Hi, A mate just pointed me into the right direction and saw what was happening. The chain did in fact have three levels (signing cert - intermediate - root) but I was just providing all but the signing cert in the chain ¬.¬ As I did in fact provide the correct PrivateKey, both Adobe and the validation service where quite confused with the private / public key paring.
Sorry for the silliness. It's odd how no error traces / exceptions are thrown. ----- Mensaje original ----- De: "Irune Prado" <ipr...@zylk.net> Para: itext-questions@lists.sourceforge.net Enviados: Martes, 30 de Septiembre 2014 15:25:25 Asunto: [iText-questions] MakeSignature.signDetached problems with Certification chain Hi there, I'm quite new with itext signatures, so forgive my lack of clear concepts. When using MakeSignature.signDetached method, I'm able to sign and verify (with Adobe) PDF CADES signatures (no ocsp nor tsa clients), provided the Certificate[] chain has just a single item; the p12 certificate with which I make the signature. However, when using two level certificate (signing cert and root cert, there are no more intermediate certs) the signature seems to perform successfully (no errors nor error traces) but Adobe says it has a cryptographic error. I've also used another internal validation service (haven't checked with them yet), and the error seems to be something related to the hash or digest algorithm. <pre> OPENSSL_ERROR_CODE = 67567722 </pre> Could you provide me of any insight? I'm actually using 'BouncyCastleDigest' as the ExternalDigest, and the ExternalSignature I established works fine with one level certificate (SHA1 hash algorithm and "BC" provider). Thx in advance. ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
