Hi, Paulo.
Thanx for your nearly instant answer.
The solution has been changing SELF_SIGNED by WINCER_SIGNED.
Now everything works fine BUT do not tell me why...
My generated keytool keys are all 1024 bits long:
keytool -keystore $KEYSTORE \
-genkey \
-alias $ALIAS \
-validity 365 \
-keypass $PW \
-dname "$DNAME" \
-keysize 1024 \
-storepass $STOREPW
and I think, SELF_SIGNED should work as expected...
It works nearly fine, actually. It only fails ocasionally.
This is what really confuses me.
Paulo Soares wrote:
>
> The SELF_SIGNED mode only supports 1024 bit long keys, that's an Acrobat
> imposition. The other examples given are for 1024 bit long key and use a
> 128 byte array, if you use a 2048 bit long key you'll need a 256 byte
> array and so on.
>
> Paulo
>
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On
>> Behalf Of jesusaplsoft
>> Sent: Thursday, April 17, 2008 1:52 PM
>> To: [email protected]
>> Subject: Re: [iText-questions] RSA 2k
>>
>> Hi,
>> I have a similar problem.
>>
>> using:
>> itext-2.1.0
>> sun java-16_06
>> opensuse-10.3 last updated from internet
>> windows-xp last update from WindowsUpdate
>>
>> problem: random arrayIndexOutOfBounds exception as I close stp.
>> I do not know when it is going to happen, actually.
>> If I run the program 20 times it may occur 2 and sometimes none.
>> It is a really strange error.
>>
>> my code:
>>
>> public void setSignature(String fileName) throws Exception {
>>
>> // tmp file
>> String pdf = new TextBuilder(fileName.substring(0,
>> fileName.lastIndexOf(".") + 1)).append("fpdf")
>> .toString();
>>
>> String keystore;
>>
>> InputStream in;
>>
>> if ((getProperty("PASSWORDK").length() != 0) &&
>> (getProperty("KEYSTORE").length() != 0) &&
>> (getProperty("PASSWORD").length() != 0)) {
>> KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
>>
>> keystore = new TextBuilder(AswirP.ETC_FILE).append(
>> File.separator).append(getProperty("KEYSTORE"))
>> .toString();
>>
>>
>> ks.load(in = new FileInputStream(keystore),
>> getProperty("PASSWORDK").toCharArray());
>> in.close();
>>
>> String alias = (String) ks.aliases().nextElement();
>> PrivateKey key = (PrivateKey) ks.getKey(alias,
>> getProperty("PASSWORD").toCharArray());
>> Certificate[] chain = ks.getCertificateChain(alias);
>> PdfReader reader = new PdfReader(nombreFichero);
>>
>> FileOutputStream fout = new FileOutputStream(pdf);
>> PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
>> stp.setEncryption("".getBytes(),
>> getProperty("PASSWORD").getBytes(),
>> PdfWriter.ALLOW_PRINTING | PdfWriter.ALLOW_SCREENREADERS |
>> PdfWriter.ALLOW_DEGRADED_PRINTING, true);
>>
>> PdfSignatureAppearance sap = stp.getSignatureAppearance();
>> sap.setCrypto(key, chain, null, PdfSignatureAppearance.SELF_SIGNED);
>> 1409: stp.close();
>> File newFile = new File(pdf);
>> new File(fileName).delete();
>> newFile.renameTo(new File(fileName));
>>
>> }
>>
>>
>> error:
>>
>> java.lang.ArrayIndexOutOfBoundsException
>> at java.lang.System.arraycopy(Native Method)
>> at com.lowagie.text.pdf.PdfStamper.close(Unknown Source)
>> at com.apl.aswir.tools.AswirPdf.setSignature(AswirPdf.java:1409)
>>
>>
>>
>>
>>
>>
>> Alan Klikic-2 wrote:
>>
>>
>> Hi.
>>
>>
>>
>> Can we sign pdf file using iText with key (size=2048 Bits).
>>
>> I tryed like this (part of code):
>>
>>
>>
>> ...
