Stefan, Stefan Santesson wrote: > I think the fix is right.
I think so, too. My remark was about additional issues to fix in the code. I think that your fix does use the correct algorithm for encContDigest, but the original code in some cases doesn't for messageDigest! When handling a adbe.pkcs7.sha1 signature, the byte ranges have to be hashed using SHA1, no matter which is the CMS digest algorithm. The PdfPKCS7 code uses the CMS digest algorithm here, too, though. At least if I read the code correctly. I'm not exactly a fan of this kind of bouncy castle asn1 juggling... Regards, Michael. -- View this message in context: http://itext-general.2136553.n4.nabble.com/Signature-validation-bug-in-iText-5-1-1-tp3729972p3733089.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
