Hello, first of all thanks so much Michael.
Well, you're right, if I use an external hash and signature, it works fine.
But now, you say *"using a good guess of the expected signature size"*...
and my question is: How can I estimate a good size for my signature? And how
can it impact in the resultant pdf?
Anyway, I used the example, as it is on the examples page, and it works:
sap.setExternalDigest(new byte[128], new byte[20], "RSA");
sap.*preClose*();
MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
byte buf[] = new byte[8192];
int n;
InputStream inp = sap.*getRangeStream*();
while ((n = inp.read(buf)) > 0) {
messageDigest.update(buf, 0, n);
}
byte hash[] = messageDigest.digest();
PdfSigGenericPKCS sg = sap.getSigStandard();
PdfLiteral slit = (PdfLiteral)sg.get(PdfName.CONTENTS);
byte[] outc = new byte[(slit.getPosLength() - 2) / 2];
PdfPKCS7 sig = sg.getSigner();
Signature sign = Signature.getInstance("SHA1withRSA");
sign.initSign(key);
sign.update(hash);
sig.setExternalDigest(sign.sign(), hash, "RSA");
PdfDictionary dic = new PdfDictionary();
byte[] ssig = sig.getEncodedPKCS7();
System.arraycopy(ssig, 0, outc, 0, ssig.length);
dic.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true));
sap.*close*(dic);
Thanks in advance, Gervasio
2011/8/29 mkl <[email protected]>
> Gervasio Amy,
>
> Gervasio Amy wrote:
> > I'm using iText to sign pdf files, and I've got my private key on an
> > Aladdin eToken, which was formated with "secondary authentication mode
> > with RSA key", i.e. the token private keys are protected with another
> > password.
> > The question is that when I sign a pdf file, the library calls twice
> > PdfPKCS7>>getEncodedPKCS7()... (on PdfSignatureAppearance>>preClose() and
> > PdfSignatureAppearance>>close() ) and this method calls the native C_Sign
> > function, wich needs the private key password.
> >
> > The problem is that this behaviour is unwanted for me, because the final
> > user don't have to put the private key twice.
> >
> > Do you know how can I avoid this??
>
> The result of the first PdfPKCS7.getEncodedPKCS7() call essentially is used
> to determine the exact number of bytes required for the /Contents. This
> results in minimum length signed PDF files but also in two sign calls.
>
> If you want to circumvent this default behavior, you should not let iText
> build the signature dictionary in PdfSignatureAppearance.preClose() but
> supply one yourself beforehand using a good guess of the expected signature
> size. You actually may want to work with the PdfSignatureAppearance methods
> preClose(), getRangeStream(), and close() instead of the PdfStamper method
> close() and so have more control concerning the signature container
> creation
> process. For samples have a look at:
> http://itextpdf.sourceforge.net/howtosign.html
>
> Regards, Michael.
>
> PS: The signature API currently is being completely re-designed. Maybe the
> problem of multiple signature generation is resolved there. You, therefore,
> may simply wait for the publication if you can wait.
>
> --
> View this message in context:
> http://itext-general.2136553.n4.nabble.com/Re-Using-eToken-with-secondary-authentication-format-tp3772022p3776183.html
> Sent from the iText - General mailing list archive at Nabble.com.
>
>
> ------------------------------------------------------------------------------
> EMC VNX: the world's simplest storage, starting under $10K
> The only unified storage solution that offers unified management
> Up to 160% more powerful than alternatives and 25% more efficient.
> Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
> _______________________________________________
> iText-questions mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a
> reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples:
> http://itextpdf.com/themes/keywords.php
>
------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you'll get a free "Love Thy Logs" t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
