set signature appearance ***

// create content for signature (image and/or text)
$pdf->Image('../images/tcpdf_signature.png', 180, 60, 15, 15, 'PNG');

// define active area for signature appearance
$pdf->setSignatureAppearance(180, 60, 15, 15);

// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

// *** set an empty signature appearance ***
$pdf->addEmptySignatureAppearance(180, 80, 15, 15);

// ---------------------------------------------------------

//Close and output PDF document
$pdf->Output('example_052.pdf', 'I');

Note that, you need to add pages to your document and then call the Output() function in order to actually get any output sent to the browser. Otherwise, the server will not have any data to send and so give you an empty response causing this error.

This error can also be cause if you are creating the file on the server and saving it in a folder that your script then doesn't have the permissions to access and output to the browser.

If you are using Google Chrome to view your pdf, you might want to check out the information here on this error Chrome Empty Response Errors Group

Also, there are reports that this error has been caused by incorrectly configured Zend Optimizer/Zend Guardian setups. If neither of the above is the case, I would make sure these are deactivated to continue troubleshooting.

As you can see, this error is a bit non-specific and so can be difficult to troubleshoot.

Gamy answered 26/4, 2013 at 18:18 Comment(2)
Any idea how to add a timestamp to the signature? applyTSA is not implemented on the library :(Hexameter
Any idea how to get the public key and then use it to verify the PDF was not tampered with?Frisch

© 2022 - 2024 — McMap. All rights reserved.