Hello, Because of the upcoming requirements for Qualified Signatures in Germany it might (or probably will) be necessary to replace SHA1 with SHA256 by the end of this year [1]. I looked at the current PDF Reference (1.7) and accoring to it, SHA256 support already came with PDF 1.6.
The way I understand that table (p. 740 in the Reference) using SHA256 (or any algorithm other than SHA1) for hashing the document itself is only possible if the subfilter is either "adbe.x509.rsa.sha1" or "adbe.pkcs7.detached". The former does not includes CRLs and generally does not require revocation checks, so it's not really an option. "adbe.pkcs7.detached" seems to be what I am looking for, but I can't really figure out how to use it in iText. During my experiments I noticed that iText does not have the OIDs for all the new algorithms (PdfPKCS7.java). I added the SHA256 OID and the corresponding case in the constructor. I crated a patch and attached it to the mail. (I'll be glad to add all the others as well) The only remaining questions for me are: How do I use a custom filter/subfilter combo with a custom hash algorithm without editing iText? There is no set method for "hashAlgorithm" and I didn't see any obvious candidates for it. My idea would be tho just create my own little class that extends PdfSigGenericPKCS. Also, there is no signing example for VeriSign (= ADBE_PKCS7_DETACHED) and external signature & digest generation, but am I right in the assumption that it would work identical to the WINCER_SIGNED example? Thanks in advance, Robert [1] http://www.bsi.de/esig/kryptoalg.htm
sha256.patch
Description: Binary data
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://itext.ugent.be/itext-in-action/
