Re: [iText-questions] [SPAM] Re: LTV problem?

2013-12-29 Thread Eric Chow
Dear Michael, I got it. Many thanks for your help. I finally make the signature LTV-enabled. I just add the CRL of the issuer cert to the signature. It works. Thank you very much! Best regards, Eric On Sun, Dec 29, 2013 at 7:12 AM, mkl wrote: > Eric, > > Eric Chow wrote > > The sample1.pdf i

[iText-questions] [SPAM] Re: LTV problem?

2013-12-28 Thread mkl
Eric, Eric Chow wrote > The sample1.pdf is signed by the certificate that generated by keytool and > the sample2.pdf is signed with the smartcard (PKCS#11). > > sample1.pdf (58K) > http://itext-general.2136553.n4.nabble.com/attachment/4659598/0/sample1.pdf > sample2.pdf (48K) > http://itext-gener

Re: [iText-questions] [SPAM] Re: LTV problem?

2013-12-27 Thread Eric Chow
Dear Michael, I found that in sample1.pdf, it only has a signed certificate. In sample2.pdf, there are three levels of certificate: - Issuer ROOT cert (A) - Issuer signed cert (B) - my personal cert (C) Do I need to add the (A) and (B) to the .addVerification(...) ? Just add the certifi

[iText-questions] [SPAM] Re: LTV problem?

2013-12-27 Thread mkl
Eric Chow, Eric Chow wrote > I tried to use keytool to generate a keystore and sign the PDF. It shows > LTV-enabled in Adobe reader. > I also use the same method to sign the PDF with PKCS#11 (Smartcard) but > the output signed PDF not LTV-enabled Please provide samples of both to compare thei

Re: [iText-questions] [SPAM] Re: LTV problem?

2013-12-27 Thread Eric Chow
Dear Michael, I tried to use keytool to generate a keystore and sign the PDF. It shows LTV-enabled in Adobe reader. I also use the same method to sign the PDF with PKCS#11 (Smartcard) but the output signed PDF not LTV-enabled What's the difference? Best regards, Eric On Fri, Dec 27, 2013

Re: [iText-questions] [SPAM] Re: LTV problem?

2013-12-26 Thread Eric Chow
Dear Michael, Thanks for your help. Because of my dummy and leak of knowledge in LTV, would you please to show me a simple example to sign a PDF that LTV-enabled with option 2? Best regards, Eric On Fri, Dec 27, 2013 at 3:58 AM, mkl wrote: > Eric Chow wrote > > I used the following code to a

[iText-questions] [SPAM] Re: LTV problem?

2013-12-26 Thread mkl
Eric Chow wrote > I used the following code to add the LTV to the existed signed PDF. The > attached PDF is the result. But it shows "LTV not enabled ." in the > Adobe Reader XI. > > test_signed_LTV.pdf (346K) > http://itext-general.2136553.n4.nabble.com/attachment/4659584/0/test_signed_LTV.p

Re: [iText-questions] [SPAM] Re: LTV problem?

2013-12-18 Thread Eric Chow
I used the PdfStamper to create the signature. This does not work, right? I will try to open a signed PDF and try to add the verification again. Thanks. I will post the results if there is any problem but need to wait until 26th. Best regards, Eric On Wed, Dec 18, 2013 at 7:30 PM, mkl wrote:

[iText-questions] [SPAM] Re: LTV problem?

2013-12-18 Thread mkl
Eric, Eric Chow wrote > Do you mean the output PDF (signed PDF)? I attach it here. Please check! > I tried to use iText-rups to show the document structure, but cannot see > the DSS catalog. > > test_signed.pdf (295K) >

[iText-questions] [SPAM] Re: LTV problem?

2013-12-18 Thread mkl
Eric, Eric Chow wrote > tsaClient = new TSAClientBouncyCastle(TSA_URL, TSA_ACCNT, TSA_PASSW, 6500, > "sha256"); > [...] > > v.merge(); > > On Wed, Dec 18, 2013 at 3:45 AM, mkl < > mkl@ > > wrote: > >> In that case can you supply a PDF resulting from your code calling >> addVerification? I me

Re: [iText-questions] [SPAM] Re: LTV problem?

