Hi, I want to sign a PDF file in this way:
1- Client: Asks for the PDF to be signed
2- Server 1: Creates a messageDigest and send it to client
3- Client: Signs the hash using java.security and sends the signedHash back
to the server
4- Server 2: inserts the signedHash in the PDF.
I'm a student and the solution that like me is a simple method to sign a PDF
file in this way with
SelfSigned.
I choose the external signature dictionary mode and I modify
authenticatedAttributes Paulo's tutorial example.
I fixed the sign date and I use the invisible signature (I'm not interesting
about appearance).
But tutorial verification and Adobe Reader 7.0 verification failed.
if I choose
dic.put(PdfName.FILTER, PdfName.ADOBE_PPKLITE);
Adobe Reader says: "Error during signature verification.
Error encountered while verifying:
Signature contains incorrect, unrecognized, corrupted
or suspicious
data.
Non-empty content info required"
if I choose
dic.put(PdfName.FILTER, PdfName.ADOBE_PPKMS);
Adobe Reader says: "the document is altereted or corrupted"
Where is the problem? Wrong setting?
There is another method to implemets this scenario?
Many thanks in advance. My code is:
Server 1:
public static final int RESERVED_SIZE = 0x2802;
static byte[] getHash(String nomeFile, long date)
{
PdfReader reader=reader = new PdfReader(nomeFile);
ByteArrayOutputStream fout = new ByteArrayOutputStream();
PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0', null);
PdfSignatureAppearance sap = stp.getSignatureAppearance();
Calendar cal=Calendar.getInstance();
cal.setTimeInMillis(date);
log("Orario di generazione hash "+date);
PdfDictionary dic = new PdfDictionary();
dic.put(PdfName.FT, PdfName.SIG);
dic.put(PdfName.FILTER, PdfName.ADOBE_PPKMS);
dic.put(PdfName.SUBFILTER, PdfName.ADBE_PKCS7_DETACHED);
dic.put(PdfName.M, new PdfDate(cal));
dic.put(PdfName.NAME, new PdfString("NULL"));
sap.setCryptoDictionary(dic);
HashMap exc = new HashMap();
exc.put(PdfName.CONTENTS, new Integer(RESERVED_SIZE));
sap.preClose(exc);
MessageDigest messageDigest = null;
messageDigest = MessageDigest.getInstance("SHA1");
byte buf[] = new byte[8192];
int n;
InputStream inp = sap.getRangeStream();
while ((n = inp.read(buf)) > 0)
{
messageDigest.update(buf, 0, n);
}
byte hash[] = messageDigest.digest(); // l'hash che produco รจ 20 byte
return hash;
}
Client:
static byte[] firmaHash(byte[] hash)
{
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(new
FileInputStream("KeyStore.pfx"),"password".toCharArray());
String alias = (String)ks.aliases().nextElement();
PrivateKey key = (PrivateKey)ks.getKey(alias,
"password".toCharArray());
Certificate[] chain = ks.getCertificateChain(alias);
Signature sign = Signature.getInstance("SHA1withRSA");
sign.initSign(key);
sign.update(hash);
byte[] signedHash=sign.sign();
return signedHash;
}
Server 2:
static void firmaPdf(String nomeFile, byte[] signedHash, Certificate[]
chain, long date)
{
PdfReader reader = new PdfReader(nomeFile);
FileOutputStream fout = new FileOutputStream("Signed"+nomeFile);
PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
PdfSignatureAppearance sap = stp.getSignatureAppearance();
Calendar cal=Calendar.getInstance();
cal.setTimeInMillis(date);
log("Orario di generazione hash "+date);
PdfDictionary dic = new PdfDictionary();
dic.put(PdfName.FT, PdfName.SIG);
dic.put(PdfName.FILTER,PdfName.ADOBE_PPKMS);
dic.put(PdfName.SUBFILTER, PdfName.ADBE_PKCS7_DETACHED);
dic.put(PdfName.M, new PdfDate(cal));
dic.put(PdfName.NAME, new PdfString("NULL"));
sap.setCryptoDictionary(dic);
HashMap exc = new HashMap();
exc.put(PdfName.CONTENTS, new Integer(Server1.RESERVED_SIZE));
sap.preClose(exc);
PdfPKCS7 sig = new PdfPKCS7(null, chain, null,"SHA1", null,
false);
sig.setExternalDigest( signedHash, null , "RSA");
byte[] ssig = sig.getEncodedPKCS7();
byte[] outc = new byte[(Server1.RESERVED_SIZE - 2) / 2];
Arrays.fill(outc, (byte) 0);
PdfDictionary dic1 = new PdfDictionary();
System.arraycopy(ssig, 0, outc, 0, ssig.length);
dic1.put(PdfName.CONTENTS, new
PdfString(outc).setHexWriting(true));
sap.close(dic1);
}
--
View this message in context:
http://www.nabble.com/sign-a-Pdf-in-the-client-server-scenario-tf2941233.html#a8223890
Sent from the iText - General mailing list archive at Nabble.com.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://itext.ugent.be/itext-in-action/
