headers
Raffaele | 1 Feb 09:55
Picon
Favicon

Re: Insert TimeStamping with external digest

Hi Michael,
thanks in advance for your reply :)

When i say that the result are 2 signature, it mean that when i open the pdf
file with Acrobat X, in the sign panel, i see 2 sign.

I would have the timestamp attribute for the sign.

The code that you've indicated i think that isn't for me because as you can
see from the code, i haven't an OCSP. In fact the certificate is a byte
array that ii in the response of the WebService that sign the hash.

Any suggestion?

--
View this message in context: http://itext-general.2136553.n4.nabble.com/Insert-TimeStamping-with-external-digest-tp4344945p4347270.html
Sent from the iText - General mailing list archive at Nabble.com.

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
iText-questions mailing list
iText-questions <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
(Continue reading)

Permalink | Reply | 20 comments |
headers
mkl | 1 Feb 10:26
Favicon

Re: Sign and PDF with SmartCard and web browser only

Andreas, Max,

Andreas Kuehne-3 wrote
> For curiosity I took a look at the signature, too. Here's what I got:
> 
> 2012-01-31 20:04:13,281 ERROR (http-0.0.0.0-8080-7)
> [de.trustable.signingserver.Verifier] Signature ERROR from signer # 0 :
> javax.crypto.BadPaddingException: Invalid PKCS#1 padding: encrypted
> message and modulus lengths do not match!

Oops, you're right of course. I didn't look into the logs here as I got back
a report complaining about the untrusted root and, falsely, deduced that
everything (including the signature) could be properly decoded. In the logs
I now also find

javax.crypto.BadPaddingException: Data must start with zero
        at sun.security.rsa.RSAPadding.unpadV15(RSAPadding.java:308)
        at ...

> The decrypted signature content difinitly doesn't look like having a
> padding applied: This problem usually stems from unmatching signing keys /
> certificates.

Max uses the iText utility class PdfPKCS7:

            PdfPKCS7 sig = new PdfPKCS7(null, certChain, null, "SHA-256",
null, false); 
            sig.setExternalDigest(hash, data, "RSA"); 
            [...]
            byte[] ssig = sig.getEncodedPKCS7(null, cal, null, ocsp);
(Continue reading)

Permalink | Reply | 23 comments |
headers
Valentin Ivanov | 1 Feb 10:48
Picon
Favicon

Re: SunPKC11 Exception when signing PDF

Hi Andreas,

i know it looks strange, but I have write to my Provider and they told me
nothing is wrong.
And there is something i would like to tell you :

if this line *sap.setExternalDigest(new byte[128], new byte[20], "RSA");*
exist in the code i can sign exactly 50 files, but if the line do not exist
i can sign exactly 100 files. So could you tell me know whay this happens. I
can poste the code here, it is the same as 
http://itextpdf.sourceforge.net/howtosign.html#signextstd HERE  (the part
with external diges and signature). I wish I could give you the .dll
provider but i am not allowed to!!!

--
View this message in context: http://itext-general.2136553.n4.nabble.com/SunPKC11-Exception-when-signing-PDF-tp4340293p4347348.html
Sent from the iText - General mailing list archive at Nabble.com.

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
iText-questions mailing list
iText-questions <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
(Continue reading)

Permalink | Reply | 11 comments |
headers
mkl | 1 Feb 11:28
Favicon

Re: Insert TimeStamping with external digest

Raffaele,

Raffaele wrote
> When i say that the result are 2 signature, it mean that when i open the
> pdf file with Acrobat X, in the sign panel, i see 2 sign.

Actually I would have expected you to see one document signature and one
document time stamp on that panel, not two signatures. Look at the icons,
they are different! And there also is some text line hinting at the fact
that the second item actually is a time stamp.

Unfortunately the Adobe Reader (in German) calls the time stamp item a
"Zeitstempelsignatur" ('time stamp signature') or even a "Signatur"
('signature') which technically may be acceptable (as RFC 3161 time stamps
are close cousins to CMS signature containers) but legally is a no-go
(during some product certification that has been hammered into us).

> I would have the timestamp attribute for the sign.
> 
> The code that you've indicated i think that isn't for me because as you
> can see from the code, i haven't an OCSP.

That's why I suggested looking there for inspiration, not for something to
copy. ;)

> Using the code [...] with ocsp null, i have a "NullReference Exception"
> to: sgn.Update(sh, 0, sh.Length);
> 
> Any suggestion?
(Continue reading)

Permalink | Reply | 19 comments |

Gmane