Valentin, Valentin Ivanov wrote > it is strange to me as I include only the signer certificate in both > files. Should I always include the certificate chain? I mean Is this best > practice?
Yes, you should. Unless your signature is meant for use in a very restricted environment only in which you can be sure that all relevant certificates (including the intermediary ones) are distributed on all computers, that is necessary for interoperability. Valentin Ivanov wrote > Here is the pdf signed with old libraries > signed_Technical_data_iText5.2.1.pdf > <http://itext-general.2136553.n4.nabble.com/file/n4658507/signed_Technical_data_iText5.2.1.pdf> > Your 5.2.1 signature uses the subfilter adbe.pkcs7.sha1; already the old standard ISO 32000-1 dating back to 2008 recommends using a different subfilter: "The format for encoding signature values should be adbe.pkcs7.detached." As far as I know the coming standard ISO 32000-2 will officially deprecate adbe.pkcs7.sha1. The signature created with 5.4.2 uses adbe.pkcs7.detached. But I'm a bit surprised by the size of the CMS container in your 5.4.2-signed document: 117849 bytes! The biggest part is the content of the Adobe RevocationInfoArchival attribute. I assume a very big CRL is included. CMS containers this size might baffle many a signature library. You might want to use OCSP responses instead. As your step from 5.2.1-signing to 5.4.2-signing obviously involved some change of code, please provide the relevant signature creation code. I'll look into the example file later. Regards, Michael -- View this message in context: http://itext-general.2136553.n4.nabble.com/Green-check-mark-issue-tp4658502p4658510.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
