Hi Rafael, you're building the signature using a DSA key but claim it be a RSA type :
/Type/Sig/SubFilter/adbe.x509.rsa_sha1 The spec is very detailed for this type : RSA and SHA1 ! Try to use a PKCS7 container and the 'detached' type ... Greetings Andreas ----- original Nachricht -------- Betreff: Re: [iText-questions] Digital signature with DSA key Gesendet: Mo, 07. Feb 2011 Von: Rafael Wampfler<[email protected]> > Hi Michael, > > thanks for your instructional answer. > > I already thought that this might not work correctly: > appearance.setExternalDigest(new byte[128], null, "DSA"); > > For my understanding: > RSA/1024 signature is 128bytes long (which is 1024 / 8) > DSA signature is shorter. Is the length variable? > > sig.getEncodedPKCS1().length says the length is 49. Reserving new > byte[49] or a bit more or less also gives an invalid signature. Is there > a way to calculate the length of a signature before creating it? How big > should i make this array? > > Attachment: DSA signature with new byte[49] > > Regards, > Rafael > > > Am 07.02.11 15:26, schrieb mkl: > > Rafael, > > > > Rafael Wampfler wrote: > >> of course, here are the two documents. RSA working, DSA not > > In Listing 12.19 (which was the one you started from) a placeholder > byte[] > > of 128 bytes is used for the RSA/1024 signature as that kind of signature > > takes up exactly that much space. Accordingly a few more than 256 bytes > (the > > exact number of bytes required to hold a hex-digit encoded PKCS#1 object > > holding a RSA/1024) are reserved in the PDF and are marked as the gap in > the > > PDF which is not to be hashed. Later on filled they are filled with the > > actual signature. > > > > Now in testsignDSA.pdf you reserve the same number of bytes, too, but > your > > signature is way smaller (the hex encoded PKCS#1 takes up less than 100 > > bytes). Thus, the gap in the PDF marked not to be hashed is way bigger > than > > your signature. Adobe Reader considers this to be suspicious as the gap > > might contain PDF objects which could easily be manipulated without > changing > > the hash. Therefore, Adobe Reader rejects your signature. > > > > You should reserve exactly the number of bytes you are going to use > > eventually. Either reserve less bytes or eventually pad your signature > with > > 0 to be long enough. > > > > Adobe Acrobat actually talks about "SigDict /Contents illegal data". So > > maybe there are additional problems with your very signature. As soon as > > sizes match we can take the next step. > > > > Regards, Michael. > > > > > --- original Nachricht Ende ---- ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
