Hi to everybody, I'm able to sign a document using iText without problem. Now, for performance reason, I need to sign a pdf in two separate steps where:
step1) my client (java applet) receive from my server only the hash of the plain pdf, using a certificate (PKCS11), generate something signed and send back to the server step2) my server, when receives data from my client, have to build the signed pdf assembling the plain pdf with the sign information received from the client I attach my test (jre 1.5.0.12, iText 2.1.1, BouncyCastle 1.3.9) At this moment, in step1 (method operationalStep1), I'm generating a P7M of the hash received plus a cypher RSA/ECB/PKCS1Padding encrypted with my private key. In step2 (method operationalStep2) I build the signed pdf in like the sample "How to sign with a smartcard using an external signature dictionary" in http://itextpdf.sourceforge.net/howtosign.html where instead of calculating the sha1 of sap.getRangeStream I use the signature RSA received from the client. Unfortunately the signed pdf that I obtain is not valid: verifying the signature there is an error during BER and it's smaller than the original Does anybody have already experienced something like this? Any suggestions or hints? Thanks in advance John
SmartSign.java
Description: Binary data
------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Do you like iText? Buy the iText book: http://www.1t3xt.com/docs/book.php Or leave a tip: https://tipit.to/itexttipjar
