Re: [iText-questions] pdf file signed with SHA256withECDSA

Hi Alfonso, I saw the problem with unrecognized OIDs for the different sets of EC parameter before. Maybe it boils down to defining another OID assignent. Could you please post a sample PDF with this type of signature? Greetings, Andreas > Hi, > I have a pdf file signed with Elliptic curve

Re: [iText-questions] Are certificates for PDF signing the same for HTTP SSL

Hi Néstor, the flap of a butterfly may cause a tornado! So did you ;-) Greetings, Andreas > I didn't know that a simple certification question would be so > controversial. > > Regards, > > Nestor > > On Thursday, September 3, 2015, Randy E. Hoover > wrote: > >> Please

Re: [iText-questions] itext in C?

Hi Michaël, hi Carmen, I saw some good results with IKVMC (http://www.ikvm.net/userguide/ikvmc.html) when using a java lib in the context of an Exchange server! Despite my expectations it worked like a charm.But I used my own Java code, not the iText lib. Anyway, if you try please share some

Re: [iText-questions] Signing PDF

Using the correct BC version is a good starting point. But the xml parser is not part of BC ... Greetings, Andreas Hi, I'll try to sign the PDF later, but iText 5.5.2 uses BC 1.49: http://sourceforge.net/p/itext/code/HEAD/tree/trunk/itext/pom.xml#l244 Could you try the 1.49 dependency?

Re: [iText-questions] PKCS#1 signature + iText = signed pdf

Hi Bruno, that's the most informative post I've read for a long time. You named all the pitfalls (too obvious for me to see) and gave good orientation for the newbie! But I do miss your spicy comments ;-) Greetings, Andreas On 27/02/2013 21:06, adamec wrote: Hmmm, first of all - thanks for

Re: [iText-questions] PKCS#1 signature + iText = signed pdf

Get well soon ;-) On 28/02/2013 9:42, Andreas Kuehne wrote: But I do miss your spicy comments I got verbally slammed again recently. I need some time to recover ;-) -- Everyone hates slow websites. So do we. Make

Re: [iText-questions] PKCS#1 signature + iText = signed pdf

Hi adamec, let me try it a bit more verbose:A detached signature is completely different from an embedded signature inside a PDF! You cannot turn one into the other! Another explanation: When you create a detached signature on a PDF, everything's fine. If you try to include a signature into this

Re: [iText-questions] LTV signature in a single revision

I have tried to get this done, but it I've invested dozens of hours of trying various changes to the snippets in the Digital Signature paper and reading of iText's Javadoc, but to no avail. The world of crypto ... now you entered ... resilience and patience ... you must learn! If Yoda is a

Re: [iText-questions] signing large pdfs , server side

Hi Cristian, the problem is not the signing itself but the modification of the PDF (insert the signature element). Afaik iText does this in memory, but I would love to learn that I'm wrong. The hashing and signing can be in two additional steps. Greetings, Andreas Hi I use Itext to sign some

Re: [iText-questions] desperatly trying to run Code sample 4.1: Signing a document using PKCS#11

Hi Marot, I would guess Slot 2 is interesting one! Obviously it needs credentials to be accessed (LoginException). Good luck, Andreas Op 11/01/2013 12:12, Marot Laurent schreef: 134:String alias = (String)ks.aliases().nextElement(); Exception in thread main

Re: [iText-questions] Timestamp server

Hi Laurent, do you have special requirements regarding the timestamp service? Both iaik and bouncy castle provide a simple server implementation we have used successfully ... Greetings, Andreas thank you. I'll digg caCert side as i'm currently investigating The CAcert Assurance Program. I

Re: [iText-questions] Create PDF using XML and XSL

Hi naval, I want to Create PDF using using XML and XSL. can i? actully everybody is suggesting me use APACHE FOP. but i want to do wih using itext can u provide me code Or help so i can create PDF using xml and xsl. there is a big 'ideological'mismatch between working in the world of 'nodes in

Re: [iText-questions] require java program to decode iText generated code39 barcode on PDF

