I don't really understand your workflow (if you have the private key you may as well have the certificates) but to sign you must have a certificate and a matched private key.
Paulo > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Benjamin Schüttler > Sent: Tuesday, April 17, 2007 12:01 PM > To: Post all your questions about iText here > Subject: Re: [iText-questions] Security: Certificatevalid > butSignature invalid > > Well, that makes sense. > Probably just needed to ask to clarify this for myself. > thanks a lot :) > > So, if I want to keep the workflow I would have to add the > PrivateKeys > for any Certificate that I want to use for signing to my KeyStore? > > Ben > > Paulo Soares wrote: > > If the private key is not related to the certificate how do > you expect Acrobat to validate it? The certificate must > contain the public key that matches the private key used to sign. > > > > Paulo > > > > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] On > >> Behalf Of Benjamin Schüttler > >> Sent: Tuesday, April 17, 2007 11:36 AM > >> To: Post all your questions about iText here > >> Subject: Re: [iText-questions] Security: Certificate valid > >> butSignature invalid > >> > >> Thanks for the quick reply. > >> > >> The Source for the Certificate is a HTTPS Request that provides a > >> X509Certificate chain attribute. > >> As there are possibly lots of different User-Certificates > from those > >> requests, I only generated a random PrivateKey for my > >> Keystore to match > >> the setCrypto() Attributes. > >> So the provided PrivateKey is not related to the > Certificate at all. > >> > >> I wasn't quite sure what to do with hat key, as it > appeared to work > >> correctly first, even without any matching PrivateKey. > >> > >> So, whatelse could be of use? > >> > >> Any other hints for what I could do to ensure a signing process to > >> become valid? > >> > >> Ben > >> > >> Paulo Soares wrote: > >> > >>> Works for me. No idea what the problem is, if any. As > >>> > >> usual, provide everything needed to reproduce the problem. > >> > >>> Paulo > >>> > >>> > >>> > >>>> -----Original Message----- > >>>> From: [EMAIL PROTECTED] > >>>> [mailto:[EMAIL PROTECTED] On > >>>> Behalf Of Benjamin Schüttler > >>>> Sent: Tuesday, April 17, 2007 10:03 AM > >>>> To: [email protected] > >>>> Subject: [iText-questions] Security: Certificate valid but > >>>> Signature invalid > >>>> > >>>> Hello, > >>>> > >>>> I could need a little help for a problem concearning Signatures. > >>>> Within a web application I need to sign PDFs. Currently > >>>> > >> I'm using the > >> > >>>> PdfStamper like this: > >>>> > >>>> X509Certificate[] = requestBean.getCertificates(); > >>>> PrivateKey pk = requestBean.getPrivateKey(); > >>>> PdfReader dReader = new PdfReader(source); > >>>> dOut = new FileOutputStream(target); > >>>> PdfStamper dStamp = PdfStamper.createSignature(dReader, > >>>> > >> dOut, '\0', > >> > >>>> null, true); > >>>> PdfSignatureAppearance dSap = dStamp.getSignatureAppearance(); > >>>> dSap.setCrypto(pk, certs, null, > >>>> > >> PdfSignatureAppearance.WINCER_SIGNED); > >> > >>>> dStamp.close(); > >>>> > >>>> Well, this works fine, except that AcrobatReader tells > me that the > >>>> Signature is invalid. > >>>> The Certificate is recognized as valid, but the whole > Signature is > >>>> invalid as the file is "altered" ... > >>>> The question is, for what reasons could that file be > >>>> > >> altered and what > >> > >>>> can I do to generate a valid signed pdf? > >>>> I don't even touch the "target" file after applying the > signature. > >>>> > >>>> Thanks in advance, > >>>> > >>>> Ben Aviso Legal: Esta mensagem é destinada exclusivamente ao destinatário. Pode conter informação confidencial ou legalmente protegida. A incorrecta transmissão desta mensagem não significa a perca de confidencialidade. Se esta mensagem for recebida por engano, por favor envie-a de volta para o remetente e apague-a do seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de usar, revelar ou distribuir qualquer parte desta mensagem. Disclaimer: This message is destined exclusively to the intended receiver. It may contain confidential or legally protected information. The incorrect transmission of this message does not mean the loss of its confidentiality. If this message is received by mistake, please send it back to the sender and delete it from your system immediately. It is forbidden to any person who is not the intended receiver to use, distribute or copy any part of this message. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://itext.ugent.be/itext-in-action/
