Can you send me the testdsa.p12 or other private key so that I can reproduce the problem?
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Chris C > Sent: Monday, June 06, 2005 4:50 PM > To: itext-questions@lists.sourceforge.net > Subject: [iText-questions] Invalid or Corrupt Signature > > Apologies for the long post. > > I am using iText (Version 1.3) to sign existing signatures fields in > a PDF Document (using the Windows Certificate Security method). The > signature fields were originally created using iText as well. I am > getting an intermittent problem when creating the signatures. One of > the following three situations occurs. > > 1. Signature is created and is valid in Acrobat > 2. IllegalArgumentException is thrown with message "The key /Contents > is too big" > 3. Signature appears to be created successfully, but is invalid in > acrobat (document has changed or has been corrupted). > > I am using the same input document and key. The only parameter that > changes is the signing time. Having looked at the iText source I think > the problem is occurring when the digital signature is created. In the > getEncodedPKCS7 method in the PdfPKCS7 class, the digest is set to the > result of the sign method called on the Signature object. However, the > length of the byte array returned varies from 46 to 47 bytes. This > causes a problem because the getEncodedPKCS7 method is called twice > when generating the signature. It is called once during the > setSignInfo method and again during the getSignerContents method in > the PdfSigGenericPKCS class. > > The setSignInfo method is called during the preClose method of the > PdfSignatureAppearance. The getSignerContents method is called from > the PdfStamper close method. The problem occurs when the returned > signatures are not the same length. The length of the /Contents key is > determined by the length of the signature generated during the > setSignInfo call. The actual byte value set in the PDF document > appears to be the one generated during the PdfStamper close method. If > both signatures are the same length, situation 1 occurs. If the first > signature is shorter than the second, situation 2 occurs. If the first > signature is longer than the second, situation 3 occurs. > > There doesn't appear to be any way of predicting what will happen. It > can work 8 or 9 times in a row and then fail. Or it can fail on the > first try. I have tried two different documents and different > certificates. I have also tried using both the SunJCE and the > BouncyCastle one. The problem only occurs when using a DSA signature. > > The following is the code I'm using to create the signatures: > > import java.io.FileInputStream; > import java.io.FileOutputStream; > import java.security.KeyStore; > import java.security.PrivateKey; > import java.security.cert.Certificate; > import java.util.ArrayList; > > import com.lowagie.text.pdf.AcroFields; > import com.lowagie.text.pdf.PdfReader; > import com.lowagie.text.pdf.PdfSignatureAppearance; > import com.lowagie.text.pdf.PdfStamper; > > public class Example { > > public static void main(String[] args) { > > try { > FileOutputStream fos = new > FileOutputStream("c:/out.pdf"); > > KeyStore ks = > KeyStore.getInstance("PKCS12"); > > ks.load(new > FileInputStream("c:/testdsa.p12"), > "password".toCharArray()); > String alias = (String) > ks.aliases().nextElement(); > > //Get the private key and > certificate chain > PrivateKey key = (PrivateKey) > ks.getKey(alias, > "password".toCharArray()); > Certificate[] chain = > ks.getCertificateChain(alias); > PdfReader _reader = new > PdfReader("c:/signature.pdf"); > > //Find the signature fields > AcroFields af = _reader.getAcroFields(); > ArrayList names = > af.getSignatureNames(); > PdfStamper stp = null; > > if (names.size() == 0) { > stp = > PdfStamper.createSignature(_reader, fos, '\0'); > } else { > stp = > PdfStamper.createSignature(_reader, fos, '\0', null, > true); > } > > PdfSignatureAppearance sap = > stp.getSignatureAppearance(); > sap.setCrypto(key, chain, null, > PdfSignatureAppearance.WINCER_SIGNED); > sap.setReason(""); > sap.setLocation(""); > sap.setVisibleSignature("mysig"); > sap.setAcro6Layers(true); > stp.close(); > > }catch(Exception e){ > e.printStackTrace(System.out); > } > > > } > } > > > Is this a problem with my set-up or a bug? > > > > Regards > > Chris > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: NEC IT Guy Games. How far > can you shotput > a projector? How fast can you ride your desk chair down the > office luge track? > If you want to score the big prize, get to know the little guy. > Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 > _______________________________________________ > iText-questions mailing list > iText-questions@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/itext-questions > ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions
