Re: [iText-questions] iText-5.3.0 digital signature cannot verify in Acrobat 9 but fine in Acrobat Reader X
On 14/08/2012 6:31, Eric Chow wrote: The format of this signature is not supported by this signature method. You're using CADES! Did you read the White Paper on digital signatures? CADES is introduced in PDF 2.0 (ISO-32000-2), a spec that hasn't been officially released yet. In other words: it's brand new and it shouldn't surprise you that it's not supported in older version of Acrobat and Reader. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
Re: [iText-questions] iText-5.3.0 digital signature problem?
Op 19/07/2012 4:11, Eric Chow schreef: Hello, I am trying to migrate my old digital signature program to the new iText-5.3.0, but it failed. I tried to test the digital signature in the iText-5.3.0 tutorial but it not worked with Smartcard. It gots some exception: java.security.NoSuchAlgorithmException: no such algorithm: SHA1 for provider SunPKCS11-GD This is NOT an iText issue. The error message explains why: you are trying to create a message digest (SHA1, an algorithm that is no longer recommended as you could read in the white paper) using the security provider SunPKCS11-GD which doesn't support the algorithm of your choice. The solution is: use another security provider to create the hash. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
[iText-questions] iText-5.3.0 digital signature problem?
Hello,
I am trying to migrate my old digital signature program to the new
iText-5.3.0, but it failed.
I tried to test the digital signature in the iText-5.3.0 tutorial but it
not worked with Smartcard. It gots some exception:
java.security.NoSuchAlgorithmException: no such algorithm: SHA1 for
provider SunPKCS11-GD
at sun.security.jca.GetInstance.getService(GetInstance.java:70)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
at java.security.Security.getImpl(Security.java:662)
at java.security.MessageDigest.getInstance(MessageDigest.java:185)
at
com.itextpdf.text.pdf.security.MakeSignature.signDetached(MakeSignature.java:128)
at TestSign.sign(TestSign.java:46)
at TestSign.main(TestSign.java:74)
The following is my example, please advise me if the codes exist mistakes.
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import sun.security.pkcs11.SunPKCS11;
import com.itextpdf.text.DocumentException;
import com.itextpdf.text.Rectangle;
import com.itextpdf.text.pdf.PdfReader;
import com.itextpdf.text.pdf.PdfSignatureAppearance;
import com.itextpdf.text.pdf.PdfStamper;
import com.itextpdf.text.pdf.security.DigestAlgorithms;
import com.itextpdf.text.pdf.security.MakeSignature;
import com.itextpdf.text.pdf.security.PrivateKeySignature;
/**
*
*/
/**
* @author Eric Chow (hkc)
*
*/
public class TestSign {
public static void sign(PrivateKey pk, Certificate[] chain,
String src, String dest, String provider,
String reason, String location,
String digestAlgorithm, boolean subfilter)
throws GeneralSecurityException, IOException,
DocumentException {
// Creating the reader and the stamper
PdfReader reader = new PdfReader(src);
FileOutputStream os = new FileOutputStream(dest);
PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0');
// Creating the appearance
PdfSignatureAppearance appearance =
stamper.getSignatureAppearance();
appearance.setReason(reason);
appearance.setLocation(location);
appearance.setVisibleSignature(new Rectangle(36, 748, 144, 780),
1, sig);
// Creating the signature
PrivateKeySignature pks = new PrivateKeySignature(pk,
digestAlgorithm, provider);
MakeSignature.signDetached(appearance, pks, chain, null, null,
null, provider, 0, subfilter);
}
/**
* @param args
*/
public static void main(String[] args) {
String PASSWORD = password;
String SRC = doc/test.pdf;
String DEST = doc/test_signed.pdf;
try {
SunPKCS11 pkcs11 = new SunPKCS11(pkcs11.cfg);
Security.addProvider (pkcs11);
KeyStore ks = KeyStore.getInstance(PKCS11);
ks.load(null, PASSWORD.toCharArray());
String alias = 885856b0-60b9-4727-9416-75c70810de4d;
PrivateKey pk = (PrivateKey) ks.getKey(alias,
PASSWORD.toCharArray());
Certificate[] chain = ks.getCertificateChain(alias);
sign(pk, chain, SRC, DEST, pkcs11.getName(), Test 3,
Ghent, DigestAlgorithms.SHA1, MakeSignature.CADES);
} catch(Exception e) {
e.printStackTrace();
}
}
}
Best regards,
Eric
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
[iText-questions] iText 5.3.0
Hello all, this morning, I've released iText 5.3.0 and it brings a completely new API for digital signatures. If you need examples, you can already take a look at the updated book samples: http://itextpdf.com/book/chapter.php?id=12 If you need documentation, we're currently writing a white paper on digital signing (about 80 pages, including examples on how to sign using a USB key, a smart card, etc...). The complete paper will be published in September, but we'll send the first chapters to those who are subscribed to our news letter: http://itextpdf.com/newsletter/ For more information about the latest release visit: http://lowagie.com/itext530 http://itextpdf.com/history/?branch=53node=530 best regards, Bruno Lowagie -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
