The standard filters use SHA-1. You have examples in http://itextpdf.sourceforge.net/howtosign.html on how to use others algorithms as an external signature.
Paulo ----- Original Message ----- From: "Tomas García-Merás Capote" <[email protected]> To: "Lista iText" <[email protected]> Sent: Sunday, July 26, 2009 9:00 PM Subject: Re: [iText-questions] Is there a way to digitally sign a PDF withiText using SHA-256/SHA-384/SHA-512? > Why do you need to modify iText classes if in the latest release > SHA-512/384/256 and RIPEMD are supported? Nice! But how (Java)? It seems that when you set the Filter/SubFilter, PdfSignatureAppearance instantiates one of the 3 predefined classes: if (PdfName.ADOBE_PPKLITE.equals(getFilter())) sigStandard = new PdfSigGenericPKCS.PPKLite(getProvider()); else if (PdfName.ADOBE_PPKMS.equals(getFilter())) sigStandard = new PdfSigGenericPKCS.PPKMS(getProvider()); else if (PdfName.VERISIGN_PPKVS.equals(getFilter())) sigStandard = new PdfSigGenericPKCS.VeriSign(getProvider()); else throw new IllegalArgumentException("Unknown filter: " + getFilter()); But all of them uses a fixed hash algorithm: public PPKLite() { super(PdfName.ADOBE_PPKLITE, PdfName.ADBE_X509_RSA_SHA1); hashAlgorithm = "SHA1"; put(PdfName.R, new PdfNumber(65541)); } [...] public VeriSign() { super(PdfName.VERISIGN_PPKVS, PdfName.ADBE_PKCS7_DETACHED); hashAlgorithm = "MD5"; put(PdfName.R, new PdfNumber(65537)); } [...] public PPKMS() { super(PdfName.ADOBE_PPKMS, PdfName.ADBE_PKCS7_SHA1); hashAlgorithm = "SHA1"; } So... How do i set a different hash algorithm? I create the signatures with some code like this (keyEntry is a PrivateKeyEntry): PdfReader pdfReader = new PdfReader(file); ByteArrayOutputStream baos = new ByteArrayOutputStream(); PdfStamper stp = PdfStamper.createSignature(pdfReader,baos,'\0',null,true); PdfSignatureAppearance sap = stp.getSignatureAppearance(); sap.setCrypto( keyEntry.getPrivateKey(), keyEntry.getCertificateChain(), null, PdfSignatureAppearance.SELF_SIGNED ); stp.close(); And I save the bytes from "baos" (the ByteArrayOutputStream) to disk as a signed PDF file. AFIAK, a combination of Filter PdfName.ADOBE_PPKLITE and SubFilter PdfName.ADBE_X509_RSA_SHA1 or PdfName.ADBE_PKCS7_DETACHED should work with SHA-2, but don't know how to change the default algorithm. Is there any example anywhere? Can anyone please help? Thanks a lot!! > From: [email protected] > To: [email protected] > Date: Sun, 26 Jul 2009 14:43:04 +0100 > Subject: Re: [iText-questions] Is there a way to digitally sign a PDF with > iText using SHA-256/SHA-384/SHA-512? > > Why do you need to modify iText classes if in the latest release > SHA-512/384/256 and RIPEMD are supported? > > Paulo > > ----- Original Message ----- > From: "Tomas García-Merás Capote" > To: > Sent: Sunday, July 26, 2009 1:51 PM > Subject: [iText-questions] Is there a way to digitally sign a PDF with > iText > using SHA-256/SHA-384/SHA-512? > > > > Hello, > > I'm trying to modify some iText classes to allow SHA-2 hashes on the > digital signatures, but Adobe Reader 9.1.2 always finds problems with the > generated PDF (BER decoding error, etc.), no matter if using iText to > generate the PKCS#7, inserting an externally generated PKCS#7... Is there > an > easy way for using SHA-512/384/258 on digital signatures with iText? Now > that it uses a complete BouncyCastle for such things it should be > possible... > > Thx!! ------------------------------------------------------------------------------ _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
