|

iText - General

PdfPKCS7 object without private key

View: New views

13 Messages — Rating Filter: Alert me

	PdfPKCS7 object without private key by mtrekker :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Does iText/iTextSharp allow creating PdfPKCS7 object when private key is not accessible ? (singing operation is done on the SmartCard). All I have is 1) a hash generated from the PDF content 2) X509 certificate 3) encrypted hash value If not, then do I have to write all PKCS7 releted from the scratch ? ------------------------------------------------------------------------------ _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
	Re: PdfPKCS7 object without private key by Paulo Soares-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message You'll have to use an external signature. See http://itextpdf.sourceforge.net/howtosign.html#signextitextsharp2 for an example. Paulo > -----Original Message----- > From: Mikro Trekker [mailto:mtrekker@...] > Sent: Thursday, June 25, 2009 1:26 PM > To: itext-questions@... > Subject: [iText-questions] PdfPKCS7 object without private key > > Hi, > > Does iText/iTextSharp allow creating PdfPKCS7 object when > private key is > not accessible ? (singing operation is done on the SmartCard). All I > have is > 1) a hash generated from the PDF content > 2) X509 certificate > 3) encrypted hash value > > If not, then do I have to write all PKCS7 releted from the scratch ? > > -------------------------------------------------------------- > ---------------- > _______________________________________________ > iText-questions mailing list > iText-questions@... > https://lists.sourceforge.net/lists/listinfo/itext-questions > > Buy the iText book: http://www.1t3xt.com/docs/book.php > Check the site with examples before you ask questions: > http://www.1t3xt.info/examples/ > You can also search the keywords list: > http://1t3xt.info/tutorials/keywords/ > Aviso Legal: Esta mensagem é destinada exclusivamente ao destinatário. Pode conter informação confidencial ou legalmente protegida. A incorrecta transmissão desta mensagem não significa a perca de confidencialidade. Se esta mensagem for recebida por engano, por favor envie-a de volta para o remetente e apague-a do seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de usar, revelar ou distribuir qualquer parte desta mensagem. Disclaimer: This message is destined exclusively to the intended receiver. It may contain confidential or legally protected information. The incorrect transmission of this message does not mean the loss of its confidentiality. If this message is received by mistake, please send it back to the sender and delete it from your system immediately. It is forbidden to any person who is not the intended receiver to use, distribute or copy any part of this message. ------------------------------------------------------------------------------ _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
	Re: PdfPKCS7 object without private key by mtrekker :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I created external digest using SetExternalDigest. But for some reason PDF says "An error occured while attempting to validate this signature". Here is what I do: 1) I calculate SHA1 hash from the PDF content (digest variable) 2) this hash is signed on the SmartCard and returned as rsadata variable public static void SignUsingMartCard(string filename, string outfile) { X509Certificate2 card = GetCertificate(); Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(card.RawData) }; PdfReader reader = new PdfReader(filename); PdfStamper stp = PdfStamper.CreateSignature(reader, new FileStream(outfile, FileMode.Create), '\0'); PdfSignatureAppearance sap = stp.SignatureAppearance; sap.SetVisibleSignature(new Rectangle(100, 100, 300, 200), 1, null); sap.SignDate = DateTime.Now; sap.SetCrypto(null, chain, null, null); sap.Reason = "I like to sign using C#"; sap.Location = "Universe"; sap.Acro6Layers = true; sap.Render = PdfSignatureAppearance.SignatureRender.NameAndDescription; PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_SHA1); dic.Date = new PdfDate(sap.SignDate); dic.Name = PdfPKCS7.GetSubjectFields(chain[0]).GetField("CN"); if (sap.Reason != null) dic.Reason = sap.Reason; if (sap.Location != null) dic.Location = sap.Location; sap.CryptoDictionary = dic; sap.SetExternalDigest(new byte[20], new byte[128], "SHA1"); int csize = 1280; Hashtable exc = new Hashtable(); exc[PdfName.CONTENTS] = csize * 2 + 2; sap.PreClose(exc); Stream s = sap.RangeStream; MemoryStream ss = new MemoryStream(); int read = 0; byte[] buff = new