Hi,
I was not able to solve the problem by hashing at
the client side with CAPICOM javascript.
I solved the problem by using .net at the client
side instead of CAPICOM.
Go through the attached files. Hope, it will
resolve your issue.
(See attached file: PDFSIG.cs)(See attached file:
thanks michael.
the problem is resolved.
your detailed observations and pinpointing the key issues has helped me to
resolve the issue.
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/Sign-and-PDF-with-SmartCard-and-web-browser-only-tp4319344p4660351.html
Sent from
i am actually signing the document hash in the client browser by using
capicom dll in javascript *and not by itextsharp*.
the actual document is in the server side. so, the signed hash is embedded
in the pdf file by using itextsharp in the server.
after embedding the CAPICOM generated signature
hi michael,
same error file corrupted
please help
STEP1: creating the hash of the pdf file in the server
protected void Button1_Click(object sender, EventArgs e)
{
string _gstrFilePath =
Server.MapPath(~/NewFolder1/TRANSFER_[PROVISIONAL]_29_05_2014.pdf);
hi michael/leonard
please help me out
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/Sign-and-PDF-with-SmartCard-and-web-browser-only-tp4319344p4660329.html
Sent from the iText - General mailing list archive at Nabble.com.
On 9/4/2014 5:53 AM, arnabroy wrote:
hi michael/leonard
please help me out
This sounds very odd:
i am sending it back to the server side to embed it into the pdf file
using bouncy castle.
Did you take a look at this example:
If Adobe Reader (Adobe is a company, Reader is one of our products) says the
file is modified, that's DIFFERENT from what you are putting into the envelope.
Modified means that the hashes don't match. Check yoru hash computation.
-Original Message-
From: Raffaele
Thanks Leonard,
you observation is correct but i want you to notice that if i call the
method GetEncodedPKCS7 without any parameter Reader say that the file isn't
modified.
How do you explain this???
Thanks.
--
View this message in context:
Don't know that API, so I can't explain how it works.
If you post actual PDF files that I can open up in Reader and trace through
what our code is doing, then I can answer it.
Leonard
-Original Message-
From: Raffaele [mailto:supersaya...@libero.it]
Sent: Friday, February 10, 2012
using System;
using System.Collections.Generic;
using System.IO;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using iTextSharp.text.pdf;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Security;
namespace
Max,
madmax wrote
1) removed the date stamps from both the itext and CAPICOM
As mentioned before, thw two signing times are not a problem. The PDF
specification recommends not to use both in the same PDF signature but it
does not forbid it.
2) Also changed the bDetached parameter value to
Hi aszomor,
i've tried your sample code, but Adobe say that the PDF file is Modified.
If i call the GetEncodedPKCS7 method without the secondDigest parameter,
it's all ok but into the signature tjere aren't the signed attributes.
Any suggestion???
Thanks
--
View this message in context:
sap.CertificationLevel = PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED;
beore sgn.SetExternalDigest
Idézet (Raffaele supersaya...@libero.it):
Hi aszomor,
i've tried your sample code, but Adobe say that the PDF file is Modified.
If i call the GetEncodedPKCS7 method without the
Hi aszomor,
same result!!!
Are 2 days that i'm facing with this issue:
If i would to include the signed attributes into the PKCS#7 envelope,
Adobe say that the PDF as changed.
Otherwise if i decide do not include signed attributes, it' all ok.
I've posted the question in other thread on this
see the book examples at part3 and chapter12
/*
* This class is part of the book iText in Action - 2nd Edition
* written by Bruno Lowagie (ISBN: 9781935182610)
* For more info, go to: http://itextpdf.com/examples/
* This example only works with the AGPL version of iText.
*/
package
None of the examples as solved the problem!!!
I've seen these examples many and many times without success
Any suggestion???
Thanks
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/Sign-and-PDF-with-SmartCard-and-web-browser-only-tp4319344p4373383.html
Sent
Max,
madmax wrote
So are you saying that this might already be a signature?
