张健, jian zhang wrote: > my code is: > > byte[] signedHashValue1 = server.sha1_rsa(content); > > byte[] hash = server.sha1(content); > byte[] signedHashValue2=server.rsa(hash); > > when I use signedHashValue1, it's ok, I can get a valid signature in pdf; > but when I use signedHashValue2, get an error, says"Error encountered > while BER decoding".
The reason is that SHA1withRSA does not merely mean "take the SHA1 hash and encrypt it using RSA". It actually means "take the SHA1 hash, put it into a DigestInfo structure, and encrypt this structure using RSA". Additionally you have to chose the correct padding when encrypting. This, BTW, is the reason why you can use other hashing algorithms than SHA1 and the verifying side can know which hashing algorithm you used: The DigestInfo structure consists of both an hashing algorithm identifier and the actual hash. jian zhang wrote: > If I use "SHA1withRSA", I will get an invalid signature says "document has > been modified" This is a sign that you conceptually used the correct structure, merely the wrong hash value. For Pedro using PdfSignatureAppearance.VERISIGN_SIGNED instead of PdfSignatureAppearance.SELF_SIGNED did the job. As I merely have to cope with externally generated /adbe.pkcs7.detached signatures, I don't know the minutiæ of the /adbe.x509.rsa_sha1 signatures which you seem to favour, or their implementation in iText. Regards, Michael. -- View this message in context: http://itext-general.2136553.n4.nabble.com/Another-invalid-signature-thread-tp3003710p3014983.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