byte[8192]; while ((read = s.Read(buff, 0, 8192)) > 0) { ss.Write(buff, 0, read); } // access SmartCard // calculate SHA1 hash from ss.ToArray -> digest // sign SHA1 hash -> rsadata GetExternalBytes(ss.ToArray(), ref digest, ref rsadata); PdfPKCS7 pk7 = new PdfPKCS7(null, chain, null, "SHA1", false); pk7.SetExternalDigest(digest, rsadata, "RSA"); byte[] pk = pk7.GetEncodedPKCS7(); byte[] outc = new byte[csize]; PdfDictionary dic2 = new PdfDictionary(); Array.Copy(pk, 0, outc, 0, pk.Length); dic2.Put(PdfName.CONTENTS, new PdfString(outc).SetHexWriting(true)); sap.Close(dic2); } ------------------------------------------------------------------------------ _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
	Re: PdfPKCS7 object without private key by mtrekker :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message The example link you provided works fine as it uses Windows CSP driver. I need to use opensc-pkcs11 driver. All I need to know is how to create PdfPKCS7 object, right ? Can somebody take a look on my previous post and see what's wrong with the code ??? ------------------------------------------------------------------------------ _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
	Re: PdfPKCS7 object without private key by Andreas Kuehne-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Can you provide the 'broken' signed PDF ? Some problems are more obvious ther than in the code ... Greetings Andreas ----- Original Message ---- From: Mikro Trekker <mtrekker@...> To: iText-questions@... Sent: Friday, June 26, 2009 11:07:12 AM Subject: Re: [iText-questions] PdfPKCS7 object without private key The example link you provided works fine as it uses Windows CSP driver. I need to use opensc-pkcs11 driver. All I need to know is how to create PdfPKCS7 object, right ? Can somebody take a look on my previous post and see what's wrong with the code ??? ------------------------------------------------------------------------------ _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/ ------------------------------------------------------------------------------ _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
	Re: PdfPKCS7 object without private key by mtrekker :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Here you go: http://hot.ee/mtrekker/HelloWorld2.pdf ------------------------------------------------------------------------------ _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
	Re: PdfPKCS7 object without private key by Andreas Kuehne :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi ! After first look i like to note that it says filter is adbe.PKCS7.sha1 , but the signature seems to be a usual detached one. Does this help you along ? Greetings Andreas ----- Ursprüngliche Nachricht ----- Von: Mikro Trekker <mtrekker@...> Gesendet: Freitag, 26. Juni 2009 14:00 An: iText-questions@... Betreff: Re: [iText-questions] PdfPKCS7 object without private key Here you go: http://hot.ee/mtrekker/HelloWorld2.pdf ------------------------------------------------------------------------------ _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/ ------------------------------------------------------------------------------ _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
	Re: PdfPKCS7 object without private key by mtrekker :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message If filter is adobe.PKCS7.sha1 and I would like to create hashed siganture then how to achieve it ? If you take a look on my posted code and correct me if it is correct to call sap.SetExternalDigest twice ? And what about SetExternalDigest function paramers ? 1) Digest is signed hash, correct ? 2) RsaData is what ? ------------------------------------------------------------------------------ _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
	Re: PdfPKCS7 object without private key by mkl :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Mikro, Mikro Trekker wrote: If filter is adobe.PKCS7.sha1 and I would like to create hashed siganture then how to achieve it ? A good starting point would be studying the PDF Ref (ISO32000-1:2008) chapter 12.8.3.3 "PKCS#7 Signatures as used in ISO 32000" and additionally RFC 2315 on PKCS #7 while keeping in mind RFC 3852 and follow-ups on CMS. You might want to re-evaluate your requirements before, though, as adobe.PKCS7.sha1 implies the use of a fairly unsafe algorithm (SHA1). The PDF Ref recommends: "The format for encoding signature values should be adbe.pkcs7.detached. This encoding allows the most options in terms of algorithm use." BTW, RSA/1024 and MD5 aren't good choices for algorithms anymore, either. If you want to sign without knowing what you are doing, you might want to simply do as Paulo says, Paulo Soares wrote: You'll have to use an external signature. See http://itextpdf.sourceforge.net/howtosign.html#signextitextsharp2 for an example. without any further ado. Regards, Michael.
