On 2016-09-09 12:56 (-0300), Tilman Hausherr <thaush...@t-online.de> wrote: 
> If you're using PDFBox for signing, please have a look at PDFBOX-3065. 
> ...
> Please give any feedback ASAP.

Oh it's already closed, so I'm probably late here. But I'd like to present my 
usecase and see if my reasoning is ok.

I want to decouple (in time) generating the hash from actually writing the 
signature. So, something like the following API:

    /* Give me the content that needs to be signed */
    InputStream getContentToSign(PDocument doc)

    /* Create a signature with the following cmsSignature */
    void attachSignature(PDocument doc, byte[] cms)

I can use ExternalSigningSupport and saveIncrementalForExternalSigning to 
implement the first method. However, save... requires an OutputStream which I 
don't care about because I *still* don't want to save the document, just 
generate the hash. The hash will be signed by somebody else and eventually 
attachSignature will be called to update the document for real (after checking 
the hash is still the same).

What I'm planning to do is use a memory backed OutputStream and then just 
discard it.
Does it make sense? Is there something that the pdfbox API can do to avoid the 


To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org

Reply via email to