You can use an external signature. Now that the bouncycastle libraries
are required I'm modifying PdfPKCS7.java to use the existing crypto
libraries to do all the work including decoding all the algorithm types.
When it's ready it will be easier to use other algorithms.
Paulo
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Robert Esterer
> Sent: Thursday, March 01, 2007 1:36 PM
> To: 'Post all your questions about iText here'
> Subject: [iText-questions] Signatures with SHA256
>
> Hello,
>
> Because of the upcoming requirements for Qualified Signatures
> in Germany it
> might (or probably will) be necessary to replace SHA1 with
> SHA256 by the end
> of this year [1].
> I looked at the current PDF Reference (1.7) and accoring to it, SHA256
> support already came with PDF 1.6.
>
> The way I understand that table (p. 740 in the Reference)
> using SHA256 (or
> any algorithm other than SHA1) for hashing the document itself is only
> possible if the subfilter is either "adbe.x509.rsa.sha1" or
> "adbe.pkcs7.detached".
> The former does not includes CRLs and generally does not
> require revocation
> checks, so it's not really an option.
>
> "adbe.pkcs7.detached" seems to be what I am looking for, but
> I can't really
> figure out how to use it in iText.
> During my experiments I noticed that iText does not have the
> OIDs for all
> the new algorithms (PdfPKCS7.java). I added the SHA256 OID and the
> corresponding case in the constructor. I crated a patch and
> attached it to
> the mail. (I'll be glad to add all the others as well)
>
> The only remaining questions for me are:
> How do I use a custom filter/subfilter combo with a custom
> hash algorithm
> without editing iText?
> There is no set method for "hashAlgorithm" and I didn't see
> any obvious
> candidates for it. My idea would be tho just create my own
> little class that
> extends PdfSigGenericPKCS.
> Also, there is no signing example for VeriSign (=
> ADBE_PKCS7_DETACHED) and
> external signature & digest generation, but am I right in the
> assumption
> that it would work identical to the WINCER_SIGNED example?
>
> Thanks in advance,
> Robert
>
> [1] http://www.bsi.de/esig/kryptoalg.htm
>
Aviso Legal:
Esta mensagem é destinada exclusivamente ao destinatário. Pode conter
informação confidencial ou legalmente protegida. A incorrecta transmissão desta
mensagem não significa a perca de confidencialidade. Se esta mensagem for
recebida por engano, por favor envie-a de volta para o remetente e apague-a do
seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de
usar, revelar ou distribuir qualquer parte desta mensagem.
Disclaimer:
This message is destined exclusively to the intended receiver. It may contain
confidential or legally protected information. The incorrect transmission of
this message does not mean the loss of its confidentiality. If this message is
received by mistake, please send it back to the sender and delete it from your
system immediately. It is forbidden to any person who is not the intended
receiver to use, distribute or copy any part of this message.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://itext.ugent.be/itext-in-action/