	Re: PdfPKCS7 object without private key by mtrekker :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I followed Acrobat's document "Signing and the Byte Range" : 1) I hash PDF ByteStream data using SHA1 2) this hash is being encrypted using SmartCard internals (mechanism SHA1_RSA) "The hash value is encrypted with the signer’s private key using a supported RSA or DSA signature algorithm. A signature object is generated. By default, it is a PKCS#7 object." And now I am wondering is there any PdfPKCS7 API function I can use to SET this encrypted hash value ??? public static void SignUsingMartCard(string filename, string outfile) { X509Certificate2 card = GetCertificate(); Org.BouncyCastle.X509.X509CertificateParser cp = new Org.BouncyCastle.X509.X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate[] chain = new Org.BouncyCastle.X509.X509Certificate[] { cp.ReadCertificate(card.RawData) }; PdfReader reader = new PdfReader(filename); PdfStamper stp = PdfStamper.CreateSignature(reader, new FileStream(outfile, FileMode.Create), '\0'); PdfSignatureAppearance sap = stp.SignatureAppearance; sap.SetVisibleSignature(new Rectangle(100, 100, 300, 200), 1, null); sap.SignDate = DateTime.Now; sap.SetCrypto(null, chain, null, null); sap.Reason = "I like to sign using C#"; sap.Location = "Universe"; sap.Acro6Layers = true; sap.Render = PdfSignatureAppearance.SignatureRender.NameAndDescription; PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_DETACHED); dic.Date = new PdfDate(sap.SignDate); dic.Name = PdfPKCS7.GetSubjectFields(chain[0]).GetField("CN"); if (sap.Reason != null) dic.Reason = sap.Reason; if (sap.Location != null) dic.Location = sap.Location; sap.CryptoDictionary = dic; int csize = 2048; Hashtable exc = new Hashtable(); exc[PdfName.CONTENTS] = csize * 2 + 2; sap.PreClose(exc); Stream s = sap.RangeStream; MemoryStream ss = new MemoryStream(); int read = 0; byte[] buff = new byte[8192]; while ((read = s.Read(buff, 0, 8192)) > 0) { ss.Write(buff, 0, read); } GetExternalBytes(ss.ToArray(), ref digest, ref signature); PdfPKCS7 pk7 = new PdfPKCS7(null, chain, null, "SHA1", false); pk7.SetExternalDigest(digest, null, "RSA"); byte[] pk = pk7.GetEncodedPKCS7(); byte[] outc = new byte[csize]; PdfDictionary dic2 = new PdfDictionary(); Array.Copy(pk, 0, outc, 0, pk.Length); dic2.Put(PdfName.CONTENTS, new PdfString(outc).SetHexWriting(true)); sap.Close(dic2); } ------------------------------------------------------------------------------ _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
	Re: PdfPKCS7 object without private key by mkl :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Mikro, Mikro Trekker wrote: PdfPKCS7 pk7 = new PdfPKCS7(null, chain, null, "SHA1", false); The final parameter of the constructor, the boolean hasRSAdata, is documented in the method Javadoc as "<CODE>true</CODE> if the sub-filter is adbe.pkcs7.sha1". Isn't that your sub-filter of choice? Could that "false" be the problem? As I only have the iText Java sources here, not the C# source, I'm not completely sure if this comment is valid for your situation, though. Regards, Michael.
	Re: PdfPKCS7 object without private key by mtrekker :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message It didn't help. I used filter PdfName.ADBE_PKCS7_SHA1 and set hasRsaData to true. PdfPKCS7 pk7 = new PdfPKCS7(null, chain, null, "SHA1", true); pk7.SetExternalDigest(digest, rsadata, "RSA"); reader's signature panel says that an error ocecured while attempting to validate this signature. ------------------------------------------------------------------------------ _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
	Re: PdfPKCS7 object without private key by JuanM :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, i am having the same problem, did you solved it??, Best Regards, JM Diaz mtrekker wrote: It didn't help. I used filter PdfName.ADBE_PKCS7_SHA1 and set hasRsaData to true. PdfPKCS7 pk7 = new PdfPKCS7(null, chain, null, "SHA1", true); pk7.SetExternalDigest(digest, rsadata, "RSA"); reader's signature panel says that an error ocecured while attempting to validate this signature. ------------------------------------------------------------------------------ _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/