Hi Pedro,
sorry to see you stuck with all this messy stuff !
As usual things are a bit complicated :
1. The rsa_sha1 approach is a bit outdated, but it should work. In your special
case there a two different problems with your signed hash :
- it is wrapped in an ASN.1 structure by your PKCS11 library, that doesn't
make sense to me, there. You have to strip it ( these 3 bytes ... )
- the signature is currently calculated on a digest info structure ( this is
the hash algo combined with the hash value ). But the rsa_sha1 expects to see
the signature of the plain hash bytes.
2. The ADBE_PKCS7_DETACHED is the much more recent way to sign, but in this
case the content of the signature is not just a signed hash ( as the name of
the variable dares to assume ) but a full blown PKCS7 structure.
When you're not familiar with all the crypto stuff it may be easier to go the
rsa_sha1. But if your heading for a future proof version you may have to invest
some time and dig into the PKCS7 world.
Or you try to go for a ready-made solution that signs your PDF ...
Good luck
Andreas
----- original Nachricht --------
Betreff: Re: [iText-questions] Another invalid signature thread
Gesendet: Di, 26. Okt 2010
Von: P3d3r0s0<zas...@gmail.com>
>
> Hey Andreas,
>
> about the ASN1 byte wrapper, i think im not using it when i use:
> PdfSignature dic1 = new PdfSignature(PdfName.ADOBE_PPKLITE,
> PdfName.ADBE_PKCS7_DETACHED);
> dic1.setDate(new PdfDate(appearance.getSignDate()));
>
> dic1.setName(PdfPKCS7.getSubjectFields((X509Certificate)appearance.getCertCh
> ain()[0]).getField("CN"));
> dic1.setReason(appearance.getReason());
> dic1.setLocation(appearance.getLocation());
> dic1.setContact(appearance.getContact());
> appearance.setCryptoDictionary(dic1);
> int csize = 128;
> HashMap<PdfName, Integer> exc = new HashMap<PdfName, Integer>();
> exc.put(PdfName.CONTENTS, new Integer(csize * 2 + 2));
> appearance.preClose(exc);
> when i use this approach i dont use sig.getEncodedPKCS1() that returns the
> 131 byte array. In this case i just use:
> dic.put(PdfName.CONTENTS, new
> PdfString(signedHash).setHexWriting(true));
> and the signedHash is the digest signed with the smartcard (which is a 128
> byte array)
>
>
> as for the DigestInfo structure, i dont really understand what you mean, im
> new to all of this. Is the problem the digest i generate from the file's
> inputStream or the the method i use to sign that digest?
> I dont think i have an alternative to sign it since the smartcard uses
> pkcs11 and i believe i need the wrapper im currently using (though i might
> be wrong of course).
>
>
> A few things i forgot to mention that might matter is that im using the
> latest version of itext(5.0.4) and another thing is that when i used that
> detached mode i couldnt see the algorithm used and certificates in the pdf
> that was created after being signed.
>
> Regards,
> Pedro
>
> --
> View this message in context:
> http://itext-general.2136553.n4.nabble.com/Another-invalid-signature-thread-
> tp3003710p3013603.html
> Sent from the iText - General mailing list archive at Nabble.com.
>
> ----------------------------------------------------------------------------
> --
> Nokia and AT&T present the 2010 Calling All Innovators-North America
> contest
> Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in
> marketing
> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
> http://p.sf.net/sfu/nokia-dev2dev
> _______________________________________________
> iText-questions mailing list
> iText-questions@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> Many questions posted to this list can (and will) be answered with a
> reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples:
> http://itextpdf.com/themes/keywords.php
>
--- original Nachricht Ende ----
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
