Your certificate must be a SHA1withRSA one with 1024 bits. If it isn't it won't work.
Paulo ----- Original Message ----- From: "Luiz Kobayashi" <[EMAIL PROTECTED]> To: "Post all your questions about iText here" <[email protected]> Sent: Thursday, July 13, 2006 6:28 PM Subject: [iText-questions] Using external signature in Self Sign Mode > Hi all, > > I'm trying to use the samples in the tutorial for using external > signature in Self Sign Mode. It compiles ok, but when I verify it, it > always says it has been modified. > > The code I'm using is: > > public static void signPDF() > { > try > { > KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); > ks.load(new FileInputStream("c:\\Downloads\\keystore.ks"), > "password".toCharArray()); > String alias = (String)ks.aliases().nextElement(); > PrivateKey key = (PrivateKey)ks.getKey(alias, > "password".toCharArray()); > Certificate[] chain = ks.getCertificateChain(alias); > PdfReader reader = new PdfReader("c:\\original.pdf"); > FileOutputStream fout = new FileOutputStream("c:\\signed.pdf"); > > PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0'); > PdfSignatureAppearance sap = stp.getSignatureAppearance(); > sap.setCrypto(key, chain, null, > PdfSignatureAppearance.SELF_SIGNED); > sap.setReason("Testing"); > sap.setLocation("Sao Paulo"); > sap.setExternalDigest(new byte[128], null, "RSA"); > sap.preClose(); > PdfPKCS7 sig = > sap.getSigStandard().getSigner(); > Signature sign = Signature.getInstance("SHA1withRSA"); > sign.initSign(key); > MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); > byte buf[] = new byte[8192]; > int n; > InputStream inp = sap.getRangeStream(); > while ((n = inp.read(buf)) > 0) { > messageDigest.update(buf, 0, n); > } > byte[] signature = sign.sign(); > String base64 = Conversion.byteArrayToBase64String(signature); > sig.setExternalDigest(signature, null, "RSA"); > PdfDictionary dic = new PdfDictionary(); > dic.put(PdfName.CONTENTS, new > PdfString(sig.getEncodedPKCS1()).setHexWriting(true)); > > // comment next line to have an invisible signature > sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, > null); > PdfTemplate n1 = sap.getLayer(1); //get rid of the question mark > PdfTemplate n2 = sap.getLayer(2); > n2.beginText(); > BaseFont bf = BaseFont.createFont(BaseFont.HELVETICA, > BaseFont.CP1252, BaseFont.NOT_EMBEDDED); > n2.setFontAndSize(bf, 7); > n2.setLeading(2); > n2.showText("Signature:"); > n2.setLeading(2); > n2.newlineShowText(base64); > n2.endText(); > > sap.close(dic); > } > catch (Exception e) > { > e.printStackTrace(); > } > } > > public static void checkPDF() > { > try > { CertificateFactory cf = > CertificateFactory.getInstance("X509"); > Collection col = cf.generateCertificates(new > FileInputStream("C:\\Downloads\\export.cer")); > KeyStore kall = KeyStore.getInstance(KeyStore.getDefaultType()); > kall.load(null, null); > for (Iterator it = col.iterator(); it.hasNext();) { > X509Certificate cert = (X509Certificate)it.next(); > > kall.setCertificateEntry(cert.getSerialNumber().toString(Character.MAX_RADIX), > cert); > } > PdfReader reader = new PdfReader("c:\\signed.pdf"); > AcroFields af = reader.getAcroFields(); > ArrayList names = af.getSignatureNames(); > for (int k = 0; k < names.size(); ++k) { > String name = (String)names.get(k); > System.out.println("Signature name: " + name); > System.out.println("Signature covers whole document: " + > af.signatureCoversWholeDocument(name)); > System.out.println("Document revision: " + > af.getRevision(name) + " of " + af.getTotalRevisions()); > // Start revision extraction > FileOutputStream out = new > FileOutputStream("c:\\revision_" + af.getRevision(name) + ".pdf"); > byte bb[] = new byte[8192]; > InputStream ip = af.extractRevision(name); > int n = 0; > while ((n = ip.read(bb)) > 0) > out.write(bb, 0, n); > out.close(); > ip.close(); > // End revision extraction > PdfPKCS7 pk = af.verifySignature(name); > Calendar cal = pk.getSignDate(); > Certificate pkc[] = pk.getCertificates(); > System.out.println("Subject: " + > PdfPKCS7.getSubjectFields(pk.getSigningCertificate())); > System.out.println("Document modified: " + !pk.verify()); > Object fails[] = PdfPKCS7.verifyCertificates(pkc, kall, > null, cal); > if (fails == null) > System.out.println("Certificates verified against the > KeyStore"); > else > System.out.println("Certificate failed: " + fails[1]); > } > } > catch (Exception e) > { > e.printStackTrace(); > } > } > > I thought it could be the fact that I'm trying to insert some text in > the Layer2 of the signature, so I commented it, but the result was the > same. > > Does anybody have a clue on why it always detects a modification that > does not exist? > > Any help would be greatly appreciated. > > Thanks in advance, > > Luiz Kobayashi > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > iText-questions mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/itext-questions ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions
