Daniel,
dahepe wrote: > > playing around with digital signing using iText I stumbled across the > http://itextpdf.sourceforge.net/howtosign.html "How to sign ..." > examples. > > Especially the examples using external signatures left some questions open > - at least for me. For example the setCrypto method on the > PdfSignatureAppearance object is always called with the private key > object: > IF that method is called, it requires the private key object. But there are a number of examples on the howtosign page you referred to which do not use that method. dahepe wrote: > > As one uses an external signature the private key should be of no meaning > for the PdfSignatureAppearance object and providing the key should not be > necessary - or am I wrong? > In this case the private key essentially is used to create some signature dictionary entries. The public certificate would have sufficed, though. dahepe wrote: > > Additionally I kind of struggle with the the setExternalDigest calls on > the PdfSignatureAppearance object > > ... > sap.setExternalDigest(new byte[128], new byte[20], "RSA"); > ... > > The calls seem to be necessary to initialize internal structures in the > PdfSignatureAppearance (NullPointerException when omitting the private key > and these calls...). But where do the sizes of the two arrays come from > and how do I know the correct size to use? I image that there is some > relation between the size of these arrays an the used key(algorithm) but > what is this relation? > The parameters of the setExternalDigest method are the RSA-encoded digest, the contents of the PKCS#7 data, and the encryption algorithm. When used with placeholders --- which is done in your example --- the placeholders must have the appropriate size. The RSA (more exactly RSA/1024) encoded digest of the PKCS#7 data requires 1024 bit = 128 bytes and the the PKCS#7 data themselves (in the example at hand the SHA1 digest of the PDF data stream to sign) requires 160 bits = 20 bytes. Depending on the signature encoding some meanings change here, though. As Paulo said, the existing code can be confusing... ;*) Regards, Michael. -- View this message in context: http://old.nabble.com/How-to-sign-examples-tp26886381p26886900.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
