You are using a version of iText that should no longer be used: http://stackoverflow.com/questions/25696851/can-itext-2-1-7-or-earlier-can-be-used-commercially That version has been removed from all official servers because it is not supported, nor are the signatures you are creating. When you use WINCER_SIGNED, you create /adbe.pkcs7.sha1 signatures. These aren't compliant with PAdES and will be deprecated in PDF 2.0. Read this book for more info: http://itextpdf.com/book/digitalsignatures
On 5/26/2015 16:42 PM, Diego C wrote: > Hi, > I am using an API that signs PDFs using an Aladdin token (Etoken pro Aladdin > 72K) with RSA security. I am having trouble signing several PDFs in sequence > using the same certificate. What I want is for the RSA key to be requested > just once, as is the case with the token access password, which the API > stores in cache the first time it is entered. However, the RSA key is > requested every time a PDF is signed in sequence. Is it possible to send all > the PDFs into one container? Is there any other way to avoid entering the > RSA key n amount of times? > I am using the following code to hash and sign my documents: > > ----------------------------------------------------------------------------------->> > ByteBuffer outputStreamSigned = new ByteBuffer(); PdfStamper pdfStamper = > PdfStamper.createSignature(reader, outputStreamSigned, '\0', null, true); > PdfSignatureAppearance signatureApp = pdfStamper.getSignatureAppearance(); > signatureApp.setCrypto(privateKey, signerCertificateChain, null, > PdfSignatureAppearance.WINCER_SIGNED); > … > X509Certificate userCert = (X509Certificate) signerCertificateChain[0]; > … > // conf external -> > signatureApp.setExternalDigest(getPublicKeyBuffer(userCert), new byte[20], > "RSA"); > signatureApp.preClose(); > MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); > byte buf[] = new byte[8192]; > int n; > InputStream inp = signatureApp.getRangeStream(); > while ((n = inp.read(buf)) > 0) { > messageDigest.update(buf, 0, n); > } > byte hash[] = messageDigest.digest(); > PdfSigGenericPKCS pdfDict = signatureApp.getSigStandard(); > PdfLiteral slit = (PdfLiteral) pdfDict.get(PdfName.CONTENTS); > byte[] outc = new byte[(slit.getPosLength() - 2) / 2]; > PdfPKCS7 sig = pdfDict.getSigner(); > Signature sign = Signature.getInstance("SHA1withRSA"); > sign.initSign(privateKey); > sign.update(hash); > > sig.setExternalDigest(sign.sign(), hash, "RSA"); > PdfDictionary dic = new PdfDictionary(); > > byte[] ssig = sig.getEncodedPKCS7(); /*<----Request RSA Key*/ > > System.arraycopy(ssig, 0, outc, 0, ssig.length); > dic.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true)); > signatureApp.close(dic); > > ----------------------------------------------------------------------------------->> > > Im using jre 6, itext 2.1.7 > In the following post someone mentioned that the itext API was being re > implemented and that this may solve the problem of multiple signatures in > later versions. > http://itext.2136553.n4.nabble.com/Re-Using-eToken-with-secondary-authentication-format-td3772022.html#a3776183 > Do you know if this has been solved? > Thanks in advance. > > Regards, > > > > -- > View this message in context: > http://itext.2136553.n4.nabble.com/PDF-multiple-signatures-problem-tp4660828.html > Sent from the iText mailing list archive at Nabble.com. > > ------------------------------------------------------------------------------ > _______________________________________________ > iText-questions mailing list > iText-questions@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/itext-questions > > iText(R) is a registered trademark of 1T3XT BVBA. > Many questions posted to this list can (and will) be answered with a > reference to the iText book: http://www.itextpdf.com/book/ > Please check the keywords list before you ask for examples: > http://itextpdf.com/themes/keywords.php ------------------------------------------------------------------------------ _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php