Michael I have absolutely no control over the certificates neither the signature workflow. Certificates are provided by the largest Swiss telecom provider (Swisscom), and the signed documents are generated and signed by another official government organization.
What bothers me is the point that there's a difference between the behavior of the Set class in the Java and the .Net version of Bouncy Castle, since the Java version always sorts the set elements (in the toDERObject method) while the .NET version only sorts the elements once after the set has been populated and the constructor argument says so. I would expect that both versions (Java and .NET) behave the same way. Now according to the standard, do you know which version is the correct one? Regards Stephan On 09.07.2013 16:02, mkl wrote: > Stephan, > > Stephan Wagner (calac) wrote >> Now I'm not exactly sure how to further handle this problem. As far as I >> can see, the isSorted variable in the ASN1Set is always false (private >> member). [...] > How you should handle the problem... well, as observations point towards the > signature being not conform to the standards, the main task now should be to > repair the signature creation process and re-sign all previously signed > documents with correct signatures. While doing so, the other issue which > first caught my eye can be solved as well. > > Depending on your position in the whole flow, though, that might not be an > option; e.g. signed documents may already have been sent out into the wild > and sending documents with correct signatures after them may not be > possible. Or the signing software is not under your control and due to > political or management reasons cannot be exchanged or updated quickly > enough. Or the original signer cannot be reached anymore and the documents > cannot be resigned by anyone else. Or... > > In that case you may have to provide a special verification service for > those non-standard signatures (Depending on legislature they may still be > legally valid digital signatures...). In that service you can use a copy of > the PdfPkcs7 class in which via introspection the isSorted member is set to > true between "ASN1Set sseq = ASN1Set.getInstance(tagsig, false)" and > "sigAttr = sseq.getEncoded(ASN1Encoding.DER)". > > The verification result of this service should strongly indicate, though, > that the digital signature verified may not adhere to the standards and, > therefore, may not positively verify in all verification services. > > Regards, Michael > > PS: Obviously, if for some weird reason still signatures are created with > the original signature creation software, the recipients they are sent to > should be informed about the issue, too. > > > > -- > View this message in context: > http://itext-general.2136553.n4.nabble.com/Signed-PDF-fails-to-verify-in-iText-Java-but-succeeds-in-iTextSharp-and-Acrobat-Reader-tp4658692p4658710.html > Sent from the iText - General mailing list archive at Nabble.com. > > ------------------------------------------------------------------------------ > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > _______________________________________________ > iText-questions mailing list > iText-questions@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/itext-questions > > iText(R) is a registered trademark of 1T3XT BVBA. > Many questions posted to this list can (and will) be answered with a > reference to the iText book: http://www.itextpdf.com/book/ > Please check the keywords list before you ask for examples: > http://itextpdf.com/themes/keywords.php ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
