Re: [iText-questions] Signed PDF fails to verify in iText (Java), but succeeds in iTextSharp and Acrobat Reader

Wed, 10 Jul 2013 00:37:33 -0700 

Stephan wrote
> Now according to the standard, do you know which version is the correct
> one?

According to ITU-T recomendations on ASN.1 distinguished encoding rules
(DER) of set components:"/The encodings of the component values of a set
value shall appear in an order determined by their tags/"(see: clause 10.3
of ITU-T Rec. X.690). According to RFC5652 (CMS standard) "/SignedAttributes
MUST be DER encoded, even if the rest of the structure is BER encoded/".
It's a good question whether attributes should resorted according to DER
rules for signature verification, since the problem is not with signature
integrity, but with the structure of signature object. But on the other side
I don't see the better way to enforce compliance with the standards.
mkl wrote
> If you really want to make sure you have an ASN.1 object encoded just like
> in some source array, find out its start and end offsets in that array and
> do a direct byte array copy.

With BouncyCastle for Java you can obtain the byte array of signed
attributes bytes in original sorting
usingorg.bouncycastle.cms.SignerInformation#getEncodedSignedAttributes()
method.It maybe used as a workaround with such improperly constructed
attributes, but surely the solution would be to fix the software that
generate the signature objects.



--
View this message in context: 
http://itext-general.2136553.n4.nabble.com/Signed-PDF-fails-to-verify-in-iText-Java-but-succeeds-in-iTextSharp-and-Acrobat-Reader-tp4658692p4658717.html
Sent from the iText - General mailing list archive at Nabble.com.
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference 
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: 
http://itextpdf.com/themes/keywords.php

Reply via email to