Hi Andreas, Thank you very much for your sample code. This is much appreciated.
In order to make this work for my situation with a Belgian EID card, I had to change the implementation of CMSSignedExternalDataGenerator#getSignerIdentifier(X509Certificate) to the code that was commented out. This was necessary because the cert.getIssuerDN() method returned a sun.security.x509.X500Name object for my certificate, and the suggested implementation of getSignerIdentifier(X509Certificate) didn't really like that. (This also required the addition of CMSUtils.java and CMSException.java to de.trustable.bouncycastle.cms, simply copied from the BC source code.) I'm not sure what happens in the code below, but I no longer get an Exception, so I assume it's fine. > TBSCertificateStructure tbs = > CMSUtils.getTBSCertificateStructure(cert); > IssuerAndSerialNumber encSid = new IssuerAndSerialNumber(tbs > .getIssuer(), tbs.getSerialNumber().getValue()); > return new SignerIdentifier(encSid); > Other adjustments are based on the example that can be found here: http://itext.ugent.be/articles/eid-pdf/index.php?page=3#recipient 1. in main(String[]): > final BelpicCard scd = new BelpicCard(""); > X509Certificate signCert = scd.getNonRepudiationCertificate(); > 2. in PlainSignMethodCallbackHandler#sign(...): > try { > byte[] hash = > MessageDigest.getInstance("SHA-1").digest(sigIntContent); > signedBytes = scd.generateNonRepudiationSignature(hash); > } catch (Exception e) { > throw new SignatureException( e.getMessage()); > } > 3. in main(String[]); in order to include the full certificate chain in the PDF: > // add all your certificates here, any order will do > certList.add(scd.getCertificationAuthorityCertificate()); > certList.add(scd.getRootCertificationAuthorityCertificate()); > With these adjustments, this works perfectly fine for me. Thanks again for your help, Bram kuehne wrote: > > Hi, > > I talked myself into providing sample code for signing a PDF with a PKCS7 > signature using a smartcard. So here it is : > > Look at the SampleExternalSigning class in the package > de.trustable.bouncycastle.cms : > > In the 'main' method the in- and outfiles were read from the command line, > a test certificate and a key pair gets created and the BouncyCastle > security provider is registered. > > The more interesting part starts at line 194 : As we are not able to > forward the private key to the crypto lib directly now there is an > interface called 'PlainSignMethodCallbackHandler' that will be called when > it comes to signing. There is only one method required. Here you can see a > sample implementation using the pregenerated private key. In a real life > scenario you'll need to fill in the smartcard api access code instead. > That's the tricky part .. > > The other code is more or less a standard singning sample using the > PDFStamper. The major difference here is the use of the > CMSSignedExternalDataGenerator class, which is not from BouncyCastle but > from this sample package. It's mostly a copy of the already existing > CMSSignedDataGenerator with the required changes to use a callback method > instead of a private key. Most of the other code was required to be copied > due to visibility limatiations, no magic in there ... > > To run the sample you need to have iText-5.0.6.jar, bcprov-jdk16-146.jar, > bcmail-jdk16-146.jar and the mail.jar in the classpath additionally to the > classes ... older BC versions will surely cause problems as some internal > method signatures changed recently. > > Let me know if you come across problems with this sample ... > > Good luck, > > Andreas > -- View this message in context: http://itext-general.2136553.n4.nabble.com/Re-HASH-SMARTCARD-and-PKCS-7-detached-tp3341984p3343838.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
