Hi, Pedro
I also need to write a program to send a SHA-1 hash from client to server,
then return the signature from server to client.
So, if you find a good solution, please send me a email.
> Too bad jian zhang method of generating the hash and then applying RSA
> doesnt work, my next step was g
Pedro,
P3d3r0s0 wrote:
> Too bad jian zhang method of generating the hash and then applying RSA
> doesnt work, my next step was going to be to apply this to a server-client
> application and that separating RSA from SHA1 would end in less bytes to
> send between both.
> Theres no way of doing it,
Hi,
Suppose content->hash->signature
there is already a SHA-1 hash *x*, signature *s = f(x, otherInfo)*,
Is there a method *f * In iText or Bouncy Castle library?
--
Best Regards,
张健
--
Nokia and AT&T present the 2010
Hey Michael,
That makes a lot of sense (SHA1withRSA is a two-step algorithm), and thus i
was going at it the wrong way by hashing it first and then rehashing and
signing
Too bad jian zhang method of generating the hash and then applying RSA
doesnt work, my next step was going to be to apply
Pedro,
P3d3r0s0 wrote:
> Also found out that something goes wrong when generating the digest.
> [...]
> if i generate a byte array from the inputstream and sign it afterwards,
> adobe recognizes the signature and gives the glorious message that the
> file wasnt altered after being signed.
> [...]
Hello again,
I got few small breakthroughs.
For starters i now know i can upload files to nabble instead of
filefactory(thanks Michael) :P
i wasnt sure that people that used the mailing list would be able to see the
files if i used nabble.
Also found out that something goes wrong when generating
Pedro,
P3d3r0s0 wrote:
> Im sure its possible to sign files with the portuguese citizen's
> smartcard, i just used the pdfSignerDemo and signed this sample:
> http://www.filefactory.com/file/b402157/n/_signed_pdf
Which pdfSignerDemo?
(This sample, BTW, uses the /SubFilter /adbe.pkcs7.sha1 which
Hey, looks like you are right Michael.
When i selected a handler for the plugin im able to see that theres no hash
algorithm and there are verification errors...
Im sure its possible to sign files with the portuguese citizen's smartcard,
i just used the pdfSignerDemo and signed this sample:
http
张健,
jian zhang wrote:
> Could you please give me a sample code for using DigestInfo then RSA to
> generate a signature?
> Use Bouncy Castle library?
> I'm a newer in this security field.
As mentioned before I merely have to cope with externally generated
/adbe.pkcs7.detached signatures; therefor
Pedro,
P3d3r0s0 wrote:
> I have no idea in what way PdfSignatureAppearance.VERISIGN_SIGNED differs
> from PdfSignatureAppearance.SELF_SIGNED...
> [...]
> Heres is a sample of a signed document.
> The signature isnt verified because i'd need to put the certificate in
> adobe reader i think, not su
Thanks Michael,
Could you please give me a sample code for using DigestInfo then RSA to
generate a signature?
Use Bouncy Castle library?
I'm a newer in this security field.
The reason is that SHA1withRSA does not merely mean "take the SHA1 hash and
> encrypt it using RSA". It actually means "tak
张健,
jian zhang wrote:
> my code is:
>
> byte[] signedHashValue1 = server.sha1_rsa(content);
>
> byte[] hash = server.sha1(content);
> byte[] signedHashValue2=server.rsa(hash);
>
> when I use signedHashValue1, it's ok, I can get a valid signature in pdf;
> but when I use signedHashValue2, get a
e tools to spy into the PDF bytes and get results more easily than
trying to interpret a code snippet.
Greetings
Andreas
- original Nachricht
Betreff: Re: [iText-questions] Another invalid signature thread
Gesendet: Mi, 27. Okt 2010
Von: jian zhang
Hi,my code is:
I
Hi,
my code is:
InputStream rs = appearance.getRangeStream();
byte[] content = streamToByteArray(rs, 1024);
rs.close();
byte[] signedHashValue1 = server.sha1_rsa(content);
//===sha1 then rsa=
byte[] hash = server.sha1(content);
byte[] signedHashValue2=server.rsa(hash);
//
Hey Michael,
I have no idea in what way PdfSignatureAppearance.VERISIGN_SIGNED differs
from PdfSignatureAppearance.SELF_SIGNED... According to Paulo Soares in
another "thread" they are signing modes, why this one worked i really dont
know...
As for the digest loop, i dont really need to know the
Hey,
this was the key point for me:
PdfSignatureAppearance.VERISIGN_SIGNED
i had this previously:
PdfSignatureAppearance.SELF_SIGNED
and even tried
PdfSignatureAppearance.WINCER_SIGNED
but verisign was the only one that worked.
In any case, what i placed here was the whole working(for me) code f
Pedro,
P3d3r0s0 wrote:
> joy of joys, its working!
That's great, but I'm a bit surprised. You essentially switched from
PdfSignatureAppearance.SELF_SIGNED to PdfSignatureAppearance.VERISIGN_SIGNED
and in my eyes made the digest calculation very brittle:
P3d3r0s0 wrote:
> // Proces
I met the same problem with yours.
Where have you changed in the code? or could you tell me the key point?
--
Best Regards,
张健
--
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new ap
Hello everyone,
joy of joys, its working!
Sorry for double posting, but just wanted to put what worked for me here.
try{
// Initializes the Citizens Card
CcMethods.init();
// Creates the test files and gets their stream
rsa_sha1. But if your heading for a future proof version you may have to invest
some time and dig into the PKCS7 world.
