Hi Alfonso,
I saw the problem with unrecognized OIDs for the different sets of EC
parameter before. Maybe it boils down to defining another OID
assignent. Could you please post a sample PDF with this type of signature?
Greetings,
Andreas
> Hi,
> I have a pdf file signed with Elliptic curve
Hi Néstor,
the flap of a butterfly may cause a tornado! So did you ;-)
Greetings,
Andreas
> I didn't know that a simple certification question would be so
> controversial.
>
> Regards,
>
> Nestor
>
> On Thursday, September 3, 2015, Randy E. Hoover
> wrote:
>
>> Please
Hi Michaël, hi Carmen,
I saw some good results with IKVMC
(http://www.ikvm.net/userguide/ikvmc.html) when using a java lib in the
context of an Exchange server! Despite my expectations it worked like a
charm.But I used my own Java code, not the iText lib.
Anyway, if you try please share some
Using the correct BC version is a good starting point. But the xml
parser is not part of BC ...
Greetings,
Andreas
Hi,
I'll try to sign the PDF later, but iText 5.5.2 uses BC 1.49:
http://sourceforge.net/p/itext/code/HEAD/tree/trunk/itext/pom.xml#l244
Could you try the 1.49 dependency?
Hi Bruno,
that's the most informative post I've read for a long time. You named
all the pitfalls (too obvious for me to see) and gave good orientation
for the newbie!
But I do miss your spicy comments ;-)
Greetings,
Andreas
On 27/02/2013 21:06, adamec wrote:
Hmmm, first of all - thanks for
Get well soon ;-)
On 28/02/2013 9:42, Andreas Kuehne wrote:
But I do miss your spicy comments
I got verbally slammed again recently.
I need some time to recover ;-)
--
Everyone hates slow websites. So do we.
Make
Hi adamec,
let me try it a bit more verbose:A detached signature is completely
different from an embedded signature inside a PDF! You cannot turn one
into the other!
Another explanation: When you create a detached signature on a PDF,
everything's fine. If you try to include a signature into this
I have tried to get this done, but it I've invested dozens of hours of
trying various changes to the snippets in the Digital Signature paper and
reading of iText's Javadoc, but to no avail.
The world of crypto ... now you entered ...
resilience and patience ... you must learn!
If Yoda is a
Hi Cristian,
the problem is not the signing itself but the modification of the PDF
(insert the signature element). Afaik iText does this in memory, but I
would love to learn that I'm wrong.
The hashing and signing can be in two additional steps.
Greetings,
Andreas
Hi
I use Itext to sign some
Hi Marot,
I would guess Slot 2 is interesting one! Obviously it needs credentials
to be accessed (LoginException).
Good luck,
Andreas
Op 11/01/2013 12:12, Marot Laurent schreef:
134:String alias = (String)ks.aliases().nextElement();
Exception in thread main
Hi Laurent,
do you have special requirements regarding the timestamp service?
Both iaik and bouncy castle provide a simple server implementation we
have used successfully ...
Greetings,
Andreas
thank you. I'll digg caCert side as i'm currently investigating The CAcert
Assurance Program. I
Hi naval,
I want to Create PDF using using XML and XSL. can i? actully everybody is
suggesting me use APACHE FOP.
but i want to do wih using itext can u provide me code Or help so i can
create PDF using xml and xsl.
there is a big 'ideological'mismatch between working in the world of
'nodes in
Rohan, give zxing a try. It knows about reading barcodes ..
iText can´t read barcodes.
Paulo
On Mon, Nov 19, 2012 at 2:38 AM, Rohan Purohit
rohan.puro...@prosoftgroup.com wrote:
Hi,
I was able to use i-Text pdfStamper to generate and append code39 symbology
barcodes on successive pages
Hi keklikhasan,
I wouldn't call this a problem! You always have just one root
certificate. The other one (not required to build the certificate chain)
will just be ignored.
Greetings,
Andreas K.
