Dear List,
I am using iTextSharp to create a PDF file on a webserver and have a
client sign it. After reading the Digital Signatures whitepaper[0] from
iText, I managed to do this. However, I am having trouble embedding the
Timestamp response into the signature. I modelled my approach after the
PreSign and PostSign java code in the whitepaper.
The flow is as follows
PDF is created on the server and signed by keys
The PDF is prepared for client signing and the hash is calculated
and sent to the client, where it is signed. (PreSign)
The client sends the PKCS#7 bytes back to the server (PostSign)
where it is inserted to the PDF.
I'm having trouble embedding the timestamp response in the signature. I
have verified with WireShark that the TSA is indeed called and returns a
response. Curiously enough, the OCSP response gets embedded without any
fuzz. This is how I am attempting it;
PdfPKCS7 sgn = new PdfPKCS7(null, SignatureChain,
DigestAlgorithms.SHA1, false);
Stream data = sap.GetRangeStream();
hash = DigestAlgorithms.Digest(data, DigestAlgorithms.SHA1);
IOcspClient ocspClient = new OcspClientBouncyCastle();
string ocspurl = CertificateUtil.GetOCSPURL(SignatureChain[0]);
byte[] ocsp_response = ocspClient.GetEncoded(SignatureChain[0],
SignatureChain[1], ocspurl);
ITSAClient tsaClient = new TSAClientBouncyCastle(this.TSA_URL);
ICollection<byte[]> crlbytes =
MakeSignature.ProcessCrl(SignatureChain[2], null);
sgn.SetExternalDigest(hash, null, "RSA");
sh = sgn.GetEncodedPKCS7(hash, sap.SignDate, tsaClient,
ocsp_response, crlbytes, CryptoStandard.CMS);
byte[] padding = new byte[CONTENTESTIMATED2];
PdfDictionary dic2 = new PdfDictionary();
dic2.Put(PdfName.CONTENTS, new PdfString(padding).SetHexWriting(true));
sap.Close(dic2);
return hash; //this is what the client actually signs
One thing worth noting is that I did not follow the whitepaper on how to
embed the signature into the PDF. The approach described there did not
work for me, since I already had a signature in the document and it got
overwritten.
(NOTE: I also posted this question on StackOverflow [1])
--bk
[0]: http://itextpdf.com/book/digitalsignatures20130304.pdf
[1]:
http://stackoverflow.com/questions/18408167/signing-pdf-externally-with-smartcard-and-embedding-timestamp-response
------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
