UPDATE: I noticed that RSAdata is not being set ( and therefore NOT output as part of the PKCS7 signature ) if the PDFPKCS7 object is created in this way. In addition the SUBFILTER is set as ADBE_PKCS7_SHA1 when using WINCER_SIGNED. Without the Hash included the PKCS7 signature is essentially a detached one ?
I suspect this is the problem. Can anyone confirm this ? Also, why is RSAdata not being set in GetEncodedPKCS7() if SetExternalDigest() provides the hash ? Thanks pchronos wrote: > > Hi, > > I can only generate PKCS1 signed hashes externally and I am able to sign > and verify PKCS1 signed PDFs using Adobe Acrobat 8. However changing the > code to use PKCS7 signatures instread by using the PDFPKCS7 class to > create the PKCS7 signature does not work. Ie. Adobe does not verify > anymore. > > I only changed 2 lines in the working code: > > sap.SetCrypto(null, chain, null, > PdfSignatureAppearance.SELF_SIGNED); > to > sap.SetCrypto(null, chain, null, > PdfSignatureAppearance.WINCER_SIGNED); > > and > byte[] tSsig = tSigner.GetEncodedPKCS1(); > to > byte[] tSsig = tSigner.GetEncodedPKCS7(); > > What am I doing wrong or missing ? > > Thanks in advance > > Here is the c# working PKCS1 code: > > PdfReader reader = new PdfReader(PDFfile); > AcroFields af = reader.AcroFields; > ArrayList signames = af.GetBlankSignatureNames(); > PdfStamper stp = PdfStamper.CreateSignature(reader, new > FileStream(SignedPDFfile, FileMode.Create), '\0'); > > PdfSignatureAppearance sap = stp.SignatureAppearance; > sap.SetVisibleSignature(signames[0].ToString()); > sap.SignDate = DateTime.Now; > sap.SetCrypto(null, chain, null, > PdfSignatureAppearance.SELF_SIGNED); > sap.Reason = "No Reason"; > sap.Location = "Planet Earth"; > sap.Acro6Layers = true; > > sap.SetExternalDigest(new byte[128], new byte[20], "RSA"); > sap.PreClose(); > > HashAlgorithm sha = new SHA1CryptoServiceProvider(); > Stream s = sap.RangeStream; > int read = 0; > byte[] buff = new byte[8192]; > while ((read = s.Read(buff, 0, 8192)) > 0) > sha.TransformBlock(buff, 0, read, buff, 0); > sha.TransformFinalBlock(buff, 0, 0); > > //Get external signature of hash (PKCS1) > byte[] pk = externalSignHash(sha.Hash); > > PdfSigGenericPKCS tSig = sap.SigStandard; > PdfLiteral tPDFLiteral = > (PdfLiteral)tSig.Get(PdfName.CONTENTS); > byte[] tOutBytes = new byte[(tPDFLiteral.PosLength - 2) / 2]; > > PdfPKCS7 tSigner = tSig.Signer; > tSigner.SetExternalDigest(pk, sha.Hash, "RSA"); > > byte[] tSsig = tSigner.GetEncodedPKCS1(); > > System.Array.Copy(tSsig, 0, tOutBytes, 0, tSsig.Length); > PdfDictionary tPDFDic = new PdfDictionary(); > tPDFDic.Put(PdfName.CONTENTS, new > PdfString(tOutBytes).SetHexWriting(true)); > sap.Close(tPDFDic); > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > iText-questions mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/itext-questions > Buy the iText book: http://itext.ugent.be/itext-in-action/ > > -- View this message in context: http://www.nabble.com/pkcs1-to-pkcs7-external-signatures---tf4824342.html#a13845399 Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://itext.ugent.be/itext-in-action/
