Hi Michael, thanks for your instructional answer.
I already thought that this might not work correctly: appearance.setExternalDigest(new byte[128], null, "DSA"); For my understanding: RSA/1024 signature is 128bytes long (which is 1024 / 8) DSA signature is shorter. Is the length variable?sig.getEncodedPKCS1().length says the length is 49. Reserving new byte[49] or a bit more or less also gives an invalid signature. Is there a way to calculate the length of a signature before creating it? How big should i make this array?
Attachment: DSA signature with new byte[49] Regards, Rafael Am 07.02.11 15:26, schrieb mkl:
Rafael, Rafael Wampfler wrote:of course, here are the two documents. RSA working, DSA notIn Listing 12.19 (which was the one you started from) a placeholder byte[] of 128 bytes is used for the RSA/1024 signature as that kind of signature takes up exactly that much space. Accordingly a few more than 256 bytes (the exact number of bytes required to hold a hex-digit encoded PKCS#1 object holding a RSA/1024) are reserved in the PDF and are marked as the gap in the PDF which is not to be hashed. Later on filled they are filled with the actual signature. Now in testsignDSA.pdf you reserve the same number of bytes, too, but your signature is way smaller (the hex encoded PKCS#1 takes up less than 100 bytes). Thus, the gap in the PDF marked not to be hashed is way bigger than your signature. Adobe Reader considers this to be suspicious as the gap might contain PDF objects which could easily be manipulated without changing the hash. Therefore, Adobe Reader rejects your signature. You should reserve exactly the number of bytes you are going to use eventually. Either reserve less bytes or eventually pad your signature with 0 to be long enough. Adobe Acrobat actually talks about "SigDict /Contents illegal data". So maybe there are additional problems with your very signature. As soon as sizes match we can take the next step. Regards, Michael.
testsignDSA2.pdf
Description: Adobe PDF document
------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb
_______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
