----- Original Message ----- From: "Anders Rundgren" <[EMAIL PROTECTED]> To: "Post all your questions about iText here" <[email protected]> Sent: Saturday, June 03, 2006 11:58 AM Subject: [iText-questions] Stupid signature algorithm question
>I have indeed succeed creating signatures that validate in Adobe SW. > > The problem is that I don't understand why they validate because it seems > that they do not follow PKCS #7. > > "An example with an external hash and signature in Windows Certificate > Mode" > http://itextpdf.sourceforge.net/howtosign.html > > The strange thing IMO is that the signature algorithm is RSAwithSHA1 but > that > the signed data is also digested with SHA1 before signed. To me it looks > like > two SHA1s in a row followed by an RSA signature. > > Where is my thinking going wrong? > That's an Adobe invention but it makes sense. Most of the signature packages work by getting the data and returning the signature. In Adobe's way, you just have to provide an hash and not the complete PDF. If you are signing remotely this will save time and bandwidth. > "An example with an external signature in Self Sign Mode" > looks a bit weird and don't compile either. > There were a couple of bugs there that are fixed now. If it looks weird it's because it's a PKCS#1 and not a PKCS#7. KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(new FileInputStream("my_private_key.pfx"), "my_password".toCharArray()); String alias = (String)ks.aliases().nextElement(); PrivateKey key = (PrivateKey)ks.getKey(alias, "my_password".toCharArray()); Certificate[] chain = ks.getCertificateChain(alias); PdfReader reader = new PdfReader("original.pdf"); FileOutputStream fout = new FileOutputStream("signed.pdf"); PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0'); PdfSignatureAppearance sap = stp.getSignatureAppearance(); sap.setCrypto(key, chain, null, PdfSignatureAppearance.SELF_SIGNED); sap.setReason("I'm the author"); sap.setLocation("Lisbon"); // comment next line to have an invisible signature sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null); sap.setExternalDigest(new byte[128], null, "RSA"); sap.preClose(); PdfPKCS7 sig = sap.getSigStandard().getSigner(); Signature sign = Signature.getInstance("SHA1withRSA"); sign.initSign(key); byte buf[] = new byte[8192]; int n; InputStream inp = sap.getRangeStream(); while ((n = inp.read(buf)) > 0) { sign.update(buf, 0, n); } sig.setExternalDigest(sign.sign(), null, "RSA"); PdfDictionary dic = new PdfDictionary(); dic.put(PdfName.CONTENTS, new PdfString(sig.getEncodedPKCS1()).setHexWriting(true)); sap.close(dic); Paulo _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions
