I'm not sure if there was ever a problem. Note that the self signed signature must be 1024 bit RSA with SHA1.
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Tom Vleminckx > Sent: Thursday, September 22, 2005 12:45 PM > To: [email protected] > Subject: [iText-questions] Re: Invalid or Corrupt Signature > > Chris C <ChrisC <at> postmark.net> writes: > > > > > Apologies for the long post. > > > > I am using iText (Version 1.3) to sign existing signatures fields in > > a PDF Document (using the Windows Certificate Security method). The > > signature fields were originally created using iText as well. I am > > getting an intermittent problem when creating the signatures. One of > > the following three situations occurs. > > > > 1. Signature is created and is valid in Acrobat > > 2. IllegalArgumentException is thrown with message "The key > /Contents > > is too big" > > 3. Signature appears to be created successfully, but is invalid in > > acrobat (document has changed or has been corrupted). > > > > I am using the same input document and key. The only parameter that > > changes is the signing time. Having looked at the iText > source I think > > the problem is occurring when the digital signature is > created. In the > > getEncodedPKCS7 method in the PdfPKCS7 class, the digest is > set to the > > result of the sign method called on the Signature object. > However, the > > length of the byte array returned varies from 46 to 47 bytes. This > > causes a problem because the getEncodedPKCS7 method is called twice > > when generating the signature. It is called once during the > > setSignInfo method and again during the getSignerContents method in > > the PdfSigGenericPKCS class. > > > > The setSignInfo method is called during the preClose method of the > > PdfSignatureAppearance. The getSignerContents method is called from > > the PdfStamper close method. The problem occurs when the returned > > signatures are not the same length. The length of the > /Contents key is > > determined by the length of the signature generated during the > > setSignInfo call. The actual byte value set in the PDF document > > appears to be the one generated during the PdfStamper close > method. If > > both signatures are the same length, situation 1 occurs. If > the first > > signature is shorter than the second, situation 2 occurs. > If the first > > signature is longer than the second, situation 3 occurs. > > > > There doesn't appear to be any way of predicting what will > happen. It > > can work 8 or 9 times in a row and then fail. Or it can fail on the > > first try. I have tried two different documents and different > > certificates. I have also tried using both the SunJCE and the > > BouncyCastle one. The problem only occurs when using a DSA > signature. > > > > The following is the code I'm using to create the signatures: > > > > import java.io.FileInputStream; > > import java.io.FileOutputStream; > > import java.security.KeyStore; > > import java.security.PrivateKey; > > import java.security.cert.Certificate; > > import java.util.ArrayList; > > > > import com.lowagie.text.pdf.AcroFields; > > import com.lowagie.text.pdf.PdfReader; > > import com.lowagie.text.pdf.PdfSignatureAppearance; > > import com.lowagie.text.pdf.PdfStamper; > > > > public class Example { > > > > public static void main(String[] args) { > > > > try { > > FileOutputStream fos = new > FileOutputStream("c:/out.pdf"); > > > > KeyStore ks = > KeyStore.getInstance("PKCS12"); > > > > ks.load(new > FileInputStream("c:/testdsa.p12"), > > "password".toCharArray()); > > String alias = (String) > ks.aliases().nextElement(); > > > > //Get the private key and > certificate chain > > PrivateKey key = (PrivateKey) > ks.getKey(alias, > > "password".toCharArray()); > > Certificate[] chain = > ks.getCertificateChain(alias); > > PdfReader _reader = new > PdfReader("c:/signature.pdf"); > > > > //Find the signature fields > > AcroFields af = _reader.getAcroFields(); > > ArrayList names = > af.getSignatureNames(); > > PdfStamper stp = null; > > > > if (names.size() == 0) { > > stp = > PdfStamper.createSignature(_reader, fos, '\0'); > > } else { > > stp = > PdfStamper.createSignature(_reader, fos, '\0', null, > > true); > > } > > > > PdfSignatureAppearance sap = > stp.getSignatureAppearance(); > > sap.setCrypto(key, chain, null, > > PdfSignatureAppearance.WINCER_SIGNED); > > sap.setReason(""); > > sap.setLocation(""); > > sap.setVisibleSignature("mysig"); > > sap.setAcro6Layers(true); > > stp.close(); > > > > }catch(Exception e){ > > e.printStackTrace(System.out); > > } > > > > > > } > > } > > > > Is this a problem with my set-up or a bug? > > > > Regards > > > > Chris > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: NEC IT Guy Games. How > far can you shotput > > a projector? How fast can you ride your desk chair down the > office luge track? > > If you want to score the big prize, get to know the little guy. > > Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 > > > > > Hello, > > I'm having exacly the same problem when signing a pdf > with an X.509 certificate. > > I use the following commands to create a certificate : > > 1)Code to create a keystore containing keypairs > keytool -genkey -dname "cn=Mark Jones, ou=JavaSoft, o=Sun, c=US" > -alias business -keypass 123456 -keystore keystore.ks > -storepass 123456 > -validity 180 > > 2)Export the certificate from the keystore to test.cer > keytool -export -keystore ./keystore.ks -alias business > -file test.cer > > And the following java code to sign the pdf: > > > ********************************CODE******************************* > import java.io.FileInputStream; > import java.io.FileOutputStream; > import java.security.KeyStore; > import java.security.PrivateKey; > import java.security.cert.Certificate; > import java.security.cert.CertificateFactory; > import java.util.Enumeration; > > import com.lowagie.text.pdf.PdfReader; > import com.lowagie.text.pdf.PdfSignatureAppearance; > import com.lowagie.text.pdf.PdfStamper; > > public class SigningTest{ > > public static void main(String[] args){ > > try > { > // Get a certificate from a file. > FileInputStream is = new FileInputStream("./data/cert.cer"); > CertificateFactory cf = CertificateFactory.getInstance("X.509"); > java.security.cert.Certificate cert = cf.generateCertificate(is); > > // Get the private key from the keystore. > KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); > ks.load(new > FileInputStream("./data/keystore.ks"),"123456".toCharArray()); > String alias = (String)ks.aliases().nextElement(); > PrivateKey key = (PrivateKey)ks.getKey(alias, "123456".toCharArray()); > > // Add the certificate to the chain and sign the file. > Certificate[] chain = new Certificate[] { cert }; > PdfReader reader = new PdfReader("./data/sample2.pdf"); > FileOutputStream fout = new FileOutputStream("./data/sigsample2.pdf"); > PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0'); > PdfSignatureAppearance sap = stp.getSignatureAppearance(); > sap.setCrypto(key, chain, null, PdfSignatureAppearance.SELF_SIGNED); > sap.setReason("I want to sign"); > sap.setLocation("Antwerpen"); > stp.close(); > System.out.println("The file is signed."); > } > catch (Exception e) > { > e.printStackTrace(); > } > } > > } > *****************************CODE****************************** > > > Did you already found a solution to this problem ? > > Regards, > > Tom > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: > Tame your development challenges with Apache's Geronimo App Server. > Download it for free - -and be entered to win a 42" plasma tv > or your very > own Sony(tm)PSP. Click here to play: > http://sourceforge.net/geronimo.php > _______________________________________________ > iText-questions mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/itext-questions > ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions
