Hi Bruno, that's the most informative post I've read for a long time. You named all the pitfalls (too obvious for me to see) and gave good orientation for the newbie!
But I do miss your spicy comments ;-) Greetings, Andreas > On 27/02/2013 21:06, adamec wrote: >> Hmmm, first of all - thanks for atttention :) >> >> I still quite donet understand. When I sign a pdf with iText by means of >> private key I provide (using PrivateKeySignature), I also create hash for >> document. Then, this hash is signed afterwards and alsdo attached to pdf. >> >> Am I missing something? > The problem is terminology. > > You're describing something like this: > http://sourceforge.net/p/itext/code/HEAD/tree/tutorial/signatures/src/main/java/signatures/chapter4/C4_09_DeferredSigning.java > > The method emptySignature creates a PDF where the digital signature > consists of 000000000...00 > When you open the resulting PDF, it will say it contains a signature, > but the signature is invalid (obviously because it consists of zeros). > > Then you use the method createSignature. This takes the PDF previously > created and feeds the hash to your own signature implementation. This > method replaces the "blank signature" with an actual signature. > > You're referring to a detached signature in the context of PKCS#1. > > The name 'detached signature' has two different meanings. > > Meaning 1: > http://en.wikipedia.org/wiki/Detached_signature : A detached signature > is a type of digital signature that is kept separate from its signed > data, as opposed to bundled together into a single file. > > Meaning 2: > The PDF spec talks about different sub filters used to store digital > signatures. The 'detached' sub filters refer to signatures that are part > of the PDF document, but they are more or less self-contained in the > sense that Certificates and the revocation info (if available) are > stored in the signature itself as opposed to in the signature dictionary. > > The way you initially phrased your question, it sounded as you referred > to meaning 1 which revealed a lack of understanding of PDF signatures. > Furthermore your question didn't make sense as detached signatures use > either PKCS#7 or CAdES. The use of pure PKCS#1 signatures is forbidden > according to PAdES and discouraged according to ISO-32000. > > I hope this clarifies the confusion. I didn't answer your question > initially because some people seem to really hate me when I tell them > their question doesn't make sense (no good deed goes unpunished), so I > decided to wait for some other responses first ;-) > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > _______________________________________________ > iText-questions mailing list > iText-questions@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/itext-questions > > iText(R) is a registered trademark of 1T3XT BVBA. > Many questions posted to this list can (and will) be answered with a > reference to the iText book: http://www.itextpdf.com/book/ > Please check the keywords list before you ask for examples: > http://itextpdf.com/themes/keywords.php > -- Andreas Kühne phone: +49 177 293 24 97 mailto: kue...@trustable.de Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna Amtsgericht Hamm HRB 5868 Directors Andreas Kühne, Heiko Veit Company UK Company No: 5218868 Registered in England and Wales ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
