Hello Thomas, Thank you for your very detailed answers! It helps me a lot!
I don't work work with encripted documents, so I can upgrade the BC version to 1.50. The signing and the timestamping works fine! My solution: - Using setPreferedSignatureSize method - thank you, thank you :) - Using CMSSignedDataGenerator (http://www.cryptoworkshop.com/guide/) - Using TimeStampResponse.getTimeStampToken().getEncoded() instead of TimeStampResponse.getEncoded() - Using the hash of the signature to timestamp instead of the digest of the document. For example: http://p2p.wrox.com/book-beginning-cryptography-java/76182-problems-while-verifying-embedded-timestamp-signature.html - Foxit reader don't support BER encoding. You should transcode to DER: ByteArrayOutputStream baos = new ByteArrayOutputStream(); new DEROutputStream(baos).writeObject(signedData.toASN1Structure()); return baos.toByteArray(); Only one problem left: - My document is signed, but not certificated. How can I set the certification level? (Equivalent to appearance.setCertificationLevel(PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED); in iText) -- Viczián István 2013/12/19 Thomas Chojecki <[email protected]>: > > Zitat von István Viczián <[email protected]>: > >> Hello, > > Hi, > > >> >> I'm trying to sign and timestamp my PDF document. >> pdfbox 1.8.3 >> bcmail-jdk15on 1.50 >> The signing works fine, the Adobe Acrobat Reader shows the certificate >> correctly. > > > pdfbox 1.8.3 normally require bc in the version 1.44. I think newer will > also work if you do not work with encrypted documents. You can also try to > work with the pdfbox 2.0.0 snapshot if you need to use bc in version 1.46 or > newer. The signing code is identical, so you will have the same results with > 1.8.3 and 2.0.0. > > https://repository.apache.org/content/groups/snapshots/org/apache/pdfbox/pdfbox/2.0.0-SNAPSHOT/ > > >> Based on the the sample app: >> http://media-nation.de/~rayman2200/PDFBox-SignExample.zip > > This example was updated and ported a while ago into the pdfbox-examples. > You can find it in the svn. Just checkout the src from: > > svn checkout http://svn.apache.org/repos/asf/pdfbox/trunk/ > > But I haven't add any timestamp examples yet. > > >> (But the Foxit Reader not! Signing with other PDF library - you know >> which - the Foxit Reader shows the certificate right.) >> >> But the timestamping does not work. Calling >> .setSignedAttributeGenerator I don't see any timestamp, the size of >> the pdf doesn't change. > > > How did you created the timestamp? which format you are using (RFC3161 works > for me)? You can also try to do a signature timestamp instead of a content > timestamp. Maybe the foxit reader does not support content timestamps. > > >> With gen.generate(msg, true); the exception is: >> >> java.io.IOException: Can't write signature, not enough space >> >> How can I add space for signature? > > > This exception is a good point. So your timestamp was added to the cms > structure but it was too large to fit into the predefined gap. > > You can increase the size with setPreferedSignatureSize(...) inside the > SignatureOptions. For the right size of the signature you need to > experiment. A good start is to take the size of the certificates / > certificate chain you are adding into the signature and all additional > attributes like the timestamp. > > >> >> I don't find any example for timestamping pdf. Could you send me one? > > > I don't have any example right now, but you can search the net for creating > cms signatures with timestamp. I found one for itext > > https://www.mail-archive.com/[email protected]/msg40287.html > > or this one > > http://bouncy-castle.1462172.n4.nabble.com/Insert-Time-stamp-into-CMS-Signed-Data-td1464065.html > > So try to use unsigned attribute for a signature timestamp or signed > attribute for a content timestamp. > > >> (I can post my source code, if it is necessary.) >> >> Same with BouncyCastle 1.49 with deprecated addSigner method. >> >> -- >> Viczián István > > > I hope this will help you a bit. If you have questions, just ask. > > Best regards > Thomas >
