Hello First, thank you for an excellent component.
I’m using iTextSharp to sign pdf documents. I have been able to succesfully sign a pdf document with my smart card (Rainbow iKey 2032), using Paulo Soares’ example here: http://itextpdf.sourceforge.net/howtosign.html. This verifies in Adobe and with the PdfPKCS7 class. The digest is a byte[] with a length of 256. What I would like to do is to sign without getting the password box. I’ve done extensive googling and searching in this mailing list, but havent found any solution. The CmsSigner accepts CspParameters in the constructor, but I’m unable to get it to work. And it looks like there may be a bug in the framework.. I then went on to try the RsaCryptoServiceProvider, since I can get that to work with the password like this: protected byte[] signDigest(byte[] data) { CspParameters csp = new CspParameters(1, "Datakey RSA CSP"); csp.Flags = CspProviderFlags.UseDefaultKeyContainer; SecureString pwd = new SecureString(); pwd.AppendChar(“ (Password follows.. ☺) csp.KeyPassword = pwd; csp.KeyNumber = (int)KeyNumber.Signature; byte[] sig; try { RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp); sig = rsa.SignData(data, new SHA1CryptoServiceProvider()); } catch (System.Security.Cryptography.CryptographicException cex) { sig = new byte[256]; } return sig; } This byte[] I put into the pkcs#7 structure like this: Stream s = signatureAppearance.RangeStream; MemoryStream ss = new MemoryStream(); int read = 0; byte[] buff = new byte[8192]; while ((read = s.Read(buff, 0, 8192)) > 0) { ss.Write(buff, 0, read); } byte[] signedDigest = signDigest(ss.ToArray()); // pkcs code here, resembling the PdfPKCS7 class signerinfo.Add(new DerOctetString(signedDigest)); This does not verify in Adobe or with the PdfPKCS#7 class. The signedDigest byte[] is only 128 bytes long, so maybe I'm missing some encoding or something? My PKCS structure seem to be correct, as it is structured the same way as the CmsSigner example does it. At least it looks that way debugging through the PdfPKCS7 class verifying - except for the shorter byte[]. I hope you can help. I feel like I'm so close to a solution. Kind Regards Mikkel Skovby ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php