2013-12-17 Thread Eric Chow
tsaClient = new TSAClientBouncyCastle(TSA_URL, TSA_ACCNT, TSA_PASSW, 6500, "sha256"); LtvVerification v = stamper.getLtvVerification(); AcroFields af = stamper.getAcroFields(); for (String sigName : af.getSignatureNames()) { v.addVerification( sigName, o

[iText-questions] [SPAM] Re: LTV problem?

2013-12-17 Thread mkl
Eric, Eric Chow wrote > The certificate chain is available. In that case can you supply a PDF resulting from your code calling addVerification? Regards, Michael -- View this message in context: http://itext-general.2136553.n4.nabble.com/LTV-problem-tp4659550p4659566.html Sent from the iTex

[iText-questions] [SPAM] Re: LTV problem?

2013-12-15 Thread mkl
Eric, Eric Chow wrote > As you can see I already added the "OcspClient" and "CrlClientOnline" to > the verification, what else I need to added? Do the certificates in question contain the information required for easy OCSP/CRL access? AIA and CRL distribution point? Is the certificate chain avai

Re: [iText-questions] [SPAM] Re: LTV

2013-01-11 Thread iText Info
Op 10/01/2013 19:07, Leonard Rosenthol schreef: > 1. "a valid CRL or OSCP response for every certificate" also includes > signatures over CRLs and OCSPs., not just the signature certificate. > > 2. LTV may be enabled when all collaterals are embedded in the > signatures and not DSS (I just

Re: [iText-questions] [SPAM] Re: LTV

2013-01-10 Thread Leonard Rosenthol
Here is the info from my engineer: 1. "a valid CRL or OSCP response for every certificate" also includes signatures over CRLs and OCSPs., not just the signature certificate. 2. LTV may be enabled when all collaterals are embedded in the signatures and not DSS (I just fixed a bug that did

Re: [iText-questions] [SPAM] Re: LTV

2013-01-10 Thread iText Info
Op 10/01/2013 13:22, Leonard Rosenthol schreef: > Our customers asked that we clearly identify a PDF that contained LTV (vs. > one that did not). That was that term that we determined was simple and > clear in conveying that message. So the following assumption is correct: - not LTV-enabled: the

Re: [iText-questions] [SPAM] Re: LTV

2013-01-10 Thread Leonard Rosenthol
Our customers asked that we clearly identify a PDF that contained LTV (vs. one that did not). That was that term that we determined was simple and clear in conveying that message. Leonard On 1/10/13 4:44 AM, "iText Info" wrote: >Op 10/01/2013 10:41, mkl schreef: >>> the PDF is "LTV-enabled" o

Re: [iText-questions] [SPAM] Re: LTV

2013-01-10 Thread iText Info
Op 10/01/2013 10:41, mkl schreef: >> the PDF is "LTV-enabled" or not. [...] > Sounds like Adobe marketing made up that word. I find it very confusing. I'm happy to hear I'm not the only one. -- Master Visual Studio, ShareP

[iText-questions] [SPAM] Re: LTV

2013-01-10 Thread mkl
Bruno, 1T3XT BVBA wrote > I still need to update the white paper so that the screen shots match with > Adobe Reader XI. A neverending task, I presume... ;) But if the original poster wanted to refer to messages of a specific version of a specific pdf reader, he would have had better chances to b

Re: [iText-questions] [SPAM] Re: LTV

2013-01-10 Thread iText Info
Op 10/01/2013 9:51, mkl schreef: > Please supply sample PDFs. And explain what you mean by "LTV is activated" > or "LTV is not activated". Hi Michael, I still need to update the white paper so that the screen shots match with Adobe Reader XI. It seems that Adobe introduced a line to the signature

[iText-questions] [SPAM] Re: LTV

2013-01-10 Thread mkl
jvr968, jvr968 wrote > I'm testing the example part3.chapter12.TimestampOCSP > > I have used the pkcs12 keystore to sign the document signature is valid > and timestamp is added and LTV is activated. > > 1.- When the document is signed with pkcs12 is possible to deactive LTV? What exactly do yo