Hi. Thank you for your help so far. I just needed one more clarity.
So I can sign on a Document using /sign api. Then I am able to downloaded the signed document also. One thing i wanted to try was verify signature. So, I triggered /verifySignature api and it also gave me ok response.
{
"Valid": true,
"Code": 200,
"Status": "OK"
}
Now, I tried to made some modifications in the pdf, and then uploaded it. So, basically it is like the case where pdf has been tempered. Then, when I tried to again hit verification api, and I got below response:
{
"RequestId": "f2e78a2335b20be9a2eaad9a375bfaef",
"Error": {
"Code": "internalError",
"Message": "The signature: sign1 is compromised. The signature data is corrupted or missing. The digital signature is compromised by USF.",
"Description": "Operation Failed. Internal error.",
"DateTime": "2025-03-24T10:47:28.1318038Z",
"InnerError": null
}
}
I just wanted to confirm if my understanding is correct. And is there any list of error messages, code covering all these cases?
@rajatdpw
The method will return a description of the error in the message field, there are no predefined error codes.
Hey, I wanted to ask like is e-signature generated through aspose apis valid across all countries? Basically, does it comply with digital signature laws across countries? If yes, can you share any doc which explains because I might need it for security approval.
@rajatdpw
Please provide more details that need to be followed according to digital delivery laws in different countries.
Legal information is available at Legal - About - aspose.app.
Description of working with API signature at Sign PDF Documents|Documentation
hi. Thanks for sharing this. We usually integrate with aspose on premise apis. So, I wanted to understand if e-sign is available in on premise as well. Also, I believe aspose might be creating hash of files using private key and then validating through public key in pfx file. So in case of on premise, where is this being stored. I mean, is this how you are validating if file has been tempered with or not, correct? Please correct me if I am missing something. Thanks!
Hi. Just a follow up. I tested with on premise and it is working fine. I wanted to just confirm that if we are using pkcs7 method, we must be storing document hash somewhere right?
We need to be sure that we don’t make a network call in on premise approach. Please clarify.
Hi. Awaiting your reply. I am chasing a deadline so would appreciate quick support.
@rajatdpw
Hi, you can use data dir, all processed files will be stored there. You can use variables to run docker container, documentation is available https://hub.docker.com/r/aspose/pdf-cloud
Hi. I didn’t get any answer to query. Can you please cross check my questions… Mounting and everything is already taken care of. My question is with respect to approach itself. If you are using pkcs7 for verification, then you must be storing document hash. Where is this getting stored? Is it in your db and you are making a network call to make it work? I need clarity on this
@rajatdpw
No, there is no extra network request to verify the signature; the signature hash is stored inside the document.
1 Like
That’s a great help. Thank you so much.