Hi, i have similar problem. i try to sign pdf with mobile signature. i use
Hi DenLindy,
it will depend on the context. If you ordered 'chainFull' in a BDSM
studio as in the context of PDF signing.
Assuming the latter it will be the array of all certificates, starting
from the signing certificate up to the trusted root. The ARX signer will
know about the certificate
Hi Bruno,
I'm in München for the moment, presenting the current version of the
white paper on digital signatures at W-JAX (at 10:15 in the Calgary room
at the Westin Grand).
enjoy your visit to Germany!
I have a number of TODOs for the next version of the white paper, and
I'm accepting
Thanks roboboot,
you made my day!
After all these years working on the DSS TC
(https://www.oasis-open.org/committees/dss-x/) you showed me he first
DSS implementation code 'in the wild'! So really someone read the specs ;-)
Does ARX also implement the 'Visible signature profile'? This would do
Hi Den,
arxCoSignService.getSignatureOfDataBuffer returns a detached PKCS#7
signature as a byte array.
CoSign is a hardware appliance, from Algorithmic Research, that is installed
on our network. It includes all the PKI ingredients including the CA and the
repository of the user’s private
Hi yazeed,
the problem you initially mentioned is a 'BER encoding problem'. That's
what I do get when I open your signed PDF in the Acrobat reader. And
this is not a surprise as the included certificates look wierd. I cannot
see the certificate in the reader. That's no surprise as the
Hi again, yazeed!
Three quick tips:
- Use Google! You'll find answers more quickly than by waiting for
replies on the list.
- Use a PKCS7-type of signature. The RSA-SHA1 is antique and we saw many
problems associated with it.
- Check your smartcard software. The signature is 131 bytes long. That
Hi yazeed,
'thumb up' for providing a problem PDF with your request!
I can't explain the problem with the code you provided but the included
certificates in the PDF look very strange ... no wonder why the reader
complains about broken encoding!
Greetings,
Andreas
Hi,
i followed the example
Hi Alfonso,
a cross-check with our iaik-based verification tool succeeded. So this
underpins the move to report a bug to BC.
Greetings,
Andreas
Hi again,
please find attached the PDFs that cause the error and my fix in PdfPKCS7.java
I produced the PDFs files using SignWithBC.java sample
Hi Oliver,
once there was a 'bug' with signatures not related to page dictionaries.
Are you using a recent version of iText?
Anyway, could you post a sample of the 'phantom signature' pdf file.
That's always interesting ...
Greetings,
Andreas
Hi
I have a PDF which when opened in Adobe PDF
Hi Elias_iText,
I don't expect any p7s-Viewer to be able to 'verify' an arbitrary hash.
And I would doubt any legal effect from a verification that isn't
directly derived from the original document. The approach 'I got some
hash bytes from some part of a document, so believe me that everything's
Hi Attila,
can you post the signatures? Simple ones or advanced PAdES stuff?
I'll could try to verify ...
Greetings,
Andreas
Dear Developers,
The modified files of chapter 12 are downloadables thus we can test
the signatures.
Do you have a verification example ?
Best Regards,
Hi Michael,
would we be better off if iText doesn't use the given provider for
hashing? The specified provider is usually intended for the signing
stuff. And BC is always a good choice for hashing algorithms.
My proposal:
Try hashing with BC. If the given algo is not available in BC, give the
the check for SunPKCS11). This fails far to easily. E.g. I
prefer to use the iaik PKCS11 provider ;-)
Greetings,
Andreas
Andreas,
Andreas Kuehne-3 wrote
would we be better off if iText doesn't use the given provider for
hashing? The specified provider is usually intended for the signing stuff
are coming up too frequently and it's time to fix them.
