Discussions on http://itext-general.2136553.n4.nabble.com/Hash-computation-problem-td2158378.html highlights aspects to be considered respect the FileID and ModDate manipulation, but it can be done easily.
In reference to objects Ids and their locations, I don't have idea where apply the patch. The PdfDictionary class doesn't have any random method ... On 13 September 2012 01:12, Leonard Rosenthol <[email protected]> wrote: > ModDate is obvious - it's the date, so if you do something at a different > time, the value is different. > > FileID uses various "random values", which also change with time or other > factors. > > Object Ids and locations vary simply by design. > > Leonard > > > On 9/13/12 5:58 AM, "Alvaro Cuno" <[email protected]> wrote: > >>Thanks you very much, now things are more clear for me. One last >>question (I promise), the randomness of fileID, ModDate and placement >>of the objects is for security reasons? >> >>Thanks in advance. >> >> >>On 12 September 2012 04:01, mkl <[email protected]> wrote: >>> Alvaro, >>> >>> Alvaro Cuno wrote >>>> I found some discussions about deferred signing: >>> >>> Ok. So you do have some hints on how to continue. >>> >>> Alvaro Cuno wrote >>>> Certainly, the FileID and the ModDate are mentioned but nothing about >>>>the >>>> order of the objects is discussed. Where I can read about that? Is this >>>> documented? >>> >>> More to the point: iText nowhere promisses or documents that running the >>> same code produces PDFs with identical object IDs and identical order of >>> objects. So why should it be expected to do so? >>> >>> I have not yet noticed different orders of objects myself, but as I >>>have not >>> expected the order to be a constant, I might simply have overlooked it. >>>It >>> after all is irrelevant... >>> >>> In my opinion you should try and check your use case. If I understand >>>you >>> correctly, you want to calculate the digest value of the document byte >>> ranges to sign on one machine A, send that digest somewhere for >>>signing, and >>> receive the signature on yet another machine B to combine it with the >>> original, unprocessed PDF. >>> >>> As stated in the postings to this mailing list you already found, simply >>> starting the integrated signing process independently on machines A and >>>B >>> does not work as long as you want to use an unpatched iText. >>> >>> If those processes have to be separated that far, you instead have to >>>store >>> the result of the unfinished signing process (after maybe marking the >>> signature value placeholder in some unique way) on machine A to some >>>storage >>> accessible from machine B, and on machine B you later have to insert the >>> retrieved signature into that unfinished result. >>> >>> On this mailing list Andreas Kühne numerous times pointed to an >>> implementation of that process. >>> >>> You actually can optimize that process somewhat: If signing in append >>>mode, >>> you only need to place the appended bytes into that storage, and you can >>> also skip the placeholder as long as you remember its position and >>>length. >>> This way you may be able to restrict the intermediate storage >>>requirements. >>> >>> Regards, Michael >>> >>> PS: You should consider updating the iText version you use and also >>>select a >>> different signature type: adbe.pkcs7.sha1 is a bad choice. >>> >>> >>> >>> -- >>> View this message in context: >>>http://itext-general.2136553.n4.nabble.com/are-the-dictionary-elements-ra >>>ndomly-placed-tp4656235p4656285.html >>> Sent from the iText - General mailing list archive at Nabble.com. >>> >>> >>>------------------------------------------------------------------------- >>>----- >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. >>>Discussions >>> will include endpoint security, mobile security and the latest in >>>malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> iText-questions mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/itext-questions >>> >>> iText(R) is a registered trademark of 1T3XT BVBA. >>> Many questions posted to this list can (and will) be answered with a >>>reference to the iText book: http://www.itextpdf.com/book/ >>> Please check the keywords list before you ask for examples: >>>http://itextpdf.com/themes/keywords.php >> >>-------------------------------------------------------------------------- >>---- >>Live Security Virtual Conference >>Exclusive live event will cover all the ways today's security and >>threat landscape has changed and how IT managers can respond. Discussions >>will include endpoint security, mobile security and the latest in malware >>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>_______________________________________________ >>iText-questions mailing list >>[email protected] >>https://lists.sourceforge.net/lists/listinfo/itext-questions >> >>iText(R) is a registered trademark of 1T3XT BVBA. >>Many questions posted to this list can (and will) be answered with a >>reference to the iText book: http://www.itextpdf.com/book/ >>Please check the keywords list before you ask for examples: >>http://itextpdf.com/themes/keywords.php > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > iText-questions mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/itext-questions > > iText(R) is a registered trademark of 1T3XT BVBA. > Many questions posted to this list can (and will) be answered with a > reference to the iText book: http://www.itextpdf.com/book/ > Please check the keywords list before you ask for examples: > http://itextpdf.com/themes/keywords.php ------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
