Re: [iText-questions] signing pdf with Aladdin eToken

Thu, 18 May 2006 23:38:03 -0700

The problem has been solved, the "Signature" class compute also the digest, so instead of 

          byte[] content = streamToByteArray(sap.getRangeStream());
          byte[] hash= MessageDigest.getInstance("SHA-1").digest(content);

          Signature signature = Signature.getInstance("SHA1withRSA", 
etpkcs11);

          signature.initSign((PrivateKey)Llave);
          signature.update(hash);
          byte[] signatureBytes = signature.sign();

The correct code is the next one:

          byte[] content = streamToByteArray(sap.getRangeStream());

          Signature signature = Signature.getInstance("SHA1withRSA", 
etpkcs11);

          signature.initSign((PrivateKey)Llave);
          signature.update(content);
          byte[] signatureBytes = signature.sign();

Thanks anyway,

   great Library!


Hello, I'm trying to sign a document with an Aladdin eToken, but the 
resultant document doesn't have a valid sign.


This is the code:


                    // connect to eToken PKCS#11 provider

           AuthProvider etpkcs11 = new 
sun.security.pkcs11.SunPKCS11("etpkcs11.cfg");

                     // get user PIN

           KeyStore.PasswordProtection    pin = new 
KeyStore.PasswordProtection("0987654321".toCharArray());


           // create key store builder

           KeyStore.Builder keyStoreBuilder = 
KeyStore.Builder.newInstance("PKCS11", etpkcs11, pin);


           // create key store
           KeyStore keyStore = keyStoreBuilder.getKeyStore();
                     Enumeration e = keyStore.aliases();
           String alias = String.valueOf(e.nextElement());
           System.out.println(alias);
           PrivateKey Llave = (PrivateKey)keyStore.getKey("John", null);
                     PdfReader reader = new PdfReader("original.pdf");
           FileOutputStream fout = new FileOutputStream("signed.pdf");

           PdfStamper stp = PdfStamper.createSignature(reader, fout, 
'\0');


           PdfSignatureAppearance sap = stp.getSignatureAppearance();

           sap.setCrypto(null, chain, null, 
PdfSignatureAppearance.SELF_SIGNED);

           sap.setReason("Autoria");
           sap.setLocation("Madrid");
           // comment next line to have an invisible signature

           sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 
1, null);

                     sap.setExternalDigest(new byte[128], null, "RSA");
           sap.preClose();


                     byte[] content = 
streamToByteArray(sap.getRangeStream());
           byte[] hash= 
MessageDigest.getInstance("SHA-1").digest(content);
           //byte[] signatureBytes = 
scd.generateNonRepudiationSignature(hash);

                // prepare signature

           Signature signature = Signature.getInstance("SHA1withRSA", 
etpkcs11);

           signature.initSign((PrivateKey)Llave);
           signature.update(hash);
           byte[] signatureBytes = signature.sign();
                     // Self-Sign mode
           PdfPKCS7 sig = sap.getSigStandard().getSigner();
                     sig.setExternalDigest(signatureBytes, null, "RSA");
                     PdfDictionary dic = new PdfDictionary();

           dic.put(PdfName.CONTENTS, new 
PdfString(sig.getEncodedPKCS1()).setHexWriting(true));

                               sap.close(dic);





The error (what Adobe acrobat Reader says) is the next one: There are 
errors in the format (SigDict /Contents illegal data).
I have seen that the signature is 64 bytes long, so I've changed this 
line:
    sap.setExternalDigest(new byte[128], null, "RSA"); -> 
sap.setExternalDigest(new byte[64], null, "RSA");
In this case there is also an error (the document has been 
modified...) but the user certificate can be shown (using an 128 bytes 
array adobe acrobat reader does not shown the user certificate).





Do anyone knows where is the problem?


Thanks for all.



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?

Get stuff done quickly with pre-integrated technology to make your job 
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache 
Geronimo

http://sel.as-us.falkag.net/sel?cmd=k&kid0709&bid&3057&dat1642
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions




-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions














    











					Reply via email to