Rohan, give zxing a try. It knows about reading barcodes .. iText can´t read barcodes. Paulo On Mon, Nov 19, 2012 at 2:38 AM, Rohan Purohit rohan.puro...@prosoftgroup.com wrote: Hi, I was able to use i-Text pdfStamper to generate and append code39 symbology barcodes on successive pages

Re: [iText-questions] problem including certificate chain in PDF

Hi keklikhasan, I wouldn't call this a problem! You always have just one root certificate. The other one (not required to build the certificate chain) will just be ignored. Greetings, Andreas K. Hi, i have similar problem. i try to sign pdf with mobile signature. i use

Re: [iText-questions] Signing a PDF with itext using an ARX CoSign device

Hi DenLindy, it will depend on the context. If you ordered 'chainFull' in a BDSM studio as in the context of PDF signing. Assuming the latter it will be the array of all certificates, starting from the signing certificate up to the trusted root. The ARX signer will know about the certificate

Re: [iText-questions] Signing a PDF with itext using an ARX CoSign device

Hi Bruno, I'm in München for the moment, presenting the current version of the white paper on digital signatures at W-JAX (at 10:15 in the Calgary room at the Westin Grand). enjoy your visit to Germany! I have a number of TODOs for the next version of the white paper, and I'm accepting

Re: [iText-questions] Signing a PDF with itext using an ARX CoSign device

Thanks roboboot, you made my day! After all these years working on the DSS TC (https://www.oasis-open.org/committees/dss-x/) you showed me he first DSS implementation code 'in the wild'! So really someone read the specs ;-) Does ARX also implement the 'Visible signature profile'? This would do

Re: [iText-questions] Signing a PDF with itext using an ARX CoSign device

Hi Den, arxCoSignService.getSignatureOfDataBuffer returns a detached PKCS#7 signature as a byte array. CoSign is a hardware appliance, from Algorithmic Research, that is installed on our network. It includes all the PKI ingredients including the CA and the repository of the user’s private

Re: [iText-questions] Signing PDF using Smart Card

Hi yazeed, the problem you initially mentioned is a 'BER encoding problem'. That's what I do get when I open your signed PDF in the Acrobat reader. And this is not a surprise as the included certificates look wierd. I cannot see the certificate in the reader. That's no surprise as the

Re: [iText-questions] Signing PDF using Smart Card

Hi again, yazeed! Three quick tips: - Use Google! You'll find answers more quickly than by waiting for replies on the list. - Use a PKCS7-type of signature. The RSA-SHA1 is antique and we saw many problems associated with it. - Check your smartcard software. The signature is 131 bytes long. That

Re: [iText-questions] Signing PDF using Smart Card

Hi yazeed, 'thumb up' for providing a problem PDF with your request! I can't explain the problem with the code you provided but the included certificates in the PDF look very strange ... no wonder why the reader complains about broken encoding! Greetings, Andreas Hi, i followed the example

Re: [iText-questions] R: failure in verify signature using SignWithBC

Hi Alfonso, a cross-check with our iaik-based verification tool succeeded. So this underpins the move to report a bug to BC. Greetings, Andreas Hi again, please find attached the PDFs that cause the error and my fix in PdfPKCS7.java I produced the PDFs files using SignWithBC.java sample

Re: [iText-questions] getSignatureNames() returns an empty ArrayList on a signed PDF

Hi Oliver, once there was a 'bug' with signatures not related to page dictionaries. Are you using a recent version of iText? Anyway, could you post a sample of the 'phantom signature' pdf file. That's always interesting ... Greetings, Andreas Hi I have a PDF which when opened in Adobe PDF

Re: [iText-questions] How to get the HASH from a signature

Hi Elias_iText, I don't expect any p7s-Viewer to be able to 'verify' an arbitrary hash. And I would doubt any legal effect from a verification that isn't directly derived from the original document. The approach 'I got some hash bytes from some part of a document, so believe me that everything's

Re: [iText-questions] iText 5.3 signature verification

Hi Attila, can you post the signatures? Simple ones or advanced PAdES stuff? I'll could try to verify ... Greetings, Andreas Dear Developers, The modified files of chapter 12 are downloadables thus we can test the signatures. Do you have a verification example ? Best Regards,

Re: [iText-questions] [SPAM] Re: iText-5.3.0 digital signature problem?

Hi Michael, would we be better off if iText doesn't use the given provider for hashing? The specified provider is usually intended for the signing stuff. And BC is always a good choice for hashing algorithms. My proposal: Try hashing with BC. If the given algo is not available in BC, give the

Re: [iText-questions] [SPAM] Re: [SPAM] Re: iText-5.3.0 digital signature problem?

the check for SunPKCS11). This fails far to easily. E.g. I prefer to use the iaik PKCS11 provider ;-) Greetings, Andreas Andreas, Andreas Kuehne-3 wrote would we be better off if iText doesn't use the given provider for hashing? The specified provider is usually intended for the signing stuff

Re: [iText-questions] [SPAM] Re: [SPAM] Re: iText-5.3.0 digital signature problem?

are coming up too frequently and it's time to fix them. Paulo On Thu, Jul 19, 2012 at 8:53 AM, Andreas Kuehne kue...@trustable.de wrote: Hi Michael, yes, it could be useful to denote a special provider for hashing. Maybe the best solution would be to have a signing provider parameter

Re: [iText-questions] iText and signing pdf fils

Hi zouzou, I would recommend just to accept that iText is build to use BC. It's not just the of the JCA provider but also the direct reference to BC classes from the iText code. The internal structure of BC and iaik classes is very different. So you have to have BC in the classpath and can

Re: [iText-questions] [SPAM] Re: iText and signing pdf fils

Hi Paulo! iText needs BC but it's possible to bypass it and create an external signature (a complete CMS or CAdES) using whatever means available. If using the iText signature code the provider can be explicitly selected or the selection will be done using the normal Java mechanism as mkl and

Re: [iText-questions] [SPAM] Re: Re: iText error in signing big PDF files: SigDict /Contents illegal data

Hi Michael, impressive! I wouldn't track this down! Anyway I don't like *Buffer classes and would have created a plain String and converted it to a byte array later on. Lazy me ... Greetings Andreas Roberto, Andreas, this indeed is a bug in iText. Everything in the signing process is done

Re: [iText-questions] iText error in signing big PDF files: SigDict /Contents illegal data

Hi Roberto, your code doesn't seem to conrain any 'fail over 30 MB' condition. Could you manage to upload a sample to somewhere? Posting such a huge file on the list wouldn't be fun ;-) Greetings Andreas I am trying to sign a lot of PDF files using iText (latest version) for Java. But I

Re: [iText-questions] [SPAM] Re: iText error in signing big PDF files: SigDict /Contents illegal data

Hi Michael, as usual you right: There is a strange difference in the calculation of the byte range, especially when it implies to digest past the end of the file. We can't blame Roberto as he doesn't tweak the byte range ... should there be a bug in iText? Usually not my first guess ...

Re: [iText-questions] PDF self sign failed, maybe bouncycastle has changed.

, make sure no static objects where called, check that only one BC version is in the classpath. Paulo On Fri, Apr 13, 2012 at 9:58 AM, Andreas Kuehne kue...@trustable.de wrote: Hi Paulo, maybe it would be useful to include a check for the BC version (range) ? Greetings Andreas Unless you

Re: [iText-questions] PDF self sign failed, maybe bouncycastle has changed.

Hi Paulo, maybe it would be useful to include a check for the BC version (range) ? Greetings Andreas Unless you are using the SVN HEAD you sould use BC 1.46. Paulo On Thu, Apr 12, 2012 at 8:06 PM, denixx baykin denixx.bay...@gmail.com wrote: Hi. I tried to self sign the pdf file and get

Re: [iText-questions] iText 5.2.1 and Bouncycastle 1.47

Hi Kwan Hon Luen, Bouncy Castle is undergoing some major/severe refactorings with incompatible changes at relevant API interfaces. So version dependecy not a problem of iText but all 'users' of BC. It hurts a lot! Greetings Andreas It appears that iText 5.2.1 is not compatible with

Re: [iText-questions] Adding OCSP response to authenticated attibutes causes invalid signature.

