ok.. i get cert from X509Store by using subject
protected X509Certificate2 GetCertificate(string subject)
{
X509Store st = new X509Store(StoreName.My, StoreLocation.CurrentUser);
st.Open(OpenFlags.ReadOnly);
X509Certificate2Collection col = st.Certificates;
X509Certificate2 card = null;
if (col.Count > 0)
{
for (int i = 0; i < col.Count; i++)
{
X509Certificate2 cert2 = col[i];
if (cert2.Subject == subject)
{
card = cert2;
}
}
}
st.Close();
return card;
}
i also sign the byte steam using (note i use "new
RSACryptoServiceProvider(csp);" as this takes the pin and caches it as there is
a bug in "signedCms.ComputeSignature(cmsSigner);" when i try and send it the
pin.. note also "KeyContainerName" has to be set as per your key along with the
provider "Datakey RSA CSP", mine is a "geotrust Ikey 2032", i used a software
called CIPUtils.exe that came with my key... to find this info..
protected byte[] SignMsg(Byte[] msg, string pin, X509Certificate2 signerCert,
bool detached)
{
CspParameters csp = new CspParameters(1, "Datakey RSA CSP");
csp.Flags = CspProviderFlags.UseDefaultKeyContainer;
csp.KeyContainerName = "ff5cc6f1-9b15-4096-b83f-456366ad82c2";
System.Security.SecureString pwd = new System.Security.SecureString();
foreach (char c in pin)
{
pwd.AppendChar(c);
}
csp.KeyPassword = pwd;
csp.KeyNumber = (int)KeyNumber.Exchange;
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(csp);
byte[] rr = rsa.SignData(msg, "SHA1");
ContentInfo contentInfo = new ContentInfo(msg);
SignedCms signedCms = new SignedCms(contentInfo, detached);
CmsSigner cmsSigner = new CmsSigner(signerCert);
cmsSigner.IncludeOption = X509IncludeOption.WholeChain;
signedCms.ComputeSignature(cmsSigner);
return signedCms.Encode();
}
and these are called by a main programme..( i have changed a few bits as some
info in code was company spercific), but should work.
X509Certificate2 card = GetCertificate(subject);
Org.BouncyCastle.X509.X509CertificateParser cp = new
Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new
Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(card.RawData) };
//--------------------------------------------------------------------------------
PdfReader reader = new PdfReader(filein);
PdfStamper stp = PdfStamper.CreateSignature(reader, new FileStream(fileout ,
FileMode.Create), '\0');
//--------------------------------------------------------------------------------
stp.SetEncryption(null, null, PdfWriter.AllowCopy | PdfWriter.AllowPrinting |
PdfWriter.ALLOW_MODIFY_ANNOTATIONS, true);
PdfSignatureAppearance sap = stp.SignatureAppearance;
sap.SetVisibleSignature(new iTextSharp.text.Rectangle(13, 70, 321,20), 1, null)
//--------------------------------------------------------------------------------
sap.Contact = "Contact";
sap.Reason = "Reason";
sap.Location = "Location";
sap.SignDate = DateTime.Now;
//--------------------------------------------------------------------------------
sap.SetCrypto(null, chain, null, null);
PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE,
PdfName.ADBE_PKCS7_DETACHED);
dic.Date = new PdfDate(sap.SignDate);
dic.Name = PdfPKCS7.GetSubjectFields(chain[0]).GetField("CN");
if (sap.Reason != null)
dic.Reason = sap.Reason;
if (sap.Location != null)
dic.Location = sap.Location;
//--------------------------------------------------------------------------------
sap.CryptoDictionary = dic;
int csize = 5000;
Hashtable exc = new Hashtable();
exc[PdfName.CONTENTS] = csize * 2 + 2;
sap.PreClose(exc);
Stream s = sap.RangeStream;
MemoryStream ss = new MemoryStream();
int read = 0;
byte[] buff = new byte[8192];
while ((read = s.Read(buff, 0, 8192)) > 0)
{
ss.Write(buff, 0, read);
}
byte[] pk = SignMsg(ss.ToArray(),pin, card, true);
byte[] outc = new byte[csize];
PdfDictionary dic2 = new PdfDictionary();
Array.Copy(pk, 0, outc, 0, pk.Length);
dic2.Put(PdfName.CONTENTS, new PdfString(outc).SetHexWriting(true));
sap.Close(dic2);
//--------------------------------------------------------------------------------
Calvin Streeting
Systems Developer
For and on behalf of Baily Garner LLP
Tel: 0208 294 1000 (EXT: 8570)
Fax: 0208 2941320
www.bailygarner.co.uk
________________________________
From: ashish dhingra [mailto:[email protected]]
Sent: 10 August 2010 11:31
To: [email protected]
Subject: Re: [iText-questions] Signing with pkcs 7
Hi,
Here is what i did:-
1.open the pdf document.
2.Insert smart card token into USB drive.
3.Read certificate from store(x509 store)
4.Smart card will be on top of list so select zero index in store.certificates
5.convert this certificate to byte[] or use
X509Certificate2 cert = store.Certificates[certsListBox.SelectedIndex];
byte[] bytes = cert.Export(X509ContentType.Pfx,this.passwordBox.Text);
6.if using later one,then exception will generate "Key not valid for specified
state".
7.If using former,then when you make pkcs12 store object using stream(using
byte[]),then exception will come "Could n't convert from des seq to des
integer."
Hope i cleared you...
Can you please elabroate x509includeoption because i haven't used it.
--
Thanks and Regards,
Ashish Dhingra,
Software Engineer,
M-09467783146
God first everything else next
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://www.itextpdf.com/book/
Check the site with examples before you ask questions:
http://www.1t3xt.info/examples/
You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