>>
>>
>>
>> PdfSigGenericPKCS genericPKCS = pdfSignatureAppearance
>>
>>
>> .getSigStandard();
>>
>>
>>
>> PdfLiteral pdfLiteral = (PdfLiteral)
>> genericPKCS.get(PdfName.CONTENTS);
>>
>>
>>
>> byte[] outc = new byte[(pdfLiteral.getPosLength()-2)/2];
>>
>> PdfPKCS7 sig = genericPKCS.getSigner();
>>
>>
>>
>> sig.setExternalDigest(signature, hash, "RSA");
>>
>> PdfDictionary pdfDictionary = new PdfDictionary();
>>
>> byte[] ssig = sig.getEncodedPKCS7();
>>
>>
>>
>> System.arraycopy(ssig, 0, outc, 0, ssig.length);
>>
>>
>>
>> pdfDictionary.put(PdfName.CONTENTS, new
>> PdfString(outc).setHexWriting(true));
>>
>>
>>
>> pdfSignatureAppearance.close(pdfDictionary);
>>
>>
>>
>> ...
>>
>>
>>
>> and i get ArrayIndexOutOfBoundsException because outc
>> bytes size is
>> smaller than ssig bytes size.
>>
>>
>>
>> If i put
>>
>> byte[] outc = new byte[pdfLiteral.getPosLength()]; in
>> code instead of
>>
>> byte[] outc = new byte[(pdfLiteral.getPosLength()-2)/2];
>>
>>
>>
>> i get this exception
>>
>>
>>
>>
>>
>> java.lang.IllegalArgumentException: The key /Contents
>> is too big. Is
>> 11074, reserved 5536
>>
>> at
>> com.lowagie.text.pdf.PdfSignatureAppearance.close(Unknown
>> Source)
>>
>> at
>>
>> hr.logos.vasuite.luis.modules.pdf.PDFStamper.signPDF(PDFStampe
>> r.java:265
>> )
>>
>> at
>>
>> hr.logos.vasuite.luis.modules.pdf.PDFTimerOutModule.execute(PD
>> FTimerOutM
>> odule.java:284)
>>
>> at hr.logos.vasuite.luis.main.Job.execute(Job.java:286)
>>
>> at
>>
>> hr.logos.vasuite.luis.server.TimerServer.run(TimerServer.java:43)
>>
>> at
>>
>> hr.logos.util.RunnableStarter$WrappedRunnable.run(RunnableStar
>> ter.java:3
>> 6)
>>
>> at java.lang.Thread.run(Unknown Source)
>>
>>
>>
>> That means that when i'm using 2k key to sign, encoded
>> PKSC7 bytes size
>> (11074) iz greater than outc bytes size. Outc should be
>> less than
>> reserved (5536).
>>
>>
>>
>> When i use smaller key in first example, it works fine
>> (outc is greater
>> than ssig).
>>
>> Thanx,
>>
>> Alan
>
>
> Aviso Legal:
>
> Esta mensagem é destinada exclusivamente ao destinatário. Pode conter
> informação confidencial ou legalmente protegida. A incorrecta transmissão
> desta mensagem não significa a perca de confidencialidade. Se esta
> mensagem for recebida por engano, por favor envie-a de volta para o
> remetente e apague-a do seu sistema de imediato. É proibido a qualquer
> pessoa que não o destinatário de usar, revelar ou distribuir qualquer
> parte desta mensagem.
>
>
>
> Disclaimer:
>
> This message is destined exclusively to the intended receiver. It may
> contain confidential or legally protected information. The incorrect
> transmission of this message does not mean the loss of its
> confidentiality. If this message is received by mistake, please send it
> back to the sender and delete it from your system immediately. It is
> forbidden to any person who is not the intended receiver to use,
> distribute or copy any part of this message.
>
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> iText-questions mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> Do you like iText?
> Buy the iText book: http://www.1t3xt.com/docs/book.php
> Or leave a tip: https://tipit.to/itexttipjar
>
--
View this message in context:
http://www.nabble.com/RSA-2k-tp1233196p16763129.html
Sent from the iText - General mailing list archive at Nabble.com.
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Do you like iText?
Buy the iText book: http://www.1t3xt.com/docs/book.php
Or leave a tip: https://tipit.to/itexttipjar
