Yes Michael, I fully agree to drop adbe.pkcs7.sha1, too.
You outlined the way to go ! reetings Andreas ----- original Nachricht -------- Betreff: Re: [iText-questions] Digital signature with DSA key Gesendet: Di, 08. Feb 2011 Von: mkl<[email protected]> > > Andreas, > > kuehne wrote: > > I hope you support last nights call to drop PKCS1 support from iText! > > Yes, indeed, at least as far as signature creation is concerned. Actually I > would go even further and restrict the signature creation routines to > adbe.pkcs7.detached, i.e. drop support for adbe.pkcs7.sha1, too. This goes > along with the ISO spec which just before Table 257 states "The format for > encoding signature values should be adbe.pkcs7.detached. This encoding > allows the most options in terms of algorithm use." > > The only argument for keeping adbe.pkcs7.sha1 alive for signature creation > is that PAdES Part 2 for some weird reason explicitly includes it in the > allowed subfilters without properly stating a preference for > adbe.pkcs7.detached. > > Bruno, > > 1T3XT BVBA wrote: > > As digital signatures are somewhat outside my area of expertise, I didn't > > follow this discussion from the start, but obviously I'm interested in > > improving iText and the book. Would it be possible to summarize the > > problem: > > - which examples in the book should be removed (or how can they be > > changed)? > > - what exactly would need to be removed from iText? > > - can you give me suggestions for refactoring the signing process? > > The examples in the books should be changed to not create > adbe.x509.rsa.sha1 > or adbe.pkcs7.sha1 signatures anymore, only adbe.pkcs7.detached and > ETSI.CAdES.detached (yeah!) signatures and ETSI.RFC 3161 time stamps. > > As I'm only creating signatures with externally built CMS containers, I'm > not too sure about the code changes. If I understood Paulo correctly, > though, the whole iText signature creation API was due for a major change. > > IMO the new API should be PAdES-centric. This would include the good old > adbe.pkcs7.* signatures in Part 2, ETSI.CAdES.detached in Part 3 and > ETSI.RFC 3161 in Part 4. > > Regards, Michael. > -- > View this message in context: > http://itext-general.2136553.n4.nabble.com/Digital-signature-with-DSA-key-tp > 3264088p3275555.html > Sent from the iText - General mailing list archive at Nabble.com. > > ---------------------------------------------------------------------------- > -- > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > iText-questions mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/itext-questions > > Many questions posted to this list can (and will) be answered with a > reference to the iText book: http://www.itextpdf.com/book/ > Please check the keywords list before you ask for examples: > http://itextpdf.com/themes/keywords.php > --- original Nachricht Ende ---- ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
