Andreas, Max, Andreas Kuehne-3 wrote > For curiosity I took a look at the signature, too. Here's what I got: > > 2012-01-31 20:04:13,281 ERROR (http-0.0.0.0-8080-7) > [de.trustable.signingserver.Verifier] Signature ERROR from signer # 0 : > javax.crypto.BadPaddingException: Invalid PKCS#1 padding: encrypted > message and modulus lengths do not match!
Oops, you're right of course. I didn't look into the logs here as I got back a report complaining about the untrusted root and, falsely, deduced that everything (including the signature) could be properly decoded. In the logs I now also find javax.crypto.BadPaddingException: Data must start with zero at sun.security.rsa.RSAPadding.unpadV15(RSAPadding.java:308) at ... > The decrypted signature content difinitly doesn't look like having a > padding applied: This problem usually stems from unmatching signing keys / > certificates. Max uses the iText utility class PdfPKCS7: PdfPKCS7 sig = new PdfPKCS7(null, certChain, null, "SHA-256", null, false); sig.setExternalDigest(hash, data, "RSA"); [...] byte[] ssig = sig.getEncodedPKCS7(null, cal, null, ocsp); To create his data he uses var SignedData = new ActiveXObject("CAPICOM.SignedData"); SignedData.Content = src; var Signer = FindCertificateByHash(); [...] Signer.AuthenticatedAttributes.Add(TimeAttribute); var szSignature = SignedData.Sign(Signer, false, CAPICOM_ENCODE_BASE64); As I don't use these classes myself, I don't know whether this usage is correct nor do I know the format of the input or output data. If wild guesses are allowed, though, adding some "TimeAttribute" to those "Signer.AuthenticatedAttributes" might imply that "szSignature" not merely contains some PKCS#1 signature to include into a signature container by means of the iText PdfPKCS7 utility class but instead already a full-blown CMS signature container which can be inserted into the PDF as is. Can anyone deny or confirm? Regards, Michael -- View this message in context: http://itext-general.2136553.n4.nabble.com/Sign-and-PDF-with-SmartCard-and-web-browser-only-tp4319344p4347309.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php