Additional Notes Note: The used key is a 1024 RSA.
<</Filter/Adobe.PPKMS/Type/Sig/Reason(I'm the author)/Contents <308202b806092a864886f70d010702a08202a9308202a5020101310b300906052b0e03021a0500302f06092a864886f70d010701a0220420217295cfa2dcb38058af82e92f0114b1a7cd86bfbb2efe6e93b36a2b68df27b6a082019d3082019930820102a0030201020208058c657156150208300d06092a864886f70d0101050500300f310d300b06035504030c0474657374301e170d3039313232313135313132355a170d3130313232313135313132355a300f310d300b06035504030c047465737430819f300d06092a864886f70d010101050003818d0030818902818100c0ad0741f8119d9f7dc0eb391b264c237b93878f7c25b323a286aa493b1400bb991bbb88d684e229f50cad27913229679f5a43be8cf8a65b176fd0e942b332e3209886dc91244e85fccdf6da7390ae9bb060d81e9edcdcebea934f88d75f3d03b81e81dd8daeed0767faf33e4855053721225d01d9b9579bfbd5983f50b3d9110203010001300d06092a864886f70d01010505000381810003faedaaf78a6ea26332eacf6d24f2524294459a38c21df8be34300bdbd501994eda464560effdc911cc0dce1840642773d437b63328cf9e454cfae78f95275cfc2c993904b2cacc2905df328dbb015137542476782ed3d7e32166759bba013fc65db8debd0239e3e580c4d92842b15376aee828c38b2d3c33c2f26dbdf8f2663181c03081bd020101301b300f310d300b06035504030c04746573740208058c657156150208300906052b0e03021a0500300d06092a864886f70d01010105000481800574d137ad7d2fa6c991d9246bb99114144a1f36e90aebd869952f57268c3d50c8fd455939b0e04757769725ed368c93b0895bfb9c3d843c068247fd713d55998b3fcd9db317e42893bf56ff2e1d8789f7f14d51886f7acd9853be9c8ce5b7ef86d30b7f2404052914dbe0ce258114fef394db8db42adb3a61e43cd6bd47677000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000>/M(D:20091222094730+01'00')/Location(Lisbon)/Name(test)/SubFilter/adbe.pkcs7.sha1/ByteRange [0 243 1773 108382 ] >> mamueller wrote: > > Hello, > > i have tried to run the example with an external signature in WINCER > SIGNED MODE, like described on: > (http://itextpdf.sourceforge.net/howtosign.html#signextstd). > With Algorithm SHA1 sign and verification works fine. > But if i replace the SHA1 through SHA256 the sign process works without > errors, but the verification of the signed document with Acrobat reader > 9.1.3 fails with message: "The document was changed or damaged after put > signature" > > The code for signing: > > Security.addProvider(new BouncyCastleProvider()); > > ks.load(new FileInputStream("my_private_key.pfx"), > "my_password".toCharArray()); > String alias = (String)ks.aliases().nextElement(); > PrivateKey key = (PrivateKey)ks.getKey(alias, > "my_password".toCharArray()); > Certificate[] chain = ks.getCertificateChain(alias); > PdfReader reader = new PdfReader("c:\\original.pdf"); > FileOutputStream fout = new > FileOutputStream("c:\\aax2xsigned.pdf"); > PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0'); > PdfSignatureAppearance sap = stp.getSignatureAppearance(); > sap.setCrypto(key, chain, null, > PdfSignatureAppearance.WINCER_SIGNED); > sap.setReason("I'm the author"); > sap.setLocation("Lisbon"); > // comment next line to have an invisible signature > sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, > null); > sap.setExternalDigest(new byte[128], new byte[20], "RSA"); > sap.preClose(); > MessageDigest messageDigest = MessageDigest.getInstance("SHA256"); > byte buf[] = new byte[8192]; > int n; > InputStream inp = sap.getRangeStream(); > while ((n = inp.read(buf)) > 0) { > messageDigest.update(buf, 0, n); > } > byte hash[] = messageDigest.digest(); > PdfSigGenericPKCS sg = sap.getSigStandard(); > PdfLiteral slit = (PdfLiteral)sg.get(PdfName.CONTENTS); > byte[] outc = new byte[(slit.getPosLength() - 2) / 2]; > PdfPKCS7 sig = sg.getSigner(); > Signature sign = Signature.getInstance("SHA256WithRSA"); > sign.initSign(key); > sign.update(hash); > sig.setExternalDigest(sign.sign(), hash, "RSA"); > PdfDictionary dic = new PdfDictionary(); > byte[] ssig = sig.getEncodedPKCS7(); > System.arraycopy(ssig, 0, outc, 0, ssig.length); > dic.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true)); > sap.close(dic); > > Kind regards and merry christmas > > Manfred > -- View this message in context: http://old.nabble.com/External-signature-in-Wincer-Sign-Mode-SHA256-does-not-work-tp26885435p26885473.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