Yes, it might be. As you unfortunately seem a bit reluctant to send samples,
I cannot tell for sure.
if so how do you tell itext to embed the signature directly without using
PdfPKCS7
You used to do
As a first step
Hhmmm, in the version of this posting I received via e-mail, the actual code
lines are missing. Maybe it's a bad idea to use nabble's raw tags...
therefore here without raw-tags...
mkl wrote
You used to do
byte[] data = Base64.decodeBase64(digest.trim().getBytes());
Hi Michael, Andreas
As always thank you for your input.
I am attaching the updated sample code with the Java class and JSP. As well
as the original PDF and signed version of the document with my PIV card.
In the signPdf method the sample Java code has reduced the code to:
byte[] data=
Max,
madmax wrote
In the signPdf method the sample Java code has reduced the code to:
byte[] data= Base64.decodeBase64(digest.trim().getBytes());
The data you received like that and then inserted in the PDF definitively is
a signature container.
signed version of the document with my PIV
Hi Michael,
thanks for your detailed analysis of this signature. I was lost as our
verifier prodly states 'valid signature' while the reader marks
unspecified problems.
I'll go and add an additional check!
@Max: Looks like there is light at the end of the tunnel! Most problems
solved ...
Hi Michael and Andreas,
I tried several things:
1) removed the date stamps from both the itext and CAPICOM
2) Also changed the bDetached parameter value to false as suggested by
Michael in the javascript
3) I also noticed that I could avoid getting the digest from the PDF and
just created a
Hi Michael
Thanks again for your suggestion. As I parse through your response you say:
mkl wrote
Thus, you do not need to (actually you must not) embed it in a signature
container using the PdfPKCS7 utility class but instead embed it into the
PDF
directly!
So are you saying that this
Hi Michael
I looked a little dipper to what you were saying and begun looking closer to
my “verify” method and it dawned on me that I had seen similar code from
an example of detached signature and using BouncyCastle (source:
http://itextpdf.sourceforge.net/howtosign.html#signextdiccms
Hi max,
could you please forward the signed PDF?
Greetings
Andreas
- original Nachricht
Betreff: Re: [iText-questions] Sign and PDF with SmartCard and web browser only
Gesendet: Mi, 08. Feb 2012
Von: madmax
Hi MichaelI looked a little dipper to what you were saying and begun
Max,
madmax wrote
Once the digest is signed and I send it back to the servlet I verify it
with some java code And on the console it shows the following:
Your verifying Java code:
While I'm not too proficient in BouncyCastle usage, the JavaDocs tell me
that CMSSignedData is a general class
Hi Michael,
the most interesting topic with this signature is the reaction of th
Adobe reader. Never seen such a kind of error message before!
But back to the signature problem itself: My wild guess is that the
ActiveXObject signs with one key but the signature contain s another
one. The usual
Max, Andreas,
Andreas Kuehne-3 wrote
Did you try to verify the signature within the signing code? If it
verifies, you're sure to have the right certificate selected.
I agree, Max should analyse the data he receives from the web page, the data
he currently without verification assumes to be the
Hi Michael and Andreas,
I have been trying to figure out what the issue could be based on your
comments.
1) In the JSP I did the following
The alert pops up the cert that was selected then I went into the details
tab and looked at the key usage it shows Digital Signature, Non-Repudiation
Hi Michael and Andreas,
I have been trying to figure out what the issue could be based on your
comments.
1) In the JSP I did the following
The alert pops up the cert that was selected then I went into the details
tab and looked at the key usage it shows Digital Signature, Non-Repudiation
(c0)
Andreas, Max,
Andreas Kuehne-3 wrote
For curiosity I took a look at the signature, too. Here's what I got:
2012-01-31 20:04:13,281 ERROR (http-0.0.0.0-8080-7)
[de.trustable.signingserver.Verifier] Signature ERROR from signer # 0 :
javax.crypto.BadPaddingException: Invalid PKCS#1 padding:
Hi mkl,
i've the same problem with te error 0x2726 when open the PDF File.
Any suggestion??
THX in advance
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/Sign-and-PDF-with-SmartCard-and-web-browser-only-tp4319344p4343964.html
Sent from the iText - General mailing
Raffaele,
Raffaele wrote
i've the same problem with te error 0x2726 when open the PDF File.
