Hi Andrea, as Michael pointed out the processing is not trivial and many brave developer were caught in one of the pitfalls. If you're a lazy guy ( like me ) you may try to copy'n' paste from the code of our signing server ( available at http://sourceforge.net/projects/sirius-sign/files/ ).
Good luck Andreas ----- Original Message ---- From: mkl <[email protected]> To: [email protected] Sent: Thu, August 12, 2010 11:14:29 AM Subject: Re: [iText-questions] signing a pdf in three different steps Andrea, famagosta wrote: > i was trying to sing a pdf in three different steps (teorically in 3 > different machines). > 1. read pdf and calculate hash > 2. get hash and sign it (using a smartcard) > 3. get sign and apply to pdf > First question : is it possible? This question has been discussed here quite often, e.g. in http://itext-general.2136553.n4.nabble.com/Hash-computation-problem-tt2158378.html --- you may want to read that thread and the threads referred to from it. It is possible. But you have to take care. As you have seen yourself, the naive approach wont do: famagosta wrote: > Printing the generated hash (for the same pdf), i read always different > values, how is it possible? > If the hash of a pdf is always different, how is it possible to verify the > sign? > > I'm sure i done something wrong, but waht? You are wrong in assuming that when starting to sign the same PDF at different times, the identical PDF objects are added to the PDF to embed the signature. Thinking about this, the assumption is obviously wrong as some of these objects represent the current date and time (both used as modification time pdf property and as signing time) and some may include other data depending on the very situation (ID, iText version entry, ...). Thus, to sign in your separate three steps you either have to keep the PdfStamper and PdfSignatureAppearance you originally created (or at least the temporary PDF file created by sap.preclose()) to insert the externally generated signature in or you have to patch iText to use the identical variable data in step three as you did in step 1. As far as iText is concerned, keeping the PdfStamper and PdfSignatureAppearance you originally created, waiting in some cache for the signature to arive is the easiest way, keeping the temporary PDF and injecting the generated signature requires some more coding, and patching iText to use identical variable data is most complicated. Regards, Michael. -- View this message in context: http://itext-general.2136553.n4.nabble.com/signing-a-pdf-in-three-different-steps-tp2322393p2322419.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.itextpdf.com/book/ Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/ ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.itextpdf.com/book/ Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
