On 27/02/2013 21:06, adamec wrote: > Hmmm, first of all - thanks for atttention :) > > I still quite donet understand. When I sign a pdf with iText by means of > private key I provide (using PrivateKeySignature), I also create hash for > document. Then, this hash is signed afterwards and alsdo attached to pdf. > > Am I missing something?
The problem is terminology. You're describing something like this: http://sourceforge.net/p/itext/code/HEAD/tree/tutorial/signatures/src/main/java/signatures/chapter4/C4_09_DeferredSigning.java The method emptySignature creates a PDF where the digital signature consists of 000000000...00 When you open the resulting PDF, it will say it contains a signature, but the signature is invalid (obviously because it consists of zeros). Then you use the method createSignature. This takes the PDF previously created and feeds the hash to your own signature implementation. This method replaces the "blank signature" with an actual signature. You're referring to a detached signature in the context of PKCS#1. The name 'detached signature' has two different meanings. Meaning 1: http://en.wikipedia.org/wiki/Detached_signature : A detached signature is a type of digital signature that is kept separate from its signed data, as opposed to bundled together into a single file. Meaning 2: The PDF spec talks about different sub filters used to store digital signatures. The 'detached' sub filters refer to signatures that are part of the PDF document, but they are more or less self-contained in the sense that Certificates and the revocation info (if available) are stored in the signature itself as opposed to in the signature dictionary. The way you initially phrased your question, it sounded as you referred to meaning 1 which revealed a lack of understanding of PDF signatures. Furthermore your question didn't make sense as detached signatures use either PKCS#7 or CAdES. The use of pure PKCS#1 signatures is forbidden according to PAdES and discouraged according to ISO-32000. I hope this clarifies the confusion. I didn't answer your question initially because some people seem to really hate me when I tell them their question doesn't make sense (no good deed goes unpunished), so I decided to wait for some other responses first ;-) ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php