Hi Alekz, could you please send a sample? I would bet on a verification problem with the OCSP response. Greetings Andreas Hello all, I'm testing the digital signature capabilities of iTextSharp and came across this problem: when adding the ocsp response to the authenitcatedAttributes of

Re: [iText-questions] Sign a pdf with text 5.2.0 and bouncy castle

Hi Christian, can you give a little more information about the PKCS11 lib you are using? As far as I can see from the log that the PKCS11wrapper detected a problem. But that's quite generic ... Greetings Andreas Hey @all, I tried the example How to sign with an external signature and a

Re: [iText-questions] Sign a pdf with text 5.2.0 and bouncy castle

()); And the content from .cfg-file is the following: library = /usr/local/lib/libcvP11.dylib name = CryptoVision Am 22.03.2012 um 13:59 schrieb Andreas Kuehne: Hi Christian, can you give a little more information about the PKCS11 lib you are using? As far as I can see from

Re: [iText-questions] Sign a pdf with text 5.2.0 and bouncy castle

kind of logging / tracing at the PKSC11 level? Greetings, Andreas Hmm ok I created a java keystore and it works. But its s... Because pkcs11 works in past with older itext and bouncy castle Am 22.03.2012 um 15:31 schrieb Andreas Kuehne: Hi Christian, now I see! I didn't came across any

Re: [iText-questions] HASH, SMARTCARD and PKCS#7 detached

Hi Kristof, thanks for the feedback! The problems and shortcomings around Separation of PDF handling and smartcard interaction were discussed on this list in detail, I guess one year ago. Maybe you could google for 'deferred signing' ... Separation of document processing and smartcard

[iText-questions] Plans for upgrading to BC 1.47

Hi folks, due to some bug fixes we like to upgrade to Bouncy Castle 1.47 in our project. So I wonder if there is already a schedule for iText moving to the forthcoming version? Unfortunately there are some major changes in the next version so upgrading needs some attention:

Re: [iText-questions] PDF Related Issue

Hi AppalaNaidu, try the most obvious: Add the class that's missing the classpath, in this case the bouncy castle jar ... maybe you should refresh your Java basics .. Greetings, Andreas HI Friends, This is ApplaNaidu. Client requirement is file sending or saving with password protection

Re: [iText-questions] PDF Related Issue

Hi AppalaNaidu, if you don't know how to do simple classpath setup and if you are not fimiliar with Eclipse and didn't walked thru the documentation avialable for iText .. you will never meet your deadline! Greetings Andreas HI Alexis, This is AppalaNaidu. I downloaded latest version of itext

Re: [iText-questions] Sign and PDF with SmartCard and web browser only

Hi Michael, thanks for your detailed analysis of this signature. I was lost as our verifier prodly states 'valid signature' while the reader marks unspecified problems. I'll go and add an additional check! @Max: Looks like there is light at the end of the tunnel! Most problems solved ...

Re: [iText-questions] Sign and PDF with SmartCard and web browser only

Hi max, could you please forward the signed PDF? Greetings Andreas - original Nachricht Betreff: Re: [iText-questions] Sign and PDF with SmartCard and web browser only Gesendet: Mi, 08. Feb 2012 Von: madmax Hi MichaelI looked a little dipper to what you were saying and begun

Re: [iText-questions] Sign and PDF with SmartCard and web browser only

? If it verifies, you're sure to have the right certificate selected. Greeting Andreas Andreas, Max, Andreas Kuehne-3 wrote For curiosity I took a look at the signature, too. Here's what I got: 2012-01-31 20:04:13,281 ERROR (http-0.0.0.0-8080-7) [de.trustable.signingserver.Verifier] Signature

Re: [iText-questions] Sign and PDF with SmartCard and web browser only

For curiosity I took a look at the signature, too. Here's what I got: 2012-01-31 20:04:13,281 ERROR (http-0.0.0.0-8080-7) [de.trustable.signingserver.Verifier] Signature ERROR from signer # 0 : javax.crypto.BadPaddingException: Invalid PKCS#1 padding: encrypted message and modulus lengths do not

Re: [iText-questions] SunPKC11 Exception when signing PDF

Hi Valentin, my first remark is that iText is far away from PKCS11 session. The sun jac/plkcs11 bridge is obviously managing the sessions as you can see from the call stack. Second remark: where is iText involved at all? Looks like you using a 'btrust' signer.Maybe you're better off at that

