Stefan, Bruno, Stefan Santesson wrote: > The consequence is that iText fails validation of perfectly valid signed > PDF documents containing encapsulated content info (as when using the > adbe.pkcs7.sha1 subfilter). > > [...] > messageDigest = > MessageDigest.getInstance(getHashAlgorithm());
I'm not sure the code now is fixed entirely for the adbe.pkcs7.sha1 case (which BTW anyway isn't the format which should be used): In this case the byte range must be hashed using SHA1 while the CMS hashing algorithm may be different. But the current (and also the former) PdfPKCS7 code to me seems to use the CMS hashing algorithm for calculating both hashes. As we don't use the adbe.pkcs7.sha1 subfilter here (SHA1 has not been a valid choice for qualified signatures here for some time), though, I am not too deep into this use case. Thus, I may be abysmally wrong on this subject. Regards, Michael. -- View this message in context: http://itext-general.2136553.n4.nabble.com/Signature-validation-bug-in-iText-5-1-1-tp3729972p3732474.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