Paulo
On Thu, Jul 19, 2012 at 8:53 AM, Andreas Kuehne kue...@trustable.de wrote:
Hi Michael,
yes, it could be useful to denote a special provider for hashing. Maybe
the best solution would be to have a signing provider parameter
Hi zouzou,
I would recommend just to accept that iText is build to use BC. It's not
just the of the JCA provider but also the direct reference to BC classes
from the iText code. The internal structure of BC and iaik classes is
very different. So you have to have BC in the classpath and can
Hi Paulo!
iText needs BC but it's possible to bypass it and create an external
signature (a complete CMS or CAdES) using whatever means available. If
using the iText signature code the provider can be explicitly selected
or the selection will be done using the normal Java mechanism as mkl
and
Hi Michael,
impressive! I wouldn't track this down!
Anyway I don't like *Buffer classes and would have created a plain
String and converted it to a byte array later on. Lazy me ...
Greetings
Andreas
Roberto, Andreas,
this indeed is a bug in iText.
Everything in the signing process is done
Hi Roberto,
your code doesn't seem to conrain any 'fail over 30 MB' condition. Could
you manage to upload a sample to somewhere? Posting such a huge file on
the list wouldn't be fun ;-)
Greetings
Andreas
I am trying to sign a lot of PDF files using iText (latest version) for Java.
But I
Hi Michael,
as usual you right: There is a strange difference in the calculation of
the byte range, especially when it implies to digest past the end of the
file.
We can't blame Roberto as he doesn't tweak the byte range ... should
there be a bug in iText? Usually not my first guess ...
, make sure no static objects where called, check that
only one BC version is in the classpath.
Paulo
On Fri, Apr 13, 2012 at 9:58 AM, Andreas Kuehne kue...@trustable.de wrote:
Hi Paulo,
maybe it would be useful to include a check for the BC version (range) ?
Greetings
Andreas
Unless you
Hi Paulo,
maybe it would be useful to include a check for the BC version (range) ?
Greetings
Andreas
Unless you are using the SVN HEAD you sould use BC 1.46.
Paulo
On Thu, Apr 12, 2012 at 8:06 PM, denixx baykin denixx.bay...@gmail.com
wrote:
Hi. I tried to self sign the pdf file and get
Hi Kwan Hon Luen,
Bouncy Castle is undergoing some major/severe refactorings with
incompatible changes at relevant API interfaces. So version dependecy
not a problem of iText but all 'users' of BC. It hurts a lot!
Greetings
Andreas
It appears that iText 5.2.1 is not compatible with
Hi Alekz,
could you please send a sample?
I would bet on a verification problem with the OCSP response.
Greetings
Andreas
Hello all, I'm testing the digital signature capabilities of iTextSharp and
came across this problem: when adding the ocsp response to the
authenitcatedAttributes of
Hi Christian,
can you give a little more information about the PKCS11 lib you are using?
As far as I can see from the log that the PKCS11wrapper detected a
problem. But that's quite generic ...
Greetings
Andreas
Hey @all,
I tried the example How to sign with an external signature and a
());
And the content from .cfg-file is the following:
library = /usr/local/lib/libcvP11.dylib
name = CryptoVision
Am 22.03.2012 um 13:59 schrieb Andreas Kuehne:
Hi Christian,
can you give a little more information about the PKCS11 lib you are using?
As far as I can see from
kind of logging
/ tracing at the PKSC11 level?
Greetings,
Andreas
Hmm ok I created a java keystore and it works. But its s... Because pkcs11
works in past with older itext and bouncy castle
Am 22.03.2012 um 15:31 schrieb Andreas Kuehne:
Hi Christian,
now I see! I didn't came across any
Hi Kristof,
thanks for the feedback!
The problems and shortcomings around Separation of PDF handling and
smartcard interaction were discussed on this list in detail, I guess one
year ago. Maybe you could google for 'deferred signing' ...
Separation of document processing and smartcard
Hi folks,
due to some bug fixes we like to upgrade to Bouncy Castle 1.47 in our
project. So I wonder if there is already a schedule for iText moving to
the forthcoming version?
Unfortunately there are some major changes in the next version so
upgrading needs some attention:
Hi AppalaNaidu,
try the most obvious:
Add the class that's missing the classpath, in this case the bouncy
castle jar ... maybe you should refresh your Java basics ..
