On 12/15/2013 12:13 PM, Eric Chow wrote:
> what else I need to added?
Did you add revocation info for the time stamp (if any)?
Did you use the logging system to find out if all revocation info was
actually found?
You need to verify all of this yourself.
--
v.addVerification(sigName, ocspClient,
new CrlClientOnline(chain),
LtvVerification.CertificateOption.WHOLE_CHAIN,
LtvVerification.Level.OCSP,
LtvVerification.CertificateInclusion.YES);
As you can see I already added
On 12/13/2013 8:41 AM, Eric Chow wrote:
> But after the PDF signed, I open with Acrobat reader, it just shows
> LTV not enabled!
You are responsible to add all the revocation info (CRL and/or OSCP) for
ALL the certificates involved (except, of course, the root
certificates). If Adobe Reader says
On 12/14/2013 6:37 PM, Rinkesh wrote:
>
> Anything else I need to do?
You are responsible to add all the revocation info (CRL and/or OSCP) for
ALL the certificates involved (except, of course, the root
certificates). If Adobe Reader says your signed PDF isn't LTV-enabled,
you forgot at least on
-Original Message-
From: "Eric Chow"
Sent: 13-12-2013 13:15
To: "Post all your questions about iText here"
Subject: [iText-questions] LTV problem?
Hello,
I follow the example from iText examples to add LtvVerification to the code as
following.
But after th
Hello,
I follow the example from iText examples to add LtvVerification to the code
as following.
But after the PDF signed, I open with Acrobat reader, it just shows LTV not
enabled!
Anything else I need to do? I am using iText-5.4.5.
Please help.
Best regards,
Eric
tsaClient = new TSAClientBo
When adding LTV verification to signature with Adobe i see
--
Erik--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/app
Just posted the differences between this code and the original one:
Instead of a CrlClient, provide a List as parameter.
Use a for loop to match the certificate against each of the CRL clients in
the list.
I just remembered that, with some PDF files, it was giving me a "Not enough
space"
Paulo Soares-4 wrote
> Post your code, please.
Here it is:
public boolean addVerification(String signatureName, OcspClient ocsp, List
crls, CertificateOption certOption, Level level, CertificateInclusion
certInclude) throws IOException, GeneralSecurityException {...if
(crls != null && !crl
Post your code, please.
Paulo
On Wed, Feb 13, 2013 at 4:45 PM, ardamose123 wrote:
> Last week, I was tinkering with iText code in the repo and came up with a
> solution to enable LTV. There was two problems in this case:
>
> The HSM I'm using doesn't have the complete certificate chain, just the
Last week, I was tinkering with iText code in the repo and came up with a
solution to enable LTV.There was two problems in this case:
The HSM I'm using doesn't have the complete certificate chain, just the
signing certificate. Fixed by "manually" building the chain from a keystore
where the needed
Update: I corrected the PdfStamper constructor to use append mode (omit the
second constructor in the previous mail).Now, the signature is OK, but it
shows as not being LTV-enabled. Am I using addVerification() in a wrong way,
using wrong parameters, or should I use it in other signatures not liste
iText Info wrote
> It's perfectly OK to add a DSS without a timestamp. It's sufficient to
> create a PdfStamper "the normal way" to add a DSS without a Document-Level
> Timestamp.
I followed your recommendation, using the following code with an
already-signed document with one signature/revision l
Op 7/02/2013 9:37, Andreas Kuehne schreef:
> If Yoda is a crypto developer, I might tell this to the padawan.
;-)
--
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and ge
> I have tried to get this done, but it I've invested dozens of hours of
> trying various changes to the snippets in the Digital Signature paper and
> reading of iText's Javadoc, but to no avail.
"The world of crypto ... now you entered ...
resilience and patience ... you must learn!"
If Yoda is a
Op 7/02/2013 0:30, ardamose123 schreef:
> Also, the Digital Signature paper
> indicates that when the DSS is added, a second revision appears in the
> document.
That's a misinterpretation of the white paper. The second revision
appears because of the Document-Level Timestamp, not because of the D
I am currently implementing a Java class to sign a PDF document using LTV.
After reading about LTV in this mailing list and in the Digital Signature
paper, I've read that DSS may not be necessary for a document to appear as
LTV-enabled in recent Acrobat Reader versions, as long as it contains all
Enabled for LTV has nothing to do with validity.
You may have set up everything for LTV BUT then someone else invalidated
the signature.
Leonard
On 1/10/13 7:52 AM, "mkl" wrote:
>Leonard,
>
>Leonard Rosenthol wrote
>> Our customers asked that we clearly identify a PDF that contained LTV
>>(v
Here is my understanding (I'll double check with the engineer when he gets
in).
LTV enabled means that all information necessary to validate the file
(minus root certs) is contained within. So this statement of yours would
be true.
the PDF is signed correctly and contains all necessary c
Op 9/01/2013 23:00, jv r schreef:
>
> I'm testing the example part3.chapter12.TimestampOCSP
>
> I have used the pkcs12 keystore to sign the document signature is
> valid and timestamp is added and LTV is activated.
>
OK...
> 1.- When the document is signed with pkcs12 is possible to deactive LTV
I'm testing the example part3.chapter12.TimestampOCSP
I have used the pkcs12 keystore to sign the document signature is valid and
timestamp is added and LTV is activated.
1.- When the document is signed with pkcs12 is possible to deactive LTV?
I have changed the keystore. Key and certificates us
21 matches
Mail list logo
