You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@pdfbox.apache.org by Petr Masopust <pe...@i.cz> on 2017/06/28 07:55:17 UTC
Signatures compatibility between pdfbox 1.8 and 2.0
Hello,
I have problem with pdfbox upgrade from version 1.8.12 to 2.0.3. I tried
also version 2.0.6 with same result. My task is little bit weird: I have
pkcs7 signature from external company, unsigned pdf file from another
and I have to insert that signature into pdf. Pdfbox version 1.8.12
works well but version 2.0.3 inserted signature has invalid checksum.
Signing times and signature sizes are same. Does anyone know what I am
doing wrong ? Or how to emulate old behavior to keep checksum same ? My
knowledge about pdf internals is limited but I have suspicion that
checksum is not computed only from original file.
Unfortunately, I cant send full pdf and signature but in attachment are
different parts. Left column is signature inserted by pdfbox 1.8.12 and
right by pdfbox 2.0.3. They look completely different - it looks to me
like old pdfbox inserts signature as some kind of invisible visible
signature.
Old pdbfox 1.8.12 code:
final RandomAccessBuffer scratch = new
RandomAccessBuffer();
final PDDocument doc = PDDocument.load(isLoad, scratch);
try {
final PDSignature signature = new PDSignature();
signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
signature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);
final Calendar calendar = Calendar.getInstance();
calendar.setTimeInMillis(signDate);
signature.setSignDate(calendar);
final SignatureOptions signatureOptions = new
SignatureOptions();
signatureOptions.setPreferedSignatureSize(signatureSize);
signatureOptions.setPage(1);
doc.addSignature(signature, sign ->
signatureEncoded, signatureOptions);
if (doc.getDocumentId() == null) {
doc.setDocumentId(0L);
}
saveIncremental(doc, is, os);
} finally {
doc.close();
scratch.close();
}
}
New pdfbox 2.0.3 code:
final PDDocument doc = PDDocument.load(isLoad);
try {
final PDSignature signature = new PDSignature();
signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
signature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);
final Calendar calendar = Calendar.getInstance();
calendar.setTimeInMillis(signDate);
signature.setSignDate(calendar);
final SignatureOptions signatureOptions = new
SignatureOptions();
signatureOptions.setPreferredSignatureSize(signatureSize);
signatureOptions.setPage(1);
doc.addSignature(signature, signatureOptions);
final ExternalSigningSupport externalSigningSupport =
doc.saveIncrementalForExternalSigning(sink);
externalSigningSupport.setSignature(signatureEncoded);
} finally {
doc.close();
}
Best regards
Petr Masopust
Re: Signatures compatibility between pdfbox 1.8 and 2.0
Posted by Tilman Hausherr <TH...@t-online.de>.
Am 28.06.2017 um 14:17 schrieb Petr Masopust:
> Result pdf's with external and classic signing are identical except 2
> lines at the end with ID:
>
> /ID [<FE878D62B4B60E4AA6C88609DB9E5ECA>
> <BBB2BC7BAEB141CFDA5C43A09B21D4C8>]
>
> vs.
>
> /ID [<FE878D62B4B60E4AA6C88609DB9E5ECA>
> <1033015934024A0B952703781E3A0B8E>]
>
> If checksum contains all content including new part with signature
> (except signature itself) it is obvious why checksum fails. Is
> possible to emulate addSignature algorithm from pdfbox 1.8.x in 2.0.x
> version ?
If you mean the /ID calculation - you could take the source code (in
COSWriter.java, search for COSName.ID) and compare / debug and then
build your own jar file.
If you mean the "addSignature algorithm" - don't know. It's quite
possible that there are fine differences in the way pdfs are written,
e.g. the sequence in dictionaries, etc. If the "external party" is
trying to mirror what you're doing and then passes the signature to you
- that will be really tricky, if not impossible. It would be better that
you pass the sequence to sign to this external party, and let them sign it.
Tilman
>
> Best regards
> Petr Masopust
>
> On 28.6.2017 13:12, Tilman Hausherr wrote:
>> Am 28.06.2017 um 10:24 schrieb Petr Masopust:
>>> sign(externalSigning.getContent()) is "called" by external company
>>> and I have only their result. They have also original file but I
>>> don't know their exact algorithm. I don't understand how can differ
>>> signature (or checksum to be precise) for the same pdf file (and
>>> other parameters like signing time) from different pdfbox versions ?
>>
>> I can't tell without having all the code. You write that it is called
>> but I don't see how. The problem is that to sign one doesn't just
>> need the original file, one needs the signed file with a dummy
>> signature content and then everything except that dummy is used as
>> input for the signature process. If the external company signs
>> independently, you two need to coordinate
>> "calendar.setTimeInMillis(signDate); " .
>>
>> What you could also try, considering that it worked with 1.8 which
>> had no "external signing" feature, is to use the classic signing in
>> 2.0.6. To use that, you don't call
>> "saveIncrementalForExternalSigning", instead you do this:
>>
>> doc.addSignature(signature, signatureInterface /* not
>> null */, signatureOptions);
>> doc.saveIncremental(fos); // this will result in a
>> call to signatureInterface.sign()
>> doc.close();
>> IOUtils.closeQuietly(signatureOptions);
>>
>> So whatever was done in the old version with sign() must be done here.
