arnabroy, arnabroy wrote > i am actually signing the document hash in the client browser by using > capicom dll in javascript * > and not by itextsharp * > . > > the actual document is in the server side. so, the signed hash is embedded > in the pdf file by using itextsharp in the server.
You claim you are /signing the document hash in the client browser/. That is not true: The "hash" you send to the client is not the document hash but instead: Default.cs: PdfPKCS7 sgn = new PdfPKCS7(null, chain, "SHA1", false); ... byte[] sh = sgn.getAuthenticatedAttributeBytes(hash, cal.TodaysDate, null, null, CryptoStandard.CMS); ... hdnSignatureHash.Text = System.Text.Encoding.Unicode.GetString(sh); Thus, you start by creating a CMS signature using iTextSharp helper classes (PdfPKCS7), take the resulting authenticated attributes to be signed, and try to send them to the client. I say 'try' because by interpreting them as Unicode of some text (Unicode.GetString(sh)) you already utterly destroy them. But let's assume you sent them to the client in a viable manner... Default.aspx: var SignedData = new ActiveXObject("CAPICOM.SignedData"); SignedData.Content = document.getElementById("FeaturedContent_hdnSignatureHash").value; var Signer = new ActiveXObject("CAPICOM.Signer"); Signer.Certificate = cert; var szSignature = SignedData.Sign(Signer, true, CAPICOM_ENCODE_BASE64); SignedData.Verify(szSignature, true, CAPICOM_VERIFY_SIGNATURE_ONLY); document.getElementById("FeaturedContent_hdnSignature").value = szSignature; On the client you now create a detached CMS signature of the afore-mentioned authenticated attributes and send that signature container bas64-encoded back to the server. Default.cs: Org.BouncyCastle.Cms.CmsSignedData cms = new Org.BouncyCastle.Cms.CmsSignedData(Convert.FromBase64String(hdnSignature.Text)); byte[] encodedSig = cms.GetEncoded(); byte[] paddedSig = new byte[8192]; Array.Copy(encodedSig, 0, paddedSig, 0, encodedSig.Length); PdfDictionary dic2 = new PdfDictionary(); dic2.Put(PdfName.CONTENTS, new PdfString(paddedSig).SetHexWriting(true)); sap.Close(dic2); On the server you use BouncyCastle essentially only to base64-decode the CMS container created by the client and insert it as is into the PDF. Thus, the data signed by the signature (the authenticated attributes prepared by iTextSharp) are thrown away and the signature is injected into a PDF which it hardly has anything to do with. What you need to do first: 1. Choose what shall create the CMS SignerInfo structure, either iTextSharp server-side, or CAPICOM client-side or BouncyCastle server-side. Adjust your code to that choice. 2. Transfer data properly, especially don't interpret arbitrary bytes as Unicode text but instead transfer them base64-encoded. Furthermore the CMS container created by your way of using CAPICOM is very minimal, it does not provide any of the authenticated attributes nowadays required by many signature profiles but instead only signs the given data. I don't know enough CAPICOM to tell whether it can create up-to-date signatures. You may have to switch or do some funny de- and reassembling of signature structures. regards, Michael -- View this message in context: http://itext-general.2136553.n4.nabble.com/Sign-and-PDF-with-SmartCard-and-web-browser-only-tp4319344p4660336.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php