> Why do you need to modify iText classes if in the latest release
> SHA-512/384/256 and RIPEMD are supported?
Nice!
But how (Java)? It seems that when you set the Filter/SubFilter,
PdfSignatureAppearance instantiates one of the 3 predefined classes:
if (PdfName.ADOBE_PPKLITE.equals(getFilter()))
sigStandard = new PdfSigGenericPKCS.PPKLite(getProvider());
else if (PdfName.ADOBE_PPKMS.equals(getFilter()))
sigStandard = new PdfSigGenericPKCS.PPKMS(getProvider());
else if (PdfName.VERISIGN_PPKVS.equals(getFilter()))
sigStandard = new PdfSigGenericPKCS.VeriSign(getProvider());
else
throw new IllegalArgumentException("Unknown filter: " +
getFilter());
But all of them uses a fixed hash algorithm:
public PPKLite() {
super(PdfName.ADOBE_PPKLITE, PdfName.ADBE_X509_RSA_SHA1);
hashAlgorithm = "SHA1";
put(PdfName.R, new PdfNumber(65541));
}
[...]
public VeriSign() {
super(PdfName.VERISIGN_PPKVS, PdfName.ADBE_PKCS7_DETACHED);
hashAlgorithm = "MD5";
put(PdfName.R, new PdfNumber(65537));
}
[...]
public PPKMS() {
super(PdfName.ADOBE_PPKMS, PdfName.ADBE_PKCS7_SHA1);
hashAlgorithm = "SHA1";
}
So... How do i set a different hash algorithm?
I create the signatures with some code like this (keyEntry is a
PrivateKeyEntry):
PdfReader pdfReader = new PdfReader(file);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
PdfStamper stp = PdfStamper.createSignature(pdfReader,baos,'\0',null,true);
PdfSignatureAppearance sap = stp.getSignatureAppearance();
sap.setCrypto(
keyEntry.getPrivateKey(),
keyEntry.getCertificateChain(),
null,
PdfSignatureAppearance.SELF_SIGNED
);
stp.close();
And I save the bytes from "baos" (the ByteArrayOutputStream) to disk as a
signed PDF file.
AFIAK, a combination of Filter PdfName.ADOBE_PPKLITE and SubFilter
PdfName.ADBE_X509_RSA_SHA1 or PdfName.ADBE_PKCS7_DETACHED should work with
SHA-2, but don't know how to change the default algorithm.
Is there any example anywhere? Can anyone please help?
Thanks a lot!!
> From: [email protected]
> To: [email protected]
> Date: Sun, 26 Jul 2009 14:43:04 +0100
> Subject: Re: [iText-questions] Is there a way to digitally sign a PDF with
> iText using SHA-256/SHA-384/SHA-512?
>
> Why do you need to modify iText classes if in the latest release
> SHA-512/384/256 and RIPEMD are supported?
>
> Paulo
>
> ----- Original Message -----
> From: "Tomas García-Merás Capote"
> To:
> Sent: Sunday, July 26, 2009 1:51 PM
> Subject: [iText-questions] Is there a way to digitally sign a PDF with iText
> using SHA-256/SHA-384/SHA-512?
>
>
>
> Hello,
>
> I'm trying to modify some iText classes to allow SHA-2 hashes on the
> digital signatures, but Adobe Reader 9.1.2 always finds problems with the
> generated PDF (BER decoding error, etc.), no matter if using iText to
> generate the PKCS#7, inserting an externally generated PKCS#7... Is there an
> easy way for using SHA-512/384/258 on digital signatures with iText? Now
> that it uses a complete BouncyCastle for such things it should be
> possible...
>
> Thx!!
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> iText-questions mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> Buy the iText book: http://www.1t3xt.com/docs/book.php
> Check the site with examples before you ask questions:
> http://www.1t3xt.info/examples/
> You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
_________________________________________________________________
Llévate Messenger en el móvil a todas partes ¡Conéctate!
http://www.microsoft.com/spain/windowsmobile/messenger/default.mspx
------------------------------------------------------------------------------
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.1t3xt.com/docs/book.php
Check the site with examples before you ask questions:
http://www.1t3xt.info/examples/
You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
