Hi Michael, that's an intersting detail ! I would always interpret the filter by the letters ... So'll I have to tweak a bit to accept non-SHA-1with this filter !
But in the other hand, PDF32000_2008 says : 12.8.3.2 [...] For signing PDF files using PKCS#1, the only value of SubFilter that should be used is adbe.x509.rsa_sha1, which uses the RSA encryption algorithm and SHA-1 digest method. [...] There is not much room for others algos ... Greetings Andreas ----- original Nachricht -------- Betreff: Re: [iText-questions] Digital signature with DSA key Gesendet: Mo, 07. Feb 2011 Von: mkl<[email protected]> > > Rafael, > > Rafael Wampfler wrote: > > For my understanding: > > RSA/1024 signature is 128bytes long (which is 1024 / 8) > > DSA signature is shorter. Is the length variable? > > Unfortunately I have no idea... I have not yet had to tinker with anything > but RSA based signatures... ;) > > Rafael Wampfler wrote: > > sig.getEncodedPKCS1().length says the length is 49. Reserving new > byte[49] > > or a bit more or less also gives an invalid signature. Is there a way to > > calculate the length of a signature before creating it? How big should i > > make this array? > > Your sample file looks like there was place for two additional bytes (four > additional hex characters), so I would think 47 is your number. > > Oops, as Andreas just mentioned, the subfilter adbe.x509.rsa.sha1 requires > rsa signatures (Andreas: in spite of the name, though, sha1 is not > required, > at least not since PDF 1.6 anymore: "Despite the appearance of sha1 in the > name of this SubFilter value, supported encodings shall not be limited to > the SHA1 algorithm. The PKCS#1 object contains an identifier that indicates > which algorithm shall be used."). I had the wrong "algorithms allowed in > spite of subfilter name" on my mind. > > Regards, Michael. > > PS: Therefore you should take PKCS#7 generating code as template. Visit > http://itextpdf.sourceforge.net/howtosign.html for inspiration and search > for adbe.pkcs7.detached. > -- > View this message in context: > http://itext-general.2136553.n4.nabble.com/Digital-signature-with-DSA-key-tp > 3264088p3264339.html > Sent from the iText - General mailing list archive at Nabble.com. > > ---------------------------------------------------------------------------- > -- > The modern datacenter depends on network connectivity to access resources > and provide services. The best practices for maximizing a physical server's > connectivity to a physical network are well understood - see how these > rules translate into the virtual world? > http://p.sf.net/sfu/oracle-sfdevnlfb > _______________________________________________ > iText-questions mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/itext-questions > > Many questions posted to this list can (and will) be answered with a > reference to the iText book: http://www.itextpdf.com/book/ > Please check the keywords list before you ask for examples: > http://itextpdf.com/themes/keywords.php > --- original Nachricht Ende ---- ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
