Dear List, I am using iTextSharp to create a PDF file on a webserver and have a client sign it. After reading the Digital Signatures whitepaper[0] from iText, I managed to do this. However, I am having trouble embedding the Timestamp response into the signature. I modelled my approach after the PreSign and PostSign java code in the whitepaper.
The flow is as follows PDF is created on the server and signed by keys The PDF is prepared for client signing and the hash is calculated and sent to the client, where it is signed. (PreSign) The client sends the PKCS#7 bytes back to the server (PostSign) where it is inserted to the PDF. I'm having trouble embedding the timestamp response in the signature. I have verified with WireShark that the TSA is indeed called and returns a response. Curiously enough, the OCSP response gets embedded without any fuzz. This is how I am attempting it; PdfPKCS7 sgn = new PdfPKCS7(null, SignatureChain, DigestAlgorithms.SHA1, false); Stream data = sap.GetRangeStream(); hash = DigestAlgorithms.Digest(data, DigestAlgorithms.SHA1); IOcspClient ocspClient = new OcspClientBouncyCastle(); string ocspurl = CertificateUtil.GetOCSPURL(SignatureChain[0]); byte[] ocsp_response = ocspClient.GetEncoded(SignatureChain[0], SignatureChain[1], ocspurl); ITSAClient tsaClient = new TSAClientBouncyCastle(this.TSA_URL); ICollection<byte[]> crlbytes = MakeSignature.ProcessCrl(SignatureChain[2], null); sgn.SetExternalDigest(hash, null, "RSA"); sh = sgn.GetEncodedPKCS7(hash, sap.SignDate, tsaClient, ocsp_response, crlbytes, CryptoStandard.CMS); byte[] padding = new byte[CONTENTESTIMATED2]; PdfDictionary dic2 = new PdfDictionary(); dic2.Put(PdfName.CONTENTS, new PdfString(padding).SetHexWriting(true)); sap.Close(dic2); return hash; //this is what the client actually signs One thing worth noting is that I did not follow the whitepaper on how to embed the signature into the PDF. The approach described there did not work for me, since I already had a signature in the document and it got overwritten. (NOTE: I also posted this question on StackOverflow [1]) --bk [0]: http://itextpdf.com/book/digitalsignatures20130304.pdf [1]: http://stackoverflow.com/questions/18408167/signing-pdf-externally-with-smartcard-and-embedding-timestamp-response ------------------------------------------------------------------------------ Introducing Performance Central, a new site from SourceForge and AppDynamics. Performance Central is your source for news, insights, analysis and resources for efficient Application Performance Management. Visit us today! http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php