Discussion:
[iText-questions] PDF multiple signatures problem
Diego C
2015-05-26 14:42:23 UTC
Permalink
Hi,
I am using an API that signs PDFs using an Aladdin token (Etoken pro Aladdin
72K) with RSA security. I am having trouble signing several PDFs in sequence
using the same certificate. What I want is for the RSA key to be requested
just once, as is the case with the token access password, which the API
stores in cache the first time it is entered. However, the RSA key is
requested every time a PDF is signed in sequence. Is it possible to send all
the PDFs into one container? Is there any other way to avoid entering the
RSA key n amount of times?
I am using the following code to hash and sign my documents:

----------------------------------------------------------------------------------->>
ByteBuffer outputStreamSigned = new ByteBuffer(); PdfStamper pdfStamper =
PdfStamper.createSignature(reader, outputStreamSigned, '\0', null, true);
PdfSignatureAppearance signatureApp = pdfStamper.getSignatureAppearance();
signatureApp.setCrypto(privateKey, signerCertificateChain, null,
PdfSignatureAppearance.WINCER_SIGNED);

X509Certificate userCert = (X509Certificate) signerCertificateChain[0];

// conf external ->
signatureApp.setExternalDigest(getPublicKeyBuffer(userCert), new byte[20],
"RSA");
signatureApp.preClose();
MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
byte buf[] = new byte[8192];
int n;
InputStream inp = signatureApp.getRangeStream();
while ((n = inp.read(buf)) > 0) {
messageDigest.update(buf, 0, n);
}
byte hash[] = messageDigest.digest();
PdfSigGenericPKCS pdfDict = signatureApp.getSigStandard();
PdfLiteral slit = (PdfLiteral) pdfDict.get(PdfName.CONTENTS);
byte[] outc = new byte[(slit.getPosLength() - 2) / 2];
PdfPKCS7 sig = pdfDict.getSigner();
Signature sign = Signature.getInstance("SHA1withRSA");
sign.initSign(privateKey);
sign.update(hash);

sig.setExternalDigest(sign.sign(), hash, "RSA");
PdfDictionary dic = new PdfDictionary();

byte[] ssig = sig.getEncodedPKCS7(); /*<----Request RSA Key*/

System.arraycopy(ssig, 0, outc, 0, ssig.length);
dic.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true));
signatureApp.close(dic);

----------------------------------------------------------------------------------->>

Im using jre 6, itext 2.1.7
In the following post someone mentioned that the itext API was being re
implemented and that this may solve the problem of multiple signatures in
later versions.
http://itext.2136553.n4.nabble.com/Re-Using-eToken-with-secondary-authentication-format-td3772022.html#a3776183
Do you know if this has been solved?
Thanks in advance.

Regards,



--
View this message in context: http://itext.2136553.n4.nabble.com/PDF-multiple-signatures-problem-tp4660828.html
Sent from the iText mailing list archive at Nabble.com.

------------------------------------------------------------------------------
_______________________________________________
iText-questions mailing list
iText-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itext
iText mailing list
2015-05-27 07:06:46 UTC
Permalink
You are using a version of iText that should no longer be used:
http://stackoverflow.com/questions/25696851/can-itext-2-1-7-or-earlier-can-be-used-commercially
That version has been removed from all official servers because it is
not supported, nor are the signatures you are creating. When you use
WINCER_SIGNED, you create /adbe.pkcs7.sha1 signatures. These aren't
compliant with PAdES and will be deprecated in PDF 2.0. Read this book
for more info: http://itextpdf.com/book/digitalsignatures
Post by Diego C
Hi,
I am using an API that signs PDFs using an Aladdin token (Etoken pro Aladdin
72K) with RSA security. I am having trouble signing several PDFs in sequence
using the same certificate. What I want is for the RSA key to be requested
just once, as is the case with the token access password, which the API
stores in cache the first time it is entered. However, the RSA key is
requested every time a PDF is signed in sequence. Is it possible to send all
the PDFs into one container? Is there any other way to avoid entering the
RSA key n amount of times?
----------------------------------------------------------------------------------->>
ByteBuffer outputStreamSigned = new ByteBuffer(); PdfStamper pdfStamper =
PdfStamper.createSignature(reader, outputStreamSigned, '\0', null, true);
PdfSignatureAppearance signatureApp = pdfStamper.getSignatureAppearance();
signatureApp.setCrypto(privateKey, signerCertificateChain, null,
PdfSignatureAppearance.WINCER_SIGNED);

X509Certificate userCert = (X509Certificate) signerCertificateChain[0];

// conf external ->
signatureApp.setExternalDigest(getPublicKeyBuffer(userCert), new byte[20],
"RSA");
signatureApp.preClose();
MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
byte buf[] = new byte[8192];
int n;
InputStream inp = signatureApp.getRangeStream();
while ((n = inp.read(buf)) > 0) {
messageDigest.update(buf, 0, n);
}
byte hash[] = messageDigest.digest();
PdfSigGenericPKCS pdfDict = signatureApp.getSigStandard();
PdfLiteral slit = (PdfLiteral) pdfDict.get(PdfName.CONTENTS);
byte[] outc = new byte[(slit.getPosLength() - 2) / 2];
PdfPKCS7 sig = pdfDict.getSigner();
Signature sign = Signature.getInstance("SHA1withRSA");
sign.initSign(privateKey);
sign.update(hash);
sig.setExternalDigest(sign.sign(), hash, "RSA");
PdfDictionary dic = new PdfDictionary();
byte[] ssig = sig.getEncodedPKCS7(); /*<----Request RSA Key*/
System.arraycopy(ssig, 0, outc, 0, ssig.length);
dic.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true));
signatureApp.close(dic);
----------------------------------------------------------------------------------->>
Im using jre 6, itext 2.1.7
In the following post someone mentioned that the itext API was being re
implemented and that this may solve the problem of multiple signatures in
later versions.
http://itext.2136553.n4.nabble.com/Re-Using-eToken-with-secondary-authentication-format-td3772022.html#a3776183
Do you know if this has been solved?
Thanks in advance.
Regards,
--
View this message in context: http://itext.2136553.n4.nabble.com/PDF-multiple-signatures-problem-tp4660828.html
Sent from the iText mailing list archive at Nabble.com.
------------------------------------------------------------------------------
_______________________________________________
iText-questions mailing list
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
------------------------------------------------------------------------------
_______________________________________________
iText-questions mailing list
iText-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examp

Loading...