Hi Andrius, you got very interesting requirements !
Anyway, I would expect an OCSP response to be an _un_signed property of the signature. In some paranoid environments the OCSP response has to be some hours younger than the signature. Moreover the signer doesn't know anything about the OCSP response, so why should the signer do any signed statement about it ? Same for the TSP, could be added as an unsigned propertylater on. You just need to take care about reserving enough space in the PDFs signature field. Greetings Andreas ----- Original Message ---- From: Andrius Juozapaitis <andri...@gmail.com> To: Post all your questions about iText here <itext-questions@lists.sourceforge.net> Sent: Monday, August 10, 2009 10:27:19 AM Subject: [iText-questions] Multiple digital signatures Hey, One of our clients needs digital signing of pdf documents, he has all the ocsp/tsp services inhouse. I've already implemented this using using iText 2.1.7 - works like a charm, thanks Paulo! Now, they want something else: instead of applying signature-ocsp-timestamp in one transaction, they want a possibility to split it into two: 1) sign the pdf with a digital signature 2) apply the ocsp and timestamp information *for the certificate that was used in the first signature* in a second signature, without requiring the digital smartcard using in the first step. Now, I am pretty sure that's impossible, as OCSP information is a signed attribute [1] - so you can't modify the first signature without invalidating it, and you can't create a second signature without an original digital smartcard, as revocation information is stored for the certificate, that the document is being signed with. Am I on the right track here? Best regards, Andrius Juozapaitis [1] http://www.adobe.com/devnet/acrobat/pdfs/PDF32000_2008.pdf section #12.8.1 ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