Greetings,
Andreas
HI Friends, This is ApplaNaidu.
Client requirement is file sending or saving with password protection
Hi AppalaNaidu,
if you don't know how to do simple classpath setup and if you are not
fimiliar with Eclipse and didn't walked thru the documentation avialable
for iText .. you will never meet your deadline!
Greetings
Andreas
HI Alexis, This is AppalaNaidu.
I downloaded latest version of itext
Hi Michael,
thanks for your detailed analysis of this signature. I was lost as our
verifier prodly states 'valid signature' while the reader marks
unspecified problems.
I'll go and add an additional check!
@Max: Looks like there is light at the end of the tunnel! Most problems
solved ...
Hi max,
could you please forward the signed PDF?
Greetings
Andreas
- original Nachricht
Betreff: Re: [iText-questions] Sign and PDF with SmartCard and web browser only
Gesendet: Mi, 08. Feb 2012
Von: madmax
Hi MichaelI looked a little dipper to what you were saying and begun
? If it
verifies, you're sure to have the right certificate selected.
Greeting
Andreas
Andreas, Max,
Andreas Kuehne-3 wrote
For curiosity I took a look at the signature, too. Here's what I got:
2012-01-31 20:04:13,281 ERROR (http-0.0.0.0-8080-7)
[de.trustable.signingserver.Verifier] Signature
For curiosity I took a look at the signature, too. Here's what I got:
2012-01-31 20:04:13,281 ERROR (http-0.0.0.0-8080-7)
[de.trustable.signingserver.Verifier] Signature ERROR from signer # 0 :
javax.crypto.BadPaddingException: Invalid PKCS#1 padding: encrypted
message and modulus lengths do not
Hi Valentin,
my first remark is that iText is far away from PKCS11 session. The sun
jac/plkcs11 bridge is obviously managing the sessions as you can see
from the call stack.
Second remark: where is iText involved at all? Looks like you using a
'btrust' signer.Maybe you're better off at that
Hi Thomas,
that's always tricky terrain!
I once made a sample for version 2.17.
Dtmo this is mostly the playground of bouncy castle, not iText ...
Anyway, what about the most simple way: Most HSM implementors provide an
JCA implementation, too. This way you could get around all the nasty
PKCS11
Hi andyrobb18,
just listen what the reader says : 'the bytes are evil' (or something
like that...).
From a quick look at the file I would guess you're missing the last zero
bytes in the signature field. Extend the array by two bytes and pad it
with '00'.
It should look like ...f961fc*00*
Hi Niccolÿ,
you cannot create a signature upfront, as the PDF changes when you add
the space for the signature. And even if you sign an unsigned PDF with
all the space for the signature allocated, you break the signature
because the PDF changes once you write if with the added signature.
This is
Hi Tom,
if you don't mind to get in touch with XSL, try to convert your data into
XSL-FO and let it render by one of the XSL-FO-engines. You don't have to get
near a single line of Java code or a compiler ...
Greetings
Andreas
- original Nachricht
Betreff: Re: [iText-questions]
Hi AJ !
Just add a (trusted) timestamp to your signature. I doesn't relate to the
'quality' leve of your certificate ...
Greetings
Andreas
- original Nachricht
Betreff: [iText-questions] signing question re date/time
Gesendet: Mi, 29. Jun 2011
Von: AJ Weber
I'm testing some PDF
Hi AJ,
I forget instantly, but google rmenbers :
http://www.itextpdf.com/examples/iia.php?id=225
And if you like to know about Timestamp, search for RFC 3161 have a look at
http://www.opentsa.org/#service
Greetings
Andreas
- original Nachricht
Betreff: Re: [iText-questions]
now see it later in the chapter, but had not
ventured that far yet, because I don't have a X509 cert. Vielen dank. -
Original Message - From: Andreas Kuehne To: AJ Weber Cc: Post all your
questions about iText here Sent: Wednesday, June 29, 2011 1:07 PMSubject: Re:
Re: [iText-questions
Hi Dushi,
good news first : Your signature and the included certificates looks fine. If
you're curious you can check your PDF/signature at http://sig-check.de . The
only problem here is the unavailability of the OCSP responder :
[de.trustable.signingserver.OCSPProviderBeanHelper] OCSP
Hi Jan Luc,
the interface of a specific smartcard is not an iText issue. Smartcard provider
obviously have a lot of time to develop a crazy variety of interfaces
specifications. Maybe you can get along with a Java crypto provider, maybe a
PKCS11 driver will do, perhaps you have to dig into
Hold on, your on the right track !