Or you try to go for a ready-made solution that signs your PDF ...
Good luck
Andreas
- original Nachricht
Betreff: Re: [iText-questions] Another invalid signat
Hey Andreas,
about the ASN1 byte wrapper, i think im not using it when i use:
PdfSignature dic1 = new PdfSignature(PdfName.ADOBE_PPKLITE,
PdfName.ADBE_PKCS7_DETACHED);
dic1.setDate(new PdfDate(appearance.getSignDate()));
dic1.setName(PdfPKCS7.getSub
de a DigestInfo structure but the very plain digest bytes.
This may do the trick ...
Greetings
Andreas
- original Nachricht
Betreff: Re: [iText-questions] Another invalid signature thread
Gesendet: Mo, 25. Okt 2010
Von: P3d3r0s0
>
> Hello again,
>
> I did the detached metho
Hello again,
I did the detached method now, learned a few things on what works a little
better but still gives an error (Error encountered while BER decoding:)...
sample:
http://www.filefactory.com/file/b3hcd3b/n/signed_pdf
Key code samples that i believe might be the reason for the errors:
Pdf
Pedro,
P3d3r0s0 wrote:
> this the file with the verified digest:
> http://www.filefactory.com/file/b3hc38g/n/signed_pdf
I'll have a look at your sample files later, but concerning:
P3d3r0s0 wrote:
> I suppose that in order to use the detached one you mentioned i would have
> to use:
> PdfSignat
Good morning, this the file with the verified digest:
http://www.filefactory.com/file/b3hc38g/n/signed_pdf
i still get the invalid signature error.
I have no specific reason to use the filter you (Michael) mentioned, in fact
i didnt even know i was using it :)
I suppose that in order to use the d
Pedro,
P3d3r0s0 wrote:
> Hey, i think i understand, so according to what you are saying Michael,
> all i need to do now is(if i understood correctly):
> sig.setExternalDigest(signedHash, null, "RSA");
> when i have the digest/hash signed.
> this signedHash doesnt have those 3 bytes.
>
> weird th
Hey, i think i understand, so according to what you are saying Michael, all i
need to do now is(if i understood correctly):
sig.setExternalDigest(signedHash, null, "RSA");
when i have the digest/hash signed.
this signedHash doesnt have those 3 bytes.
weird thing is... i was able to verify the sig
Hi Michael,
thanks for the instant explanation.
This behaviour of the undelying PKCS11 implementation is a bit unexpected,
isn't it ? From the JavaDoc you would expect an ASN.1 structure ...
Greetings
Andreas
- original Nachricht
Betreff: Re: [iText-questions] Another in
P3d3r0s0,
P3d3r0s0 wrote:
> I found out where the 131 bytes come from, apparently its from the
> sig.getEncodedPKCS1() array.
> This array is the same as the signedHash array (128 bytes) but with 3
> extra bytes ({4}{-127}{-128}), these bytes never change.
> Is this normal behaviour?
This byte[]
First of all, sorry for double post, second thanks for Andreas for all your
help.
I found out where the 131 bytes come from, apparently its from the
sig.getEncodedPKCS1() array.
This array is the same as the signedHash array (128 bytes) but with 3 extra
bytes ({4}{-127}{-128}), these bytes never
Hello :)
I can show you the code i use to initialize the builder i use to get the
keystore,
from what i understand it uses a pkcs11 library to get its provider and a
handler that eventually asks for the smarcard's pin.
code:
private static void initBuilder(){
try {
Nachricht
Betreff: Re: [iText-questions] Another invalid signature thread
Gesendet: Do, 21. Okt 2010
Von: P3d3r0s0
>
> Thanks a lot for your reply, i thought the problem was either when i
> generated the hash or when i sign it. The problem with the CcMethods
> documentation is that
Thanks a lot for your reply, i thought the problem was either when i
generated the hash or when i sign it. The problem with the CcMethods
documentation is that i made that class :P
this is the code for the signing method:
// Signs given hash
public static byte[] sign(by
f: Re: [iText-questions] Another invalid signature thread
Gesendet: Do, 21. Okt 2010
Von: P3d3r0s0
>
> Hey, i have a sample here:
> http://www.filefactory.com/file/b3gd1ce/n/signed.pdf
>
> Im really out of ideas.
> Regards
> --
> View this message in context:
>
Hey, i have a sample here:
http://www.filefactory.com/file/b3gd1ce/n/signed.pdf
Im really out of ideas.
Regards
--
View this message in context:
http://itext-general.2136553.n4.nabble.com/Another-invalid-signature-thread-tp3003710p3005238.html
Sent from the iText - General mailing list archive
Hi,
interesting pictures, but a sample PDF would be more useful. Many reasons can
cause these messages ...
Greetings
Andreas
- original Nachricht
Betreff: Re: [iText-questions] Another invalid signature thread
Gesendet: Mi, 20. Okt 2010
Von: P3d3r0s0
>
> this is a sample
this is a sample of the signature on the pdf:
http://itext-general.2136553.n4.nabble.com/file/n3003983/docAltered.jpg
this show that the hash algorithm was found:
http://itext-general.2136553.n4.nabble.com/file/n3003983/docAlgo.jpg
if theres anymore information i can give just let me know, im
Hey, ive seen a lot of invalid signature threads, but none seems to fix my
problem.
Im signing a pdf using Itext (in java) but i always get the invalid
signature error.
Weird thing is, i can see the algorithm using for signing and the
certificates used on the pdf's properties, the error message sa
38 matches
Mail list logo