Re: [iText-questions] PKCS11 implementation in iText

Hi Thomas, that's always tricky terrain! I once made a sample for version 2.17. Dtmo this is mostly the playground of bouncy castle, not iText ... Anyway, what about the most simple way: Most HSM implementors provide an JCA implementation, too. This way you could get around all the nasty PKCS11

Re: [iText-questions] iText SHA-256 signing

Hi andyrobb18, just listen what the reader says : 'the bytes are evil' (or something like that...). From a quick look at the file I would guess you're missing the last zero bytes in the signature field. Extend the array by two bytes and pad it with '00'. It should look like ...f961fc*00*

Re: [iText-questions] Put an existing P7S inside a PDF

Hi Niccolÿ, you cannot create a signature upfront, as the PDF changes when you add the space for the signature. And even if you sign an unsigned PDF with all the space for the signature allocated, you break the signature because the PDF changes once you write if with the added signature. This is

Re: [iText-questions] Infopath to PDF

Hi Tom, if you don't mind to get in touch with XSL, try to convert your data into XSL-FO and let it render by one of the XSL-FO-engines. You don't have to get near a single line of Java code or a compiler ... Greetings Andreas - original Nachricht Betreff: Re: [iText-questions]

Re: [iText-questions] signing question re date/time

Hi AJ ! Just add a (trusted) timestamp to your signature. I doesn't relate to the 'quality' leve of your certificate ... Greetings Andreas - original Nachricht Betreff: [iText-questions] signing question re date/time Gesendet: Mi, 29. Jun 2011 Von: AJ Weber I'm testing some PDF

Re: [iText-questions] signing question re date/time

Hi AJ, I forget instantly, but google rmenbers : http://www.itextpdf.com/examples/iia.php?id=225 And if you like to know about Timestamp, search for RFC 3161 have a look at http://www.opentsa.org/#service Greetings Andreas - original Nachricht Betreff: Re: [iText-questions]

Re: [iText-questions] signing question re date/time

now see it later in the chapter, but had not ventured that far yet, because I don't have a X509 cert. Vielen dank. - Original Message - From: Andreas Kuehne To: AJ Weber Cc: Post all your questions about iText here Sent: Wednesday, June 29, 2011 1:07 PMSubject: Re: Re: [iText-questions

Re: [iText-questions] URGENT HELP - PdfPKCS7 CERTIFICATE VERIFICATION

Hi Dushi, good news first : Your signature and the included certificates looks fine. If you're curious you can check your PDF/signature at http://sig-check.de . The only problem here is the unavailability of the OCSP responder : [de.trustable.signingserver.OCSPProviderBeanHelper] OCSP

Re: [iText-questions] Smartcard signing with iTextSharp and .NET 2.0

Hi Jan Luc, the interface of a specific smartcard is not an iText issue. Smartcard provider obviously have a lot of time to develop a crazy variety of interfaces specifications. Maybe you can get along with a Java crypto provider, maybe a PKCS11 driver will do, perhaps you have to dig into

Re: [iText-questions] DigitalSignature+ExpiryDate+in XFA Forms

Hold on, your on the right track ! You'll have to cast the certificate to a X509Certificate. This offers the getNotAfter() method ... Greetings Andreas - original Nachricht Betreff: Re: [iText-questions] DigitalSignature+ExpiryDate+in XFA Forms Gesendet: Mo, 11. Apr 2011 Von:

Re: [iText-questions] URGENT HELP - PdfPKCS7 CERTIFICATE VERIFICATION

Hi Dushi, what's the exact problem ? Is the chain ncz included in the signature or is it unavailable at verification time ? Please post a sample PDF so I can check the signature with my favorite tool ... Greetings ANdreas - original Nachricht Betreff: [iText-questions] URGENT

Re: [iText-questions] itext 5.05 pkcs7 detached sha256 bouncy sign problem

Please share your PDF. It's always hard to guess something from the code ... Greetings Andreas - original Nachricht Betreff: [iText-questions] itext 5.05 pkcs7 detached sha256 bouncy sign problem Gesendet: Mi, 09. Mrz 2011 Von: erfrwf erferf Hi, I have succesfully signed ,also in

