#40 Weak PDF signature

[pierpaolo]

Hi,

I'm trying to use this library in order to sign PDF files.
I'm updating an old project so I'm using Borland C++ 2006.
I created a new project and compiled it correctly, opened and signed a document (using self created certificate) but it seems that the library creates SHA1 signatures while in EU are considered valid only at least SHA256 signatures.
I'm missing something?

[zyx]

Thanks for a bug report. I do not know which method to sign the document you use, but I do not see any force of a certain SHA algorithm in the litePDF itself, thus for example if you use https://litepdf.sourceforge.io/sign.cpp.html , then it can be the OpenSSL's default hash algorithm is SHA1. You can use any hash algorithm when using https://litepdf.sourceforge.io/signmanual.cpp.html , where you've everything under your control.

I'll see whether there can be done anything with the OpenSSL signing.

[zyx]

I added in [r32] API to set signature hash algorithm and made it default to SHA512. It also required to increase the default reserved bytes for the signature. It applies only to the internal signing API, not to the manual signing API.