Edward, Edward Cooke wrote: > here's my entire code
It's great you shared your code. If you had said at the start that you externally create the signature container, we could have pointed you in the right direction earlier. Edward Cooke wrote: > I also had to change csize variable. I did a more dynamic approach then > just saying 4000. I did 4000 plus the sum of the length of the raw data of > all the certs in the chain. There are a number of additional aspects which influence the size of the signature container, e.g. time stamps and additional attributes. For some of our users, 8 KB is not enough. Therefore we use a configurable size. If you often sign the same way with the same certificates, you might consider generating a test signature container and use its size plus a few bytes for all later signing processes. Edward Cooke wrote: > PdfSignature signatureDictionary = new PdfSignature(PdfName.ADOBE_PPKMS, > PdfName.ADBE_PKCS7_SHA1); BTW, you use (and create signature containers according to) the /SubFilter/adbe.pkcs7.sha1 while you should use either the /adbe.pkcs7.detached format according to the basic PDF specification ISO 32000-1:2008 (cf section 12.8.3.3.2 right before table 257) or the /ETSI.CAdES.detached format according to ETSI TS 102 778, PDF/A-2, etc. Especially the /adbe.pkcs7.sha1 format requires you to use SHA1 for hashing the PDF byte ranges. This algorithm is being phased out in more and more countries. Regards, Michael. -- View this message in context: http://itext-general.2136553.n4.nabble.com/iTextSharp-and-certificate-chains-using-windows-certificate-store-tp3761613p3770216.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