Re: [iText-questions] new Version iText 5.0.1

Hi Martin, I would recommend to take a look at Flying Saucer, a XHTML renderer on top of iText (http://code.google.com/p/flying-saucer/). I've seen very impressive projects with it. Maybe your job is done in 4 hours and can take a 3,9 week holiday ;-) Greetings Andreas - original

Re: [iText-questions] Another spec question regarding a PKCS1 detail

Hi Paulo, thanks for your quick and clarifying response ! My vote : Drop the PKCS1 creation stuff. Leave code for PKCS1 verification ( if there is any ) for legacy compatibility. Greetings Andreas - original Nachricht Betreff: Re: [iText-questions] Another spec question

Re: [iText-questions] PDF Signature : validity unknown - belgium eid : Signature problem in a PDF, with a certificate chain (MyCertificate -gt; CitizenCA -gt; BelgiumRootCA)

Hi Julien, sounds wierd ... could you please post a sample PDF ? Greetings Andreas - original Nachricht Betreff: [iText-questions] PDF Signature : validity unknown - belgium eid : Signature problem in a PDF, with a certificate chain (MyCertificate - CitizenCA - BelgiumRootCA)

Re: [iText-questions] How to add external signature in pdf using itextsharp

Hi ashish, I'm not an itextsharp user but the problems regarding signature creation may be the same : A fully written PDF can usually _not_ be extended with a signature. If you reopen the PDF and append a signature, the PDF document changes and the signature is invalid. More interesting to me

Re: [iText-questions] Another invalid signature thread

Hi Jian, from a first look at the code sample I would assume the difference is the missing padding in version 2. But I'm not quite sure how a missing padding wouldn't cause a BER decoding error ... I always a good idea to post sample PDF. Many guys on the list have their favourite tools to

Re: [iText-questions] Estimated space, signing with timestamp

Hi msinatl, it's always a bit tricky to estimate the size of a signature as the standards allow a broad variety of data to be included into a signature ( or just left out ). Moreover the PDF format uses a hex encoding of the binary signature, so the size doubles. If you are going to do an

Re: [iText-questions] problem including certificate chain in PDF

Hi Christophe, the chains looks good to me. But maybe the Reader complains about an untrusted root rather than a missing part of the chain ... Could you post an example ? Would like to take a inside .. Greetings Andreas - original Nachricht Betreff: [iText-questions] problem

Re: [iText-questions] problem including certificate chain in PDF

Hi Christophe, your signature is definitly skrewed up. For example it claims to be a signature containing it's signed content what doesn't make sense for a PDF signature. I'll have a look into the signature structure .. Greetings Andreas - original Nachricht Betreff: Re:

Re: [iText-questions] problem including certificate chain in PDF

Nachricht Betreff: Re: [iText-questions] problem including certificate chain in PDF Gesendet: Fr, 10. Sep 2010 Von: Andreas Kuehne Hi Christophe, your signature is definitly skrewed up. For example it claims to be a signature containing it's signed content what doesn't make sense

Re: [iText-questions] signing a pdf in three different steps

Hi Andrea, as Michael pointed out the processing is not trivial and many brave developer were caught in one of the pitfalls. If you're a lazy guy ( like me ) you may try to copy'n' paste from the code of our signing server ( available at http://sourceforge.net/projects/sirius-sign/files/ ).

Re: [iText-questions] Recompressing the iText PDF library jar

Hi Marko, did you try proGuard ( http://proguard.sourceforge.net/downloads.html ) ? This is an impressive compression tool for jars. Our applet using iText source shrinked dramatically ( 2 MB - 90KB ). This ratio will usually be less in other usage scenarios, but I would guess 5% will be

Re: [iText-questions] iText Perfomance Issue on WebLogic 9.2 MP3

Hi all ! I did see strange behaviour with WebLogic 9.x, like threads running mad strangling the overall performance of the application. I would recommend to invest time in moving to another app server / newer version. Maybe you try to deploy your app in a recent version of weblogic. That

