Hi Christian, I'm not familiar with XFA but I would state that it's a bad idea to change the SignatureProperties _after_ signing. You didn't attach the XML signature as text but usually it got a reference to the SignatureProperties to have them protected by the signature. Modifying usually breaks the signature ...
Nevertheless creating an valid XFA signature is an interesting topic ! Are you able / willing to share your code ? Greetings Andreas ----- Original Message ---- From: Leonard Rosenthol <[email protected]> To: "[email protected]" <[email protected]> Sent: Wed, February 3, 2010 10:21:36 PM Subject: Re: [iText-questions] XFA XmlDigSig signature. I believe we already went over this...I find a LOT of issues here...I don't know what your code is doing, but it's NOT GOOD. 1) You are turning the XFA from multiple streams into a single stream. While not technically wrong, it's a bad thing. 2) I can't find a valid signature field anywhere in the PDF. You can't sign the entire PDF w/o a signature field. And I am sure there are mnore things, but that was enough... Leonard -----Original Message----- From: christian.leclerc [mailto:[email protected]] Sent: Wednesday, February 03, 2010 3:04 PM To: [email protected] Subject: [iText-questions] XFA XmlDigSig signature. Hello guy's, A lot of post was done before on how to sign an XFA form with itext. I've try a lot of things to make it work and im still stuck with this problems. !! I want to sign all the pdf content for the moment and after maybe sign only a few things in the document but im not there yet. At this time we try to sign the pdf with itext and has you can see with other post, the signature is not recognize by adobe, but its ok via Itext .. Well I need to see the validation of the signature in Adobe reader. So the only way adobe recognize something is with the XmlDigSig. Now here is my question, I read the signature part of the XFA Specification V.3.1 ( the last on the web ) and try to make the signature work. This is the way im trying to do the signature. 1) Extract the XFA form With ITEXT. 2) Sign de xml result of the form with XMLDIGSIG standard. 3) Modify the XmlDigSig <SignedInfo /> tag to add the signature information for adobe like this : [code] <SignatureProperties> <SignatureProperty> <xmpmeta xmlns:ns0 = "adobe:ns:meta" ns0:x = ""> <RDF xmlns:ns0 = "http://www.w3.org/1999/02/22-rdf-syntax-ns"; ns0:rdf = ""> <Description ns0:xfa = "" rdf = "about"> <CreateDate xmlns:ns0 = "ns.adobe.com/xap/1.0" ns0:xmp = "">2005-08-15T17:10:04Z</CreateDate> <description xmlns:ns0 = "http://purl.org/dc/elements/1.1"; ns0:dc = "">Approved</description> </Description> </RDF> </xmpmeta> </SignatureProperty> </SignatureProperties> [/code] 4) Insert the SigData tag in a form somewhere ( that's the part that confuse me in the specification ) Well @ the end of the document before the closing of the tag </xdp:xdp> I add a form like this : <form> <field> <event> <signData operation = "validate"> <filter> <reasons> <reason>approuved</reason> </reasons> </filter> </signData> </event> </field> </form> 5) Take my new XML and put this in the pdf with ITEXT. Well .... for the result ... adobe see that the document has an data signature but he has no information to tell me about that and he can't validate the signature so .. im stuck here .... I added the original document , the signed document and the XML result of the XFA form ( in the pdf ) http://old.nabble.com/file/p27442529/original.pdf original.pdf http://old.nabble.com/file/p27442529/signedDigSig.pdf signedDigSig.pdf http://old.nabble.com/file/p27442529/signedDigSig.pdf.xml signedDigSig.pdf.xml If someone can guide me or tell me what's wrong with my methode I will realy appreciate. Cheers :) ! ----- Christian Leclerc, CSSLP, SCJP, ZCE Security is everyone’s job. Notarius inc. - Certifié ISO 9001 : 2000 Centre de certification du Québec - Certifié ISO 27001 : 2005 1080,Beaver Hall bureau 700 Montréal, Québec, H2Z 1S8 http://www.notarius.com -- View this message in context: http://old.nabble.com/XFA-XmlDigSig-signature.-tp27442529p27442529.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/ ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/ ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
