Hi Michael, you absolutely right : Never throw away the PDF you once created the hash for !
We store it on disk because you can't create it again with the same hash. Thanks for emphasizing it ! Andreas ----- Original Message ---- From: mkl <[email protected]> To: [email protected] Sent: Tue, January 26, 2010 9:35:54 AM Subject: Re: [iText-questions] Merge of detached signature Leonard, Andreas, Mathieu, Leonard Rosenthol-3 wrote: > Right - that's the normal approach for external signing which the poster > said doesn't work for them. > > Leonard Maybe they simply made the usual error --- throwing away the PdfStamper they calculated the hash with, and injecting the received PKCS#7 container into a new PdfStamper instance differing at least in the modification timestamps and IDs. Mathieu wasn't very specific when explaining how he implemented the multi-step scenario which didn't work. Regards, Michael. From: Andreas Kuehne [mailto:[email protected]] > > Of course it's possible what your describing : > > - Build a semi-signed PDF with room for the signature > - Get the hash value > - Store the half-baked PDF on disk > - Sign the hash and create a PKCS7-Signature, somtimes later, somewhere > - Insert the signature into the spare bytes in the PDF > - Ready > > Due to wierd legal requirements we had to take this multi-step approach > and it works ! > > > From: Mathieu Fortin <[email protected]> > > Ok that's what I thought, thx. > > > From: Leonard Rosenthol > > No, it is not possible due to how PDF signatures work. > > > From: Mathieu Fortin [mailto:[email protected]] > > Is it possible for a client to get the content to be signed from a server > app (which uses itext) , sign that hash, and send that pkcs7 to the server > app which would "merge" it in the original pdf? > > It works when we do a single step, ie as shown in the detached signatures > example, but it doesn't work in the scenario stated above. -- View this message in context: http://old.nabble.com/Merge-of-detached-signature-tp27314294p27319370.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/ ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
