Thanks for your reply,
I gave you the dictionaries because I was operating under the assumption it
might be a PDF version signing version conflict kind of thing, because the
entries are so different! In answer to your question "Is there a special
reason you create PKCS#1 signatures?" - As a newbie I can only assume it must
be the iText code I am using. Thus, here is my code, without all of its try
catch error handling logic, which is almost identical Paulo Soares code at
(http://itextpdf.sourceforge.net/howtosign.html#howtosign). Please note that
the code works fine to apply the certification signature using iText libraries,
it just does not work when I apply the same signature to a named signature
field in its FDF form.
===
public static Boolean signPdfForm(String workFileFullPathName, String
targetedSignedFullPathName
, String keystoreFullPathName, int iCertLevel
, String keystorePassword, String sReasonSigned, String
sLocationOfSigner
, Rectangle rectSignatureField, int iPage, String digSigFieldName
, String requestID, String attachmentType) {
Boolean signedPdfForm = false;
FileInputStream fis = null;
KeyStore ks = null;
String alias = null;
PrivateKey key = null;
Certificate[] chain = null;
PdfReader reader = null;
FileOutputStream fout = null;
PdfStamper stp = null;
PdfSignatureAppearance sap = null;
ks = KeyStore.getInstance(PKCS12_KEYSTORE_FORMAT_TYPE);
fis = new FileInputStream(keystoreFullPathName);
ks.load(fis, keystorePassword.toCharArray());
alias = (String)ks.aliases().nextElement();
key = (PrivateKey)ks.getKey(alias, keystorePassword.toCharArray());
chain = ks.getCertificateChain(alias);
reader = new PdfReader(workFileFullPathName);
if (iCertLevel > -1) {
fout = new FileOutputStream(targetedSignedFullPathName);
} else {
//fout = new FileOutputStream(targetedSignedFullPathName, true);
fout = new FileOutputStream(targetedSignedFullPathName);
}
if (iCertLevel > -1) {
stp = PdfStamper.createSignature(reader, fout, '\0');
} else {
// Apply a second signature by making argument 4 Append == true
// Replace null with 'new File("/temp")' should you want a temporary file
to be output
//stp = PdfStamper.createSignature(reader, fout, '\0');
stp = PdfStamper.createSignature(reader, fout, '\0', null, true);
}
sap = stp.getSignatureAppearance();
//sap.setCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED);
// If incorrectly specify WINCER_SIGNED, then one gets
"java.lang.NoSuchFieldError: INSTANCE" error.
sap.setCrypto(key, chain, null, PdfSignatureAppearance.SELF_SIGNED);
if (iCertLevel > -1) {
sap.setCertificationLevel(iCertLevel);
}
sap.setReason(sReasonSigned);
sap.setLocation(sLocationOfSigner);
if ( (rectSignatureField != null) && (iPage > 0) && (digSigFieldName == null)
) {
sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null);
} else if (digSigFieldName != null) {
sap.setVisibleSignature(digSigFieldName);
if (stp != null) stp.close();
if (reader != null) reader.close();
if (fout != null) fout.close();
if (fis != null) fis.close();
return signedPdfForm;
}
===
The operational sequence before calling this code is:
1. Validate
2. Append any incremental saves from the client.
3. Sign the document with the above algorithm.
Problem persists when signing no reader extensions added, no certification
present, or both Reader Extensions and certification present.
Thanks for your patience.
Mike
-----Original Message-----
From: mkl [mailto:[email protected]]
Sent: Tuesday, April 27, 2010 11:18 AM
To: [email protected]
Subject: Re: [iText-questions] IText Approval Signature Signing Always Reported
as Corrupted
Mike,
M_Borg wrote:
> I am new to using iText and Adobe Acrobat. I do not know the cause of an
> approval signature being reported as corrupted. The same signing
> algorithm routine succeeds without a problem when performing
> certifications. Unfortunately, when trying to sign a visible signature
> field the signature is never reported as valid, whether signing a iText
> certified document that allows for comments, form fill-in, etc. or an
> uncertified PDF form. The version of the form being signed is version
> 1.6. It is not an XFA or XML PDF and is just a simple single page form.
It sure would be easier for us to try and help you if you attached an
example result of the signature applied your way with iText. An additional
bit of sample code would make everything complete.
Merely looking at the signature dictionary, the following looks a bit weird:
M_Borg wrote:
> 61 0 obj
> <</ByteRange[0 122373 133007 2977 ]
> /Contents< hashvalue >
> [...]
> /SubFilter/adbe.pkcs7.detached/Type/Sig>>
If the contents actually only contain some hash value, that signature for
sure wont verify as a PKCS#7 container is expected.
M_Borg wrote:
> 78 0 obj
> <</Filter/Adobe.PPKLite
> [...]
> /Contents < smaller_hash_value >
> [...]
> /SubFilter/adbe.x509.rsa_sha1
> /ByteRange [0 115798 116320 8742 ]>>
If the contents actually only contain some hash value, that signature for
sure wont verify as a PKCS#1 container is expected.
Is there a special reason you create PKCS#1 signatures? As ISO 32000-1:2008
states, the format for encoding signature values should be
adbe.pkcs7.detached.
Regards, Michael.
--
View this message in context:
http://old.nabble.com/IText-Approval-Signature-Signing-Always-Reported-as-Corrupted-tp28377946p28378274.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.itextpdf.com/book/
Check the site with examples before you ask questions:
http://www.1t3xt.info/examples/
You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
------------------------------------------------------------------------------
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.itextpdf.com/book/
Check the site with examples before you ask questions:
http://www.1t3xt.info/examples/
You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
