iText Info wrote > > Op 21/08/2012 16:50, roboboot schreef: >> After having read on this ml that PDF signature with iText 5.3.x causes >> that >> the older PDF viewers couldn't correctly show the signature > > Where did you read that? > > The new iText supports detached signatures. Those have been around for > quite a while! > If you create a CAdES signature: that won't work on old PDF viewers. > If you want a signature to work on old viewers, you should create a CMS > signature. > Are you aware of the difference between CMS and CAdES? > >
CAdES sould be an evolution for the CMS...but sure I'm not so strong in knowing these topics. Is it explained in the white paper? Please can you give me the URL of this wp? iText Info wrote > > > You can use iText to create detached CMS (PKCS#7) signatures for > versions of Reader 4.0! > I'm not saying that would be wise, but it's possible! > > Should you use an older version of iText, you'll be creating signatures > that will be either deprecated in the new ISO standard: > > The /adbe.pkcs7.sha1sub filter will be deprecated in PDF 2.0. > ISO-32000-2 recommends: /"To support backward compatibility, PDF readers > should process this value for the ///SubFilter//key but PDF writers > shall not use this value for that key."/iText is a PDF writer, and since > iText 5.3.0, we no longer allow the creation of this type of signatures. > Please don't sign any documents using this sub filter anymore. > > Or you will be creating signatures that use an encryption algorithm that > is forbidden in the PAdES standard: As for /adbe.x509.rsa_sha1, it will > still be available in PDF 2.0, but the underlying standard that is used > (PKCS#1) is explicitly forbidden in PAdES. We've discontinued support > for the creation of PKCS#1 signatures, so that iText-created signatures > comply with PAdES. > > I guess I should have to use PAdES...is there any example with PAdES with external signature (I have a signature appliance that gives me the signed hash)? iText Info wrote > > > Surely you wouldn't want to create one of those old types of signatures? > It would be helpful if you told us where you found the disinformation. > > No, it's a my mistake. I reviewed the post in this forum and the answer was different and alligned with your conclusion. Thanks Roberto -- View this message in context: http://itext-general.2136553.n4.nabble.com/Older-versions-of-iText-tp4655955p4655963.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