Any suggestion??
Yes. The same as I gave to max:
mkl wrote
In that case please also supply a sample pdf signed by your code. It is
almost always easiest to analyse such problems by looking at the
Hi max,
On Tue, Jan 31, 2012 at 4:13 AM, madmax mmirab...@gmail.com wrote:
Hey Keith here are the c# examples I found that I was refering about in the
post
http://itextpdf.sourceforge.net/howtosign.html#signextitextsharp1
Thanks, I've seen that t you had found something else. Thank you for
mkl wrote
Max,
madmax wrote
The code fragments that I posted actually puts a signature on the PDF but
now I have a problem when I open the PDF and try to verify the signature
I get this error from adobe
*Error during signature verification. Error encountered while validating:
Max,
madmax wrote
I am attaching the the signed PDF as well as the full Java and JSP code
and lastly I made a recording on how it runs within internet explorer
showing the interaction with the smartcard, servlet and itext.
Yes, we do indeed fail validation. Just not enough here to do anything
useful.
Leonard
On 1/31/12 5:33 PM, mkl m...@wir-sind-cool.org wrote:
Max,
madmax wrote
I am attaching the the signed PDF as well as the full Java and JSP code
and lastly I made a recording on how it runs within internet
For curiosity I took a look at the signature, too. Here's what I got:
2012-01-31 20:04:13,281 ERROR (http-0.0.0.0-8080-7)
[de.trustable.signingserver.Verifier] Signature ERROR from signer # 0 :
javax.crypto.BadPaddingException: Invalid PKCS#1 padding: encrypted
message and modulus lengths do not
Hi Michael my apologize I was trying to avoid dumping a bunch of code and
turning everyone off but you are right with no code it’s kind of hard to get
help or direction. So here is some code fragments, there is aJSP, the
CAPICOM activex control and a servlet.
*Step 1:
JSP makes an AJAX call to
max,
madmax wrote
Hi Michael my apologize I was trying to avoid dumping a bunch of code and
turning everyone off but you are right with no code it’s kind of hard to
get help or direction. So here is some code fragments, there is aJSP, the
CAPICOM activex control and a servlet.
Good. I'm
Hi max,
On Sun, Jan 22, 2012 at 11:32 PM, madmax mmirab...@gmail.com wrote:
Now I am not sure if this is even possible or what I am doing wrong. I also
saw a c# example that addressed the smartcard but I was not able to fully
comprehend and could not find and equivalent in Java since it was
Hey Keith here are the c# examples I found that I was refering about in the
post
http://itextpdf.sourceforge.net/howtosign.html#signextitextsharp1
max
--
View this message in context:
Michael,
I am no longer invoking that line of code at the time I was just trying to
kind of debug the problem and understand what might be going on..
The code fragments that I posted actually put a signature on the PDF but now
I have a problem when I open the PDF and try to verify the signature
Max,
madmax wrote
The code fragments that I posted actually puts a signature on the PDF but
now I have a problem when I open the PDF and try to verify the signature I
get this error from adobe
*Error during signature verification. Error encountered while validating:
Internal cryptographic
max,
wang31894 wrote
Hi Guys, please help? or we should try other forums? Any help is greatly
appreciated. thx
Maybe you simply didn't give us the information required. First you give
some implementation ideas (item 1 through 3 of your list), but then in your
item 4c you say
I invoke
So is tinkered with it a little more and I was able to somewhat sign the PDF.
Bu things are never as simple as we would like them to be. I can see the
signature on a separate page but when I try to validate it acrobat it
returns the following error:
Error during signature verification. Error
Interesting, I am having some similar issues with your case, can some help
us? Many Thanks
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/Sign-and-PDF-with-SmartCard-and-web-browser-only-tp4319344p4320859.html
Sent from the iText - General mailing list archive at
I am in need for some guidance. I have a scenario where I am required to
sign PDFs using a smartcard. The catch is that it needs to be done on a
server (Jboss) and the only interaction allowed is via a web browser
(Microsoft IE). I found several threads but I am unable to put it all
together for
48 matches
Mail list logo