« Return to Thread: External signature not valid
Re: External signature not valid
by Paulo Soares-3
::
Rate this Message:
If you're using an external signature PdfPKCS7 can't be called and
everything must be done outside. The way to do it will depend on what the
smartcard returns, it's impossible to debug without having access to the
environment.
Paulo
----- Original Message -----
From: "Mikro Trekker" <mtrekker@...>
To: <itextsharp-questions@...>
Sent: Monday, June 29, 2009 8:37 PM
Subject: [itextsharp-questions] External signature not valid
I am trying to create external signature using SmartCard.
1) I hash PDF's ByteStream data using SHA1
2) this hash is being encrypted using SmartCard internals (mechanism
SHA1_RSA)
3) can't use MS API like described here:
http://itextpdf.sourceforge.net/howtosign.html#signextitextsharp2.
I end up with Reader error complayining "an error occured while
attempting to validate this signature". What am I doing wrong ?
public static void SignUsingMartCard(string filename, string outfile)
{
X509Certificate2 card = GetCertificate();
Org.BouncyCastle.X509.X509CertificateParser cp = new
Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new
Org.BouncyCastle.X509.X509Certificate[] {
cp.ReadCertificate(card.RawData) };
PdfReader reader = new PdfReader(filename);
PdfStamper stp = PdfStamper.CreateSignature(reader, new
FileStream(outfile, FileMode.Create), '\0');
PdfSignatureAppearance sap = stp.SignatureAppearance;
sap.SetVisibleSignature(new Rectangle(100, 100, 300, 200), 1, null);
sap.SignDate = DateTime.Now;
sap.SetCrypto(null, chain, null, null);
sap.Reason = "I like to sign using C#";
sap.Location = "Universe";
sap.Acro6Layers = true;
sap.Render =
PdfSignatureAppearance.SignatureRender.NameAndDescription;
PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE,
PdfName.ADBE_PKCS7_DETACHED);
dic.Date = new PdfDate(sap.SignDate);
dic.Name = PdfPKCS7.GetSubjectFields(chain[0]).GetField("CN");
if (sap.Reason != null)
dic.Reason = sap.Reason;
if (sap.Location != null)
dic.Location = sap.Location;
sap.CryptoDictionary = dic;
int csize = 2048;
Hashtable exc = new Hashtable();
exc[PdfName.CONTENTS] = csize * 2 + 2;
sap.PreClose(exc);
Stream s = sap.RangeStream;
MemoryStream ss = new MemoryStream();
int read = 0;
byte[] buff = new byte[8192];
while ((read = s.Read(buff, 0, 8192)) > 0)
{
ss.Write(buff, 0, read);
}
GetExternalBytes(ss.ToArray(), ref digest, ref signature);
PdfPKCS7 pk7 = new PdfPKCS7(null, chain, null, "SHA1", true);
pk7.SetExternalDigest(digest, signature, "RSA");
byte[] pk = pk7.GetEncodedPKCS7();
byte[] outc = new byte[csize];
PdfDictionary dic2 = new PdfDictionary();
Array.Copy(pk, 0, outc, 0, pk.Length);
dic2.Put(PdfName.CONTENTS, new PdfString(outc).SetHexWriting(true));
sap.Close(dic2);
}
------------------------------------------------------------------------------
_______________________________________________
itextsharp-questions mailing list
itextsharp-questions@...
https://lists.sourceforge.net/lists/listinfo/itextsharp-questions
everything must be done outside. The way to do it will depend on what the
smartcard returns, it's impossible to debug without having access to the
environment.
Paulo
----- Original Message -----
From: "Mikro Trekker" <mtrekker@...>
To: <itextsharp-questions@...>
Sent: Monday, June 29, 2009 8:37 PM
Subject: [itextsharp-questions] External signature not valid
I am trying to create external signature using SmartCard.
1) I hash PDF's ByteStream data using SHA1
2) this hash is being encrypted using SmartCard internals (mechanism
SHA1_RSA)
3) can't use MS API like described here:
http://itextpdf.sourceforge.net/howtosign.html#signextitextsharp2.
I end up with Reader error complayining "an error occured while
attempting to validate this signature". What am I doing wrong ?
public static void SignUsingMartCard(string filename, string outfile)
{
X509Certificate2 card = GetCertificate();
Org.BouncyCastle.X509.X509CertificateParser cp = new
Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate[] chain = new
Org.BouncyCastle.X509.X509Certificate[] {
cp.ReadCertificate(card.RawData) };
PdfReader reader = new PdfReader(filename);
PdfStamper stp = PdfStamper.CreateSignature(reader, new
FileStream(outfile, FileMode.Create), '\0');
PdfSignatureAppearance sap = stp.SignatureAppearance;
sap.SetVisibleSignature(new Rectangle(100, 100, 300, 200), 1, null);
sap.SignDate = DateTime.Now;
sap.SetCrypto(null, chain, null, null);
sap.Reason = "I like to sign using C#";
sap.Location = "Universe";
sap.Acro6Layers = true;
sap.Render =
PdfSignatureAppearance.SignatureRender.NameAndDescription;
PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE,
PdfName.ADBE_PKCS7_DETACHED);
dic.Date = new PdfDate(sap.SignDate);
dic.Name = PdfPKCS7.GetSubjectFields(chain[0]).GetField("CN");
if (sap.Reason != null)
dic.Reason = sap.Reason;
if (sap.Location != null)
dic.Location = sap.Location;
sap.CryptoDictionary = dic;
int csize = 2048;
Hashtable exc = new Hashtable();
exc[PdfName.CONTENTS] = csize * 2 + 2;
sap.PreClose(exc);
Stream s = sap.RangeStream;
MemoryStream ss = new MemoryStream();
int read = 0;
byte[] buff = new byte[8192];
while ((read = s.Read(buff, 0, 8192)) > 0)
{
ss.Write(buff, 0, read);
}
GetExternalBytes(ss.ToArray(), ref digest, ref signature);
PdfPKCS7 pk7 = new PdfPKCS7(null, chain, null, "SHA1", true);
pk7.SetExternalDigest(digest, signature, "RSA");
byte[] pk = pk7.GetEncodedPKCS7();
byte[] outc = new byte[csize];
PdfDictionary dic2 = new PdfDictionary();
Array.Copy(pk, 0, outc, 0, pk.Length);
dic2.Put(PdfName.CONTENTS, new PdfString(outc).SetHexWriting(true));
sap.Close(dic2);
}
------------------------------------------------------------------------------
_______________________________________________
itextsharp-questions mailing list
itextsharp-questions@...
https://lists.sourceforge.net/lists/listinfo/itextsharp-questions
« Return to Thread: External signature not valid
| Free embeddable forum powered by Nabble | Forum Help |
