Hi Michael,
the most interesting topic with this signature is the reaction of th
Adobe reader. Never seen such a kind of error message before!
But back to the signature problem itself: My wild guess is that the
ActiveXObject signs with one key but the signature contain s another
one. The usual smartcard today hosts a bunch of different certificates
and keypairs. The API will know which key/certificate to select for
signing but if you call 'getCrertificates' (or the like) the appropriate
certificate mustn't be the first one ...
Did you try to verify the signature within the signing code? If it
verifies, you're sure to have the right certificate selected.
Greeting
Andreas
> Andreas, Max,
>
> Andreas Kuehne-3 wrote
>> For curiosity I took a look at the signature, too. Here's what I got:
>>
>> 2012-01-31 20:04:13,281 ERROR (http-0.0.0.0-8080-7)
>> [de.trustable.signingserver.Verifier] Signature ERROR from signer # 0 :
>> javax.crypto.BadPaddingException: Invalid PKCS#1 padding: encrypted
>> message and modulus lengths do not match!
> Oops, you're right of course. I didn't look into the logs here as I got back
> a report complaining about the untrusted root and, falsely, deduced that
> everything (including the signature) could be properly decoded. In the logs
> I now also find
>
> javax.crypto.BadPaddingException: Data must start with zero
> at sun.security.rsa.RSAPadding.unpadV15(RSAPadding.java:308)
> at ...
>
>> The decrypted signature content difinitly doesn't look like having a
>> padding applied: This problem usually stems from unmatching signing keys /
>> certificates.
> Max uses the iText utility class PdfPKCS7:
>
> PdfPKCS7 sig = new PdfPKCS7(null, certChain, null, "SHA-256",
> null, false);
> sig.setExternalDigest(hash, data, "RSA");
> [...]
> byte[] ssig = sig.getEncodedPKCS7(null, cal, null, ocsp);
>
> To create his data he uses
>
> var SignedData = new ActiveXObject("CAPICOM.SignedData");
> SignedData.Content = src;
> var Signer = FindCertificateByHash();
> [...]
> Signer.AuthenticatedAttributes.Add(TimeAttribute);
> var szSignature = SignedData.Sign(Signer, false,
> CAPICOM_ENCODE_BASE64);
>
> As I don't use these classes myself, I don't know whether this usage is
> correct nor do I know the format of the input or output data.
>
> If wild guesses are allowed, though, adding some "TimeAttribute" to those
> "Signer.AuthenticatedAttributes" might imply that "szSignature" not merely
> contains some PKCS#1 signature to include into a signature container by
> means of the iText PdfPKCS7 utility class but instead already a full-blown
> CMS signature container which can be inserted into the PDF as is.
>
> Can anyone deny or confirm?
>
> Regards, Michael
>
> --
> View this message in context:
> http://itext-general.2136553.n4.nabble.com/Sign-and-PDF-with-SmartCard-and-web-browser-only-tp4319344p4347309.html
> Sent from the iText - General mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> iText-questions mailing list
> iText-questions@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a
> reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples:
> http://itextpdf.com/themes/keywords.php
>
--
Andreas Kühne
phone: +49 177 293 24 97
mailto: kue...@trustable.de
Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna
Amtsgericht Hamm HRB 5868
Directors Andreas Kühne, Heiko Veit
Company UK Company No: 5218868 Registered in England and Wales
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
