Andreas, Max,
Andreas Kuehne-3 wrote
> For curiosity I took a look at the signature, too. Here's what I got:
>
> 2012-01-31 20:04:13,281 ERROR (http-0.0.0.0-8080-7)
> [de.trustable.signingserver.Verifier] Signature ERROR from signer # 0 :
> javax.crypto.BadPaddingException: Invalid PKCS#1 padding: encrypted
> message and modulus lengths do not match!
Oops, you're right of course. I didn't look into the logs here as I got back
a report complaining about the untrusted root and, falsely, deduced that
everything (including the signature) could be properly decoded. In the logs
I now also find
javax.crypto.BadPaddingException: Data must start with zero
at sun.security.rsa.RSAPadding.unpadV15(RSAPadding.java:308)
at ...
> The decrypted signature content difinitly doesn't look like having a
> padding applied: This problem usually stems from unmatching signing keys /
> certificates.
Max uses the iText utility class PdfPKCS7:
PdfPKCS7 sig = new PdfPKCS7(null, certChain, null, "SHA-256",
null, false);
sig.setExternalDigest(hash, data, "RSA");
[...]
byte[] ssig = sig.getEncodedPKCS7(null, cal, null, ocsp);
To create his data he uses
var SignedData = new ActiveXObject("CAPICOM.SignedData");
SignedData.Content = src;
var Signer = FindCertificateByHash();
[...]
Signer.AuthenticatedAttributes.Add(TimeAttribute);
var szSignature = SignedData.Sign(Signer, false,
CAPICOM_ENCODE_BASE64);
As I don't use these classes myself, I don't know whether this usage is
correct nor do I know the format of the input or output data.
If wild guesses are allowed, though, adding some "TimeAttribute" to those
"Signer.AuthenticatedAttributes" might imply that "szSignature" not merely
contains some PKCS#1 signature to include into a signature container by
means of the iText PdfPKCS7 utility class but instead already a full-blown
CMS signature container which can be inserted into the PDF as is.
Can anyone deny or confirm?
Regards, Michael
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/Sign-and-PDF-with-SmartCard-and-web-browser-only-tp4319344p4347309.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
