From 50420e5013b56759858f32126e201f44fe32b741 Mon Sep 17 00:00:00 2001
From: Paul van Brouwershaven <paul@vanbrouwershaven.com>
Date: Fri, 15 Jul 2022 17:22:57 +0200
Subject: [PATCH] Set default DigestAlgorithm with SHA256

---
 sign/sign.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sign/sign.go b/sign/sign.go
index aec7477..410673a 100644
--- a/sign/sign.go
+++ b/sign/sign.go
@@ -162,6 +162,9 @@ func (context *SignContext) SignPDF() error {
 	if context.SignData.Signature.DocMDPPerm == 0 {
 		context.SignData.Signature.DocMDPPerm = 1
 	}
+	if !context.SignData.DigestAlgorithm.Available() {
+		context.SignData.DigestAlgorithm = crypto.SHA256
+	}
 
 	context.OutputBuffer = filebuffer.New([]byte{})
 
@@ -199,6 +202,9 @@ func (context *SignContext) SignPDF() error {
 		context.SignatureMaxLength += uint32(hex.EncodedLen(512))
 	}
 
+	// Add size of digest algorithm twice (for file digist and signing certificate attribute)
+	context.SignatureMaxLength += uint32(hex.EncodedLen(context.SignData.DigestAlgorithm.Size() * 2))
+
 	// Add size for my certificate.
 	degenerated, err := pkcs7.DegenerateCertificate(context.SignData.Certificate.Raw)
 	if err != nil {