thank you so much for your helpful comments and for pointing me in the right direction.
I'm currently working with the same mobile signature provider and services described in this StackOverflow post, and the endpoints have not changed.
Here's what I'm doing:
I calculate the PDF hash based on the byte range (excluding the /Contents field as expected).
I then Base64 encode this hash and send it to the remote signing service.
The service returns an XML Signature structure, containing only the signature value and the certificate. It does not re-hash the input — it signs the hash directly.
Based on that signature and certificate, I construct a PKCS#7 (CAdES) container and embed it into the original PDF using signDeferred.
However, when I open the resulting PDF in Adobe Reader, I still get a “signature is invalid” error.
Additionally, Turkcell also offers a PKCS#7 signing service, but in that case, the returned messageDigest is only 20 bytes, which doesn’t match the 32-byte SHA-256 digest I computed from my PDF. Because of this inconsistency, I cannot proceed using their PKCS#7 endpoint either.
I’m really stuck at this point and unsure how to proceed. Do you have any advice on:
how to correctly construct the PKCS#7 from a detached XML signature (raw signature + certificate)?
whether I must include signed attributes, or if there's a way to proceed without them?
or any clues why Adobe might mark the signature as invalid even when the structure seems correct?
Any help would be greatly appreciated!