Sorry, my mistake. RSAdata is ok and present in the PKCS7 signature. Original question still stands: Why Adobe does not verify ?
Anyone ? pchronos wrote: > > UPDATE: > > I noticed that RSAdata is not being set ( and therefore NOT output as part > of the PKCS7 signature ) if the PDFPKCS7 object is created in this way. In > addition the SUBFILTER is set as ADBE_PKCS7_SHA1 when using WINCER_SIGNED. > Without the Hash included the PKCS7 signature is essentially a detached > one ? > > I suspect this is the problem. Can anyone confirm this ? > Also, why is RSAdata not being set in GetEncodedPKCS7() if > SetExternalDigest() provides the hash ? > > Thanks > > > > pchronos wrote: >> >> Hi, >> >> I can only generate PKCS1 signed hashes externally and I am able to sign >> and verify PKCS1 signed PDFs using Adobe Acrobat 8. However changing the >> code to use PKCS7 signatures instread by using the PDFPKCS7 class to >> create the PKCS7 signature does not work. Ie. Adobe does not verify >> anymore. >> >> I only changed 2 lines in the working code: >> >> sap.SetCrypto(null, chain, null, >> PdfSignatureAppearance.SELF_SIGNED); >> to >> sap.SetCrypto(null, chain, null, >> PdfSignatureAppearance.WINCER_SIGNED); >> >> and >> byte[] tSsig = tSigner.GetEncodedPKCS1(); >> to >> byte[] tSsig = tSigner.GetEncodedPKCS7(); >> >> What am I doing wrong or missing ? >> >> Thanks in advance >> >> Here is the c# working PKCS1 code: >> >> PdfReader reader = new PdfReader(PDFfile); >> AcroFields af = reader.AcroFields; >> ArrayList signames = af.GetBlankSignatureNames(); >> PdfStamper stp = PdfStamper.CreateSignature(reader, new >> FileStream(SignedPDFfile, FileMode.Create), '\0'); >> >> PdfSignatureAppearance sap = stp.SignatureAppearance; >> sap.SetVisibleSignature(signames[0].ToString()); >> sap.SignDate = DateTime.Now; >> sap.SetCrypto(null, chain, null, >> PdfSignatureAppearance.SELF_SIGNED); >> sap.Reason = "No Reason"; >> sap.Location = "Planet Earth"; >> sap.Acro6Layers = true; >> >> sap.SetExternalDigest(new byte[128], new byte[20], "RSA"); >> sap.PreClose(); >> >> HashAlgorithm sha = new SHA1CryptoServiceProvider(); >> Stream s = sap.RangeStream; >> int read = 0; >> byte[] buff = new byte[8192]; >> while ((read = s.Read(buff, 0, 8192)) > 0) >> sha.TransformBlock(buff, 0, read, buff, 0); >> sha.TransformFinalBlock(buff, 0, 0); >> >> //Get external signature of hash (PKCS1) >> byte[] pk = externalSignHash(sha.Hash); >> >> PdfSigGenericPKCS tSig = sap.SigStandard; >> PdfLiteral tPDFLiteral = >> (PdfLiteral)tSig.Get(PdfName.CONTENTS); >> byte[] tOutBytes = new byte[(tPDFLiteral.PosLength - 2) / 2]; >> >> PdfPKCS7 tSigner = tSig.Signer; >> tSigner.SetExternalDigest(pk, sha.Hash, "RSA"); >> >> byte[] tSsig = tSigner.GetEncodedPKCS1(); >> >> System.Array.Copy(tSsig, 0, tOutBytes, 0, tSsig.Length); >> PdfDictionary tPDFDic = new PdfDictionary(); >> tPDFDic.Put(PdfName.CONTENTS, new >> PdfString(tOutBytes).SetHexWriting(true)); >> sap.Close(tPDFDic); >> >> >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2005. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> _______________________________________________ >> iText-questions mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/itext-questions >> Buy the iText book: http://itext.ugent.be/itext-in-action/ >> >> > > -- View this message in context: http://www.nabble.com/pkcs1-to-pkcs7-external-signatures---tf4824342.html#a13847823 Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://itext.ugent.be/itext-in-action/
