Raitskin, Paulo, first I have to revise my former words:
mkl wrote > Its single SignerInfo (see below) does not contain any attributes, neither > signed nor unsigned ones, especially not a MessageDigest. For a > "adbe.pkcs7.detached" kind of signature this to me seems wrong. As a > signature of that kind it has an empty encapsulated content field, and as > there are no signed attributes either, the data signed according to the > "Message Digest Calculation Process" in RFC 3852 are completely empty. Actually this is not wrong, merely very minimalistic. RFC 3852 states > The optional omission of the eContent within the EncapsulatedContentInfo > field makes it possible to construct "external signatures." In the case > of external signatures, the content being signed is absent from the > EncapsulatedContentInfo value included in the signed-data content type. > If the eContent value within EncapsulatedContentInfo is absent, then the > signatureValue is calculated and the eContentType is assigned as though > the eContent value was present. Still > it at least is uncommon to not use the MessageDigest signed attribute for > such signatures. This is due to the fact that generally some signed attributes are required, and in that case MessageDigest must be used, too. PAdES-BES, e.g., requires ESS attributes, as also do quite a lot of other profiles for obvious reasons. Maybe Foxit takes the use of ESS as granted and, thus, does not like signatures without MessageDigest attributes... Raitskin Alexander wrote > How would you change it to fix the PKCS7 according to what it should be? As you can read above, in a very minimalistic manner the signature container seems valid. We can only guess which additional requirements there are for Foxit to like the signatures. Some possibilities have been mentioned or implied above. Regards, Michael -- View this message in context: http://itext-general.2136553.n4.nabble.com/Re-Digital-sigantures-generated-with-itext-are-not-valid-in-Foxit-tp4299281p4299867.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2 _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
