Max, madmax wrote > Once the digest is signed and I send it back to the servlet I verify it > with some java code And on the console it shows the following: > >
Your verifying Java code: While I'm not too proficient in BouncyCastle usage, the JavaDocs tell me that CMSSignedData is a "general class for handling a pkcs7-signature message", and its constructor CMSSignedData(byte[] sigBlock) parses the byte array parameter as a ContentInfo structure. The fact that you can parse your "digest" with this class and retrieve sensible information, therefore, strongly supports the former wild guess that it not merely is an encrypted digest but instead already a full-fledged PKCS#7 / CMS signature container. Thus, you do not need to (actually you must not) embed it in a signature container using the PdfPKCS7 utility class but instead embed it into the PDF directly! > I am beginning to wonder if this approach is completely wrong in trying > to get itext to give me a digest then return it to the browser which then > sings it with the smart card (CAPICOM activex) and returns it back to the > server where I inject it back in the PDF? IMO it indeed appears to hold promise. Obviously, though, you should try and make sure that the right certificate for the signature is selected (cf. Andreas' recent comment), and of course you have to make sure that your servlet<->jsp data connection cannot be hijacked by some attacker. > But what is the alternative? (applet, activex, HSM) That would depend on the details of the requirements of your project. Regards, Michael -- View this message in context: http://itext-general.2136553.n4.nabble.com/Sign-and-PDF-with-SmartCard-and-web-browser-only-tp4319344p4354087.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
