Re: [iText-questions] Add signatures in a existing blank signature

[Juan Sanchez]

Hello Paulo.


After this change, my PDF issue another error ->SigDict /Contents illegal.

To solve this proble I  edit the pdf generated and I can see this :



/SubFilter/adbe.pkcs7.detached/ByteRange [0 13155 18029 3359 ]


Before preclose I reserve space with
               HashMap exc = new HashMap();
                exc.put(PdfName.CONTENTS, new Integer(0x130A));
                sap.preClose(exc);

Is it ever necessary to fill the reserved memory with 0's ?
How can I know how many memory I must reserve ?








We send you my last code and the pdf result :

PdfReader reader = new PdfReader("holaBlank.pdf");
FileOutputStream fout = new FileOutputStream("holaSigned.pdf");

PRAcroForm form = reader.getAcroForm();
if (form == null){
        System.out.println("This document has no fields.");
        return true;
}

PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0', null, true);
PdfSignatureAppearance sap = stp.getSignatureAppearance();
sap.setVisibleSignature("Signature1");
sap.setLayer2Text("This is some custom made text.");

PdfDictionary dic = new PdfDictionary();
dic.put(PdfName.TYPE, PdfName.SIG);
dic.put(PdfName.FILTER, new PdfName("Adobe.PPKLITE"));
dic.put(PdfName.SUBFILTER, new PdfName("adbe.pkcs7.detached"));
sap.setCryptoDictionary(dic);
HashMap exc = new HashMap();
exc.put(PdfName.CONTENTS, new Integer(0x130A));
sap.preClose(exc);

int n;
InputStream inp = sap.getRangeStream();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
byte buf[] = new byte[8192];
while ((n = inp.read(buf)) > 0) {
        baos.write( buf );
}
if ( n > 0 ) baos.write( buf );

// Call to my p7 generator
byte[] ssig = generatePKCS7( baos.toByteArray());
byte[] outc = new byte[ssig.length];
System.arraycopy(ssig, 0, outc, 0, ssig.length);
PdfDictionary dic2= new PdfDictionary();
dic2.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true));
sap.close(dic2);

return true ;


Many thanks in advance.

Finally I obtain a PDF with a byte range in tow parts. I create a dictionary only with CONTENT before preclose ( only if I remove NAME and M values byte range contein only 2 parts) . 40 0 obj<</Filter/Adobe.PPKLITE/Type/Sig/Contents <3082098006092a864886f70d010702a08209713082096d0....24e369d5> Betwen end of contents value and /Subfiler there are some space. If I compare the pdf result with your sample I see that you fill all reserved memory with 0's. After this, I reserve only the necessary memory as length of pkcs7 generated. Then I can open the pdf and it recognise the signature but said that data is modified ? I use, as data in to sign with my pkcs7 generator, data returned by funtion getRangeStream. is this correct ? And the last question : if I use as subfilter pkcs7.detached , is it necessary to use before call preclose the setExternalDigest ?

From: "Paulo Soares" <[EMAIL PROTECTED]>
Reply-To: "Paulo Soares" <[EMAIL PROTECTED]>

Date: Fri, 12 Aug 2005 00:15:22 +0100

In theory Acrobat doesn't care but in practice, at least with Acrobat 6, if
the byte range has more than one exclude section it always fails. Other
Acrobat plug-in may behave differently but with the standard crypto that's
what I see.

----- Original Message -----
From: "Leonard Rosenthol" <[EMAIL PROTECTED]>
To: "Paulo Soares" <[EMAIL PROTECTED]>; "Juan Sanchez"
<[EMAIL PROTECTED]>; <itext-questions@lists.sourceforge.net>
Sent: Thursday, August 11, 2005 8:45 PM
Subject: Re: [iText-questions] Add signatures in a existing blank signature


> At 12:36 PM 8/11/2005, Paulo Soares wrote:
> >As I said, if you want Acrobat to verify the signature you can only
exclude
> >the Contents from the byte range.
>
>          Assuming that is what is being hashed and marked as such.
>
>          You can actually exclude anything you want - and as long as
> your byte ranges and hashes match, Acrobat doesn't care what you've
excluded.
>
>          It is, however, a potential security hole to exclude
> anything else - but there may be good reason.
>
>
> Leonard
>
>
>

-
> Leonard Rosenthol
<mailto:[EMAIL PROTECTED]>
> Chief Technical Officer                      <http://www.pdfsages.com>
> PDF Sages, Inc.                              215-938-7080 (voice)
>                                               215-938-0880 (fax)
>

To: "Juan Sanchez" <[EMAIL PROTECTED]>,<itext-questions@lists.sourceforge.net>,"Leonard Rosenthol" <[EMAIL PROTECTED]> Subject: Re: [iText-questions] Add signatures in a existing blank signature > --------------------------------------------------------------------------

_________________________________________________________________

Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/

holaSigned.pdf
Description: Adobe PDF document