Re: [iText-questions] Certificate vendors for digital signatures

Hi ! The most important question in return to your question is : What do you want to achieve ? Legal intentions or just a green checkmark to make the user feel secure ? First is very compex and heavily depends on the legal environment.Even here in the european community the regulations are

Re: [iText-questions] Sign PDF using SHA 256

Hi Victor, I solved a similar problem by letting iText do signature creation, get the hash value create a signature on my own. Later on I filled in the newly ceated signature into the preserverd siganture space. You have to take care that the area is big enough ... Btw. : I'm not fimiliar

Re: [iText-questions] PADES LVT (part 4) Doc Time-stamp

Hi all, as maintainer of the 'sirius signing server' project I like to add that we are eager to implement PAdES support both for signing and verification ( including our web page sig-check.eu ). But due to the lack of test cases we deferred to invest time and effort. A good set of test cases

Re: [iText-questions] OCSP digest

Sorry, but due to other requirements we do most of the crypto stuff outside of iText and so I'm not very familiar with the method you mentioned. But a short look atv the code tells me that the 'second digest' is the digest that is build across the PDF byte range that becomes an authenticated

Re: [iText-questions] OCSP digest

Hi again, don't mess upm the different hashes : 1. hash : The one that's calculated over the PKCS7 signature itself ( especially the authenticated attributes ). This one is going to be encrypted by the private key. 2. the hash of the PDF byte range : This one will end up in a authenticated

Re: [iText-questions] OCSP digest

Sorry, my expertise in iText classes regarding signing is very limited. As I mentioned we do most of the crypto stuff outside of iText .. nevertheless we appreciate iText for all the PDF related functionality. My recommendation is to check the mailing list, the online samples or the 'book' ! 

Re: [iText-questions] OCSP digest

Hi, your assumption seems to hold true : No one seems to be able to aswer the question, but I'll try to help you a bit further : The first thing to mention is that PDF expects the the OCSP response to be available at signing time. So you do the OCSP call _before_ the hashing. And then there

Re: [iText-questions] PDFSignature - Document has been altered since signature was applied

Hi Mathew, afaik the problem can not be solved, just circumvented. You get one hash from a PDF, after storing and reopening you get another hash. The raesons for this are not an iText issue and are already discussed on this list in detail. So how to get around : Don't store and reopen the PDF

Re: [iText-questions] Java applet for signing PDF documents

Hi Salvo, thanks for the code, But additionally I would like to see how you put the signature into the the PDF. As Michael pointed out yesterday openening and saving the PDF would break the old hash ... Greeting and looking forward for your example Andreas - Original Message From:

Re: [iText-questions] Java applet for signing PDF documents

Hi Salvo, we faced a similar problem of splitting signature calculation and actually signing of the hash. So from my first look at your approach I would guess the calculation of the hash is your problem. Do you hash the whole document ? If yes, that's not the hash intended for PDF signing. The

Re: [iText-questions] Does anyone know if iText with BouncyCastle requires Java 1.5 ?

Unsupported major.minor version 49.0 Due to my experience this is a Java version mismatch : Are you trying to run 1.4 classes in a 1.4 runtime ? Greetings Andreas - Original Message From: 1T3XT info i...@1t3xt.info To: Post all your questions about iText here

Re: [iText-questions] XFA XmlDigSig signature.

Hi Christian, I'm not familiar with XFA but I would state that it's a bad idea to change the SignatureProperties _after_ signing. You didn't attach the XML signature as text but usually it got a reference to the SignatureProperties to have them protected by the signature. Modifying usually

Re: [iText-questions] Pdf signature validation

Hi Sérgi, you have to make destinction between root certificates and OCSP responses. Of course you can get certificates rom somewhere ( usually the signing certificates include a hint where to find the issuing certificate ). Anyway you have to make the active decision 'I trust this root

Re: [iText-questions] Merge of detached signature

Hi Christian, we do some useless signing with a fake key just to keep the give iText API happy. When iText has signed the PDF it can be written to disk as usual. But after this step we know the hash and the position of the PKCS7 signature. Once our own signing process is thru we replace the