You'll have to cast the certificate to a X509Certificate. This offers the
getNotAfter() method ...
Greetings
Andreas
- original Nachricht
Betreff: Re: [iText-questions] DigitalSignature+ExpiryDate+in XFA Forms
Gesendet: Mo, 11. Apr 2011
Von:
Hi Dushi,
what's the exact problem ? Is the chain ncz included in the signature or is it
unavailable at verification time ?
Please post a sample PDF so I can check the signature with my favorite tool ...
Greetings
ANdreas
- original Nachricht
Betreff: [iText-questions] URGENT
Please share your PDF.
It's always hard to guess something from the code ...
Greetings
Andreas
- original Nachricht
Betreff: [iText-questions] itext 5.05 pkcs7 detached sha256 bouncy sign problem
Gesendet: Mi, 09. Mrz 2011
Von: erfrwf erferf
Hi,
I have succesfully signed ,also in
Hi Martin,
I would recommend to take a look at Flying Saucer, a XHTML renderer on top of
iText (http://code.google.com/p/flying-saucer/). I've seen very impressive
projects with it.
Maybe your job is done in 4 hours and can take a 3,9 week holiday ;-)
Greetings
Andreas
- original
Hi Paulo,
thanks for your quick and clarifying response !
My vote : Drop the PKCS1 creation stuff. Leave code for PKCS1 verification ( if
there is any ) for legacy compatibility.
Greetings
Andreas
- original Nachricht
Betreff: Re: [iText-questions] Another spec question
Hi Julien,
sounds wierd ... could you please post a sample PDF ?
Greetings
Andreas
- original Nachricht
Betreff: [iText-questions] PDF Signature : validity unknown - belgium eid :
Signature problem in a PDF, with a certificate chain (MyCertificate -
CitizenCA - BelgiumRootCA)
Hi ashish,
I'm not an itextsharp user but the problems regarding signature creation may be
the same :
A fully written PDF can usually _not_ be extended with a signature. If you
reopen the PDF and append a signature, the PDF document changes and the
signature is invalid.
More interesting to me
Hi Jian,
from a first look at the code sample I would assume the difference is the
missing padding in version 2.
But I'm not quite sure how a missing padding wouldn't cause a BER decoding
error ...
I always a good idea to post sample PDF. Many guys on the list have their
favourite tools to
Hi msinatl,
it's always a bit tricky to estimate the size of a signature as the standards
allow a broad variety of data to be included into a signature ( or just left
out ). Moreover the PDF format uses a hex encoding of the binary signature, so
the size doubles.
If you are going to do an
Hi Christophe,
the chains looks good to me. But maybe the Reader complains about an untrusted
root rather than a missing part of the chain ...
Could you post an example ? Would like to take a inside ..
Greetings
Andreas
- original Nachricht
Betreff: [iText-questions] problem
Hi Christophe,
your signature is definitly skrewed up. For example it claims to be a signature
containing it's signed content what doesn't make sense for a PDF signature.
I'll have a look into the signature structure ..
Greetings
Andreas
- original Nachricht
Betreff: Re:
Nachricht
Betreff: Re: [iText-questions] problem including certificate chain in PDF
Gesendet: Fr, 10. Sep 2010
Von: Andreas Kuehne
Hi Christophe,
your signature is definitly skrewed up. For example it claims to be a signature
containing it's signed content what doesn't make sense
Hi Andrea,
as Michael pointed out the processing is not trivial and many brave developer
were caught in one of the pitfalls. If you're a lazy guy ( like me ) you may
try
to copy'n' paste from the code of our signing server ( available at
http://sourceforge.net/projects/sirius-sign/files/ ).
Hi Marko,
did you try proGuard ( http://proguard.sourceforge.net/downloads.html ) ?
This is an impressive compression tool for jars. Our applet using iText source
shrinked dramatically ( 2 MB - 90KB ). This ratio will usually be less in
other
usage scenarios, but I would guess 5% will be
Hi all !
I did see strange behaviour with WebLogic 9.x, like threads running mad
strangling the overall performance of the application. I would recommend to
invest time in moving to another app server / newer version. Maybe you try to
deploy your app in a recent version of weblogic. That
Hi !
The most important question in return to your question is :
What do you want to achieve ?
Legal intentions or just a green checkmark to make the user feel secure ?
First is very compex and heavily depends on the legal environment.Even here in
the european community the regulations are
Hi Victor,
I solved a similar problem by letting iText do signature creation, get the hash
value create a signature on my own. Later on I filled in the newly ceated
signature into the preserverd siganture space. You have to take care that the
area is big enough ...
Btw. : I'm not fimiliar
Hi all,
as maintainer of the 'sirius signing server' project I like to add that we are
eager to implement PAdES support both for signing and verification ( including
our web page sig-check.eu ). But due to the lack of test cases we deferred to
invest time and effort. A good set of test cases
Sorry, but due to other requirements we do most of the crypto stuff outside of
iText and so I'm not very familiar with the method you mentioned.
But a short look atv the code tells me that the 'second digest' is the digest
that is build across the PDF byte range that becomes an authenticated
Hi again,
don't mess upm the different hashes :
1. hash : The one that's calculated over the PKCS7 signature itself (
especially the authenticated attributes ). This one is going to be encrypted by
the private key.
2. the hash of the PDF byte range : This one will end up in a authenticated
Sorry,
my expertise in iText classes regarding signing is very limited. As I mentioned
we do most of the crypto stuff outside of iText .. nevertheless we appreciate
iText for all the PDF related functionality.
My recommendation is to check the mailing list, the online samples or the
'book' !
Hi,
your assumption seems to hold true : No one seems to be able to aswer the
question, but I'll try to help you a bit further :
The first thing to mention is that PDF expects the the OCSP response to be
available at signing time. So you do the OCSP call _before_ the hashing. And
then there
Hi Mathew,
afaik the problem can not be solved, just circumvented.
You get one hash from a PDF, after storing and reopening you get another hash.
The raesons for this are not an iText issue and are already discussed on this
list in detail.
So how to get around :
Don't store and reopen the PDF
Hi Salvo,
thanks for the code, But additionally I would like to see how you put the
signature into the the PDF. As Michael pointed out yesterday openening and
saving the PDF would break the old hash ...
Greeting and looking forward for your example
Andreas
- Original Message
From:
Hi Salvo,
we faced a similar problem of splitting signature calculation and actually
signing of the hash.
So from my first look at your approach I would guess the calculation of the
hash is your problem. Do you hash the whole document ? If yes, that's not the
hash intended for PDF signing. The
Unsupported major.minor version 49.0
Due to my experience this is a Java version mismatch : Are you trying to run
1.4 classes in a 1.4 runtime ?
Greetings
Andreas
- Original Message
From: 1T3XT info i...@1t3xt.info
To: Post all your questions about iText here
Hi Christian,
I'm not familiar with XFA but I would state that it's a bad idea to change the
SignatureProperties _after_ signing. You didn't attach the XML signature as
text but usually it got a reference to the SignatureProperties to have them
protected by the signature. Modifying usually
Hi Sérgi,
you have to make destinction between root certificates and OCSP responses. Of
course you can get certificates rom somewhere ( usually the signing
certificates include a hint where to find the issuing certificate ). Anyway you
have to make the active decision 'I trust this root
Hi Christian,
we do some useless signing with a fake key just to keep the give iText API
happy. When iText has signed the PDF it can be written to disk as usual. But
after this step we know the hash and the position of the PKCS7 signature. Once
our own signing process is thru we replace the
Hi Mathieu,
does your XML validate ?
