Thank you Paulo! After I've changed to "new byte[256]", program works with 2k length key, but generates invalid signature with 1k length key. As I understand, 1k length key requires 128 byte digest, 2k length key - 256 byte. Is it possible to determinate required digest size depending on key size? Sorry for a stupid questions, I'm newbie in Java-programming...
Paulo Soares wrote: > Replace "new byte[128]" with "new byte[256]". > > Paulo > >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On >> Behalf Of Android Andrew [:] >> Sent: Friday, September 15, 2006 12:42 PM >> To: [email protected] >> Subject: [iText-questions] IllegalArgumentException: The key >> /Contents istoo big. (RSA 2k ???) >> >> Hello everybody! >> >> I've faced with problem similar to described here: >> 26 Oct 2005 >> http://www.mail-archive.com/[EMAIL PROTECTED] >> net/msg19419.html >> >> If I'm using 1k length private key, everything is Ok, but if I try to >> use 2k length key, I get this: >> >> Exception in thread "main" >> java.lang.IllegalArgumentException: The key >> /Contents is too big. Is 522, reserved 264 >> at >> com.lowagie.text.pdf.PdfSignatureAppearance.close(PdfSignature >> Appearance.java:1040) >> >> My code is based on receipt from >> http://itextpdf.sourceforge.net/howtosign.html#signextstd >> >> Does anybody faced with such problem or knew how to deal with it? >> >> >> >> Here is a part of my code: >> >> .... >> KeyStore ks = KeyStore.getInstance("pkcs12"); >> ks.load(new FileInputStream(KeyFileName), >> Pass.toCharArray()); >> String alias = (String) ks.aliases().nextElement(); >> PrivateKey key = >> (PrivateKey)ks.getKey(alias,Pass.toCharArray()); >> Certificate[] chain = ks.getCertificateChain(alias); >> PdfReader reader = new PdfReader(InFileName); >> FileOutputStream fout = new >> FileOutputStream(OutFileName); >> PdfStamper stp = >> PdfStamper.createSignature(reader,fout,'\0'); >> PdfSignatureAppearance sap = >> stp.getSignatureAppearance(); >> sap.setCrypto(key,chain, null, >> PdfSignatureAppearance.SELF_SIGNED); >> sap.setReason(Reason); >> sap.setLocation(Location); >> if (isVisible) >> sap.setVisibleSignature(new >> Rectangle(475,15,575,115), >> 1, null); >> sap.setExternalDigest(new byte[128], null, "RSA"); >> sap.preClose(); >> PdfPKCS7 sig = sap.getSigStandard().getSigner(); >> Signature sign = Signature.getInstance("SHA1withRSA"); >> sign.initSign(key); >> byte buf[] = new byte[8192]; >> int n; >> InputStream inp = sap.getRangeStream(); >> while ((n = inp.read(buf)) > 0) { >> sign.update(buf,0,n); >> } >> sig.setExternalDigest(sign.sign(), null, "RSA"); >> PdfDictionary dic = new PdfDictionary(); >> dic.put(PdfName.CONTENTS, new >> PdfString(sig.getEncodedPKCS1()).setHexWriting(true)); >> sap.setCertified(true); >> sap.close(dic); >> ... >> >> >> -------------------------------------------------------------- >> ----------- >> Using Tomcat but need to do more? Need to support web >> services, security? >> Get stuff done quickly with pre-integrated technology to make >> your job easier >> Download IBM WebSphere Application Server v.1.0.1 based on >> Apache Geronimo >> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&; >> dat=121642 >> _______________________________________________ >> iText-questions mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/itext-questions >> > > > Aviso Legal: > Esta mensagem é destinada exclusivamente ao destinatário. Pode conter > informação confidencial ou legalmente protegida. A incorrecta transmissão > desta mensagem não significa a perca de confidencialidade. Se esta mensagem > for recebida por engano, por favor envie-a de volta para o remetente e > apague-a do seu sistema de imediato. É proibido a qualquer pessoa que não o > destinatário de usar, revelar ou distribuir qualquer parte desta mensagem. > > Disclaimer: > This message is destined exclusively to the intended receiver. It may contain > confidential or legally protected information. The incorrect transmission of > this message does not mean the loss of its confidentiality. If this message > is received by mistake, please send it back to the sender and delete it from > your system immediately. It is forbidden to any person who is not the > intended receiver to use, distribute or copy any part of this message. > > > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > > ------------------------------------------------------------------------ > > _______________________________________________ > iText-questions mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/itext-questions ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions
