Hello, I'm trying to sign a document with an Aladdin eToken, but the
resultant document doesn't have a valid sign.
This is the code:
// connect to eToken PKCS#11 provider
AuthProvider etpkcs11 = new
sun.security.pkcs11.SunPKCS11("etpkcs11.cfg");
// get user PIN
KeyStore.PasswordProtection pin = new
KeyStore.PasswordProtection("0987654321".toCharArray());
// create key store builder
KeyStore.Builder keyStoreBuilder =
KeyStore.Builder.newInstance("PKCS11", etpkcs11, pin);
// create key store
KeyStore keyStore = keyStoreBuilder.getKeyStore();
Enumeration e = keyStore.aliases();
String alias = String.valueOf(e.nextElement());
System.out.println(alias);
PrivateKey Llave = (PrivateKey)keyStore.getKey("John", null);
PdfReader reader = new PdfReader("original.pdf");
FileOutputStream fout = new FileOutputStream("signed.pdf");
PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
PdfSignatureAppearance sap = stp.getSignatureAppearance();
sap.setCrypto(null, chain, null,
PdfSignatureAppearance.SELF_SIGNED);
sap.setReason("Autoria");
sap.setLocation("Madrid");
// comment next line to have an invisible signature
sap.setVisibleSignature(new Rectangle(100, 100, 200, 200),
1, null);
sap.setExternalDigest(new byte[128], null, "RSA");
sap.preClose();
byte[] content = streamToByteArray(sap.getRangeStream());
byte[] hash= MessageDigest.getInstance("SHA-1").digest(content);
//byte[] signatureBytes =
scd.generateNonRepudiationSignature(hash);
// prepare signature
Signature signature = Signature.getInstance("SHA1withRSA",
etpkcs11);
signature.initSign((PrivateKey)Llave);
signature.update(hash);
byte[] signatureBytes = signature.sign();
// Self-Sign mode
PdfPKCS7 sig = sap.getSigStandard().getSigner();
sig.setExternalDigest(signatureBytes, null, "RSA");
PdfDictionary dic = new PdfDictionary();
dic.put(PdfName.CONTENTS, new
PdfString(sig.getEncodedPKCS1()).setHexWriting(true));
sap.close(dic);
The error (what Adobe acrobat Reader says) is the next one: There are errors in the format (SigDict /Contents illegal data).
I have seen that the signature is 64 bytes long, so I've changed this line:
sap.setExternalDigest(new byte[128], null, "RSA"); -> sap.setExternalDigest(new byte[64], null, "RSA");
In this case there is also an error (the document has been modified...) but the
user certificate can be shown (using an 128 bytes array adobe acrobat reader
does not shown the user certificate).
Do anyone knows where is the problem?
Thanks for all.
-----------------------------------
Javier Pérez López
-----------------------------------
e-mail: [EMAIL PROTECTED]
-----------------------------------
CriptoLab. Despacho 5212.
Facultad de Informatica.
Campus de Montegancedo S/N
Universidad Politécnica de Madrid.
Boadilla del Monte. Madrid (Spain)
-----------------------------------
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid�0709&bid&3057&dat�1642
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