How did you apply the XML signature ?
Could you share the XML document / the PDF ?
Greetings
Andreas
From: Mathieu Fortin mathieu.for...@notarius.com
To: itext-questions@lists.sourceforge.net
Sent: Mon, January 25, 2010
-step scenario which didn't work.
Regards, Michael.
From: Andreas Kuehne [mailto:akue...@yahoo.com]
Of course it's possible what your describing :
- Build a semi-signed PDF with room for the signature
- Get the hash value
- Store the half-baked PDF on disk
- Sign the hash and create
Couldn't remember that I ever disagreed with Leonard, but now it's the time !
Of course it's possible what your describing :
- Build a semi-signed PDF with room for the signature
- Get the hash value
- Store the half-baked PDF on disk
- Sign the hash and create a PKCS7-Signature, somtimes later,
Hi Pavol,
don't worry about the certificate. When you are going to sign the bcertificate
is used just for encryption of the ready-made hash bytes.
Moreover a certificate isn't a 'SHA-1' certificate. Maybe you see a certificate
id build using SHA-1, but that's just a way to identify your
Hi İsmail,
presumably you got a PDF an a detached signature ( a separate file ). This
won't never fit into the PDF because the way the PDF signature is build is
different from the way a detached signature is calculated.
But iText can build a PDF signbature for you, see the examples in 'the
Hi abeliko,
isn't the the exception clear enough ?
Failed to get TSA response from 'http://tsa.safelayer.com:8093'
Seems that you can't get any response from your TSA. Maybe you can't access
that domain ( proxy settings ... ) or ther is no service available.
But dtmo it doesn't seem to be
Hi Javadoc,
are yu really going in the right direction ? I would presume the rangestream
the most important part when it comes to signing PDFs. We process most part of
the signature outside iText in a different crypto provider, but praise the lord
every day for the availability of the
Hi Francesco,
my favourite pitfall with offline OCSP is the nextUpdate-Value in the OCSP
response. If it's 'null' ( what's the default value for many OCSP responders )
the Reader ignores it.
Greetings
Andreas
- Original Message
From: Francisco Leong frleon...@yahoo.com
To:
Hi,
I don't know anything about the your special environment, but hash algos are
_not_ subject of the policy files. They limit the encryption strength.
From the message I would guess there is no crypto provider registered. Have a
look what's registered :
java.security.Provider[]
Try
java.security.Security.insertProviderAt(new BouncyCastleProvider(), 1);
or
java.security.Security.addProvider(new BouncyCastleProvider());
AddProvider usually works fine, but I remember strange problems with 1.4.*
Good luck
Andreas
- Original Message
Hi Tamas,
the bouncy castle components do most of the crypto processing required to build
the signature. iText does many good things, but doesn't supply crypto functions
on its own.
Maybe you think about using a central service for signing. So you doesn't have
to bother with crypto stuff in
Hi Manfrrad,
can you make the PDF doc available ?
Greetings
Andreas
- Original Message
From: mamueller mamuel...@directbox.com
To: itext-questions@lists.sourceforge.net
Sent: Friday, September 4, 2009 9:46:23 AM
Subject: Re: [iText-questions] Need Help! Self Signed external
Hi Sawa,
that sounds interesting !
Is it possible to piost the strange PDF ?
Greetings
Andreas
- Original Message
From: Sawan Jain sawan.j...@thedigitalgroup.net
To: itext-questions@lists.sourceforge.net
Sent: Tuesday, August 18, 2009 4:44:48 PM
Subject: Re: [iText-questions]
1 - 100 of 150 matches
Mail list logo