Re: [iText-questions] Xfa signature

Hi Mathieu, does your XML validate ? How did you apply the XML signature ? Could you share the XML document / the PDF ? Greetings Andreas From: Mathieu Fortin mathieu.for...@notarius.com To: itext-questions@lists.sourceforge.net Sent: Mon, January 25, 2010

Re: [iText-questions] Merge of detached signature

-step scenario which didn't work. Regards, Michael. From: Andreas Kuehne [mailto:akue...@yahoo.com] Of course it's possible what your describing : - Build a semi-signed PDF with room for the signature - Get the hash value - Store the half-baked PDF on disk - Sign the hash and create

Re: [iText-questions] Merge of detached signature

Couldn't remember that I ever disagreed with Leonard, but now it's the time ! Of course it's possible what your describing : - Build a semi-signed PDF with room for the signature - Get the hash value - Store the half-baked PDF on disk - Sign the hash and create a PKCS7-Signature, somtimes later,

Re: [iText-questions] Sha2 PDF signing

Hi Pavol, don't worry about the certificate. When you are going to sign the bcertificate is used just for encryption of the ready-made hash bytes. Moreover a certificate isn't a 'SHA-1' certificate. Maybe you see a certificate id build using SHA-1, but that's just a way to identify your

Re: [iText-questions] digital sign

Hi İsmail, presumably you got a PDF an a detached signature ( a separate file ). This won't never fit into the PDF because the way the PDF signature is build is different from the way a detached signature is calculated. But iText can build a PDF signbature for you, see the examples in 'the

Re: [iText-questions] PDF and timeStamping

Hi abeliko, isn't the the exception clear enough ? Failed to get TSA response from 'http://tsa.safelayer.com:8093' Seems that you can't get any response from your TSA. Maybe you can't access that domain ( proxy settings ... ) or ther is no service available. But dtmo it doesn't seem to be

Re: [iText-questions] Signing from hash, not rangestream.

Hi Javadoc, are yu really going in the right direction ? I would presume the rangestream the most important part when it comes to signing PDFs. We process most part of the signature outside iText in a different crypto provider, but praise the lord every day for the availability of the

Re: [iText-questions] How does the ETSI TS 102 778-4 PAdES-LTV DSS mechanism work in Adobe Acrobat Reader 9.2?

Hi Francesco, my favourite pitfall with offline OCSP is the nextUpdate-Value in the OCSP response. If it's 'null' ( what's the default value for many OCSP responders ) the Reader ignores it. Greetings Andreas - Original Message From: Francisco Leong frleon...@yahoo.com To:

Re: [iText-questions] iText and Bouncy Castle using JVM 1.4.2!

Hi, I don't know anything about the your special environment, but hash algos are _not_ subject of the policy files. They limit the encryption strength. From the message I would guess there is no crypto provider registered. Have a look what's registered : java.security.Provider[]

Re: [iText-questions] iText and Bouncy Castle using JVM 1.4.2!

Try java.security.Security.insertProviderAt(new BouncyCastleProvider(), 1); or java.security.Security.addProvider(new BouncyCastleProvider()); AddProvider usually works fine, but I remember strange problems with 1.4.* Good luck Andreas - Original Message

Re: [iText-questions] Creating PDF Digital signature without Bouncy Castle

Hi Tamas, the bouncy castle components do most of the crypto processing required to build the signature. iText does many good things, but doesn't supply crypto functions on its own. Maybe you think about using a central service for signing. So you doesn't have to bother with crypto stuff in

Re: [iText-questions] Need Help! Self Signed external siganture example fails

Hi Manfrrad, can you make the PDF doc available ? Greetings Andreas - Original Message From: mamueller mamuel...@directbox.com To: itext-questions@lists.sourceforge.net Sent: Friday, September 4, 2009 9:46:23 AM Subject: Re: [iText-questions] Need Help! Self Signed external

Re: [iText-questions] Validate Signature

Hi Sawa, that sounds interesting ! Is it possible to piost the strange PDF ? Greetings Andreas - Original Message From: Sawan Jain sawan.j...@thedigitalgroup.net To: itext-questions@lists.sourceforge.net Sent: Tuesday, August 18, 2009 4:44:48 PM Subject: Re: [iText-questions]

  1   2   >