>>
>>
>>
>>
>> Tilman
>>
>>>
>>> Petr Masopust
>>>
>>> On 28.6.2017 10:16, Tilman Hausherr wrote:
>>>> Am 28.06.2017 um 10:11 schrieb Petr Masopust:
>>>>> Hello,
>>>>>
>>>>> signatureEncoded is equal to cmsSignature in your code. It is
>>>>> computed by external company and I don't know how they create it
>>>>> and have no control about their code. But their signature was
>>>>> correctly inserted with pdfbox 1.8.12 and has invalid checksum
>>>>> with pdfbox 2.0.3.
>>>>
>>>> But you did not call sign(externalSigning.getContent()), that is
>>>> the problem. So your code leaves it unclear where your signature
>>>> came from, i.e. whether it was calculated from the full PDF minus
>>>> the signature content area.
>>>>
>>>> Tilman
>>>>
>>>>
>>>>>
>>>>> Best regards
>>>>> Petr Masopust
>>>>>
>>>>> On 28.6.2017 10:04, Tilman Hausherr wrote:
>>>>>> Am 28.06.2017 um 09:55 schrieb Petr Masopust:
>>>>>>>
>>>>>>> final ExternalSigningSupport
>>>>>>> externalSigningSupport =
>>>>>>> doc.saveIncrementalForExternalSigning(sink);
>>>>>>> externalSigningSupport.setSignature(signatureEncoded);
>>>>>>
>>>>>>
>>>>>> It's too difficult to read your hex dump. However your code above
>>>>>> looks weird: signatureEncoded is never computed. In the
>>>>>> CreateVisibleSignature sample code, it looks like this:
>>>>>>
>>>>>>
>>>>>> ExternalSigningSupport externalSigning =
>>>>>> doc.saveIncrementalForExternalSigning(fos);
>>>>>> // invoke external signature service
>>>>>> byte[] cmsSignature =
>>>>>> sign(externalSigning.getContent());
>>>>>>
>>>>>> externalSigning.setSignature(cmsSignature);
>>>>>>
>>>>>> doc.close();
>>>>>>
>>>>>> signatureOptions.close();
>>>>>>
>>>>>>
>>>>>> I strongly recommend to start with the sample code.
>>>>>>
>>>>>> Tilman
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>>
>>>>>> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
>>>>>> For additional commands, e-mail: users-help@pdfbox.apache.org
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> *Petr Masopust*
>>>>> Programátor analytik
>>>>>
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>>
>>>>> *ICZ a.s.*
>>>>> Na hřebenech II 1718/10
>>>>> 140 00 Praha 4
>>>>> Česká republika
>>>>> www.i.cz
>>>>>
>>>>> *Tel.:* +420 222 271 578
>>>>> *GSM:* +420 724 429 623
>>>>> *Fax:* +420 222 271 112
>>>>> *E-mail:* petr.masopust@i.cz
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> *Petr Masopust*
>>> Programátor analytik
>>>
>>> ------------------------------------------------------------------------
>>>
>>>
>>> *ICZ a.s.*
>>> Na hřebenech II 1718/10
>>> 140 00 Praha 4
>>> Česká republika
>>> www.i.cz
>>>
>>> *Tel.:* +420 222 271 578
>>> *GSM:* +420 724 429 623
>>> *Fax:* +420 222 271 112
>>> *E-mail:* petr.masopust@i.cz
>>>
>>
>>
>
>
> --
>
> *Petr Masopust*
> Programátor analytik
>
> ------------------------------------------------------------------------
>
> *ICZ a.s.*
> Na hřebenech II 1718/10
> 140 00 Praha 4
> Česká republika
> www.i.cz
>
> *Tel.:* +420 222 271 578
> *GSM:* +420 724 429 623
> *Fax:* +420 222 271 112
> *E-mail:* petr.masopust@i.cz
>
Re: Signatures compatibility between pdfbox 1.8 and 2.0
Posted by Petr Masopust <pe...@i.cz>.
Result pdf's with external and classic signing are identical except 2
lines at the end with ID:
/ID [<FE878D62B4B60E4AA6C88609DB9E5ECA> <BBB2BC7BAEB141CFDA5C43A09B21D4C8>]
vs.
/ID [<FE878D62B4B60E4AA6C88609DB9E5ECA> <1033015934024A0B952703781E3A0B8E>]
If checksum contains all content including new part with signature
(except signature itself) it is obvious why checksum fails. Is possible
to emulate addSignature algorithm from pdfbox 1.8.x in 2.0.x version ?
Best regards
Petr Masopust
On 28.6.2017 13:12, Tilman Hausherr wrote:
> Am 28.06.2017 um 10:24 schrieb Petr Masopust:
>> sign(externalSigning.getContent()) is "called" by external company
>> and I have only their result. They have also original file but I
>> don't know their exact algorithm. I don't understand how can differ
>> signature (or checksum to be precise) for the same pdf file (and
>> other parameters like signing time) from different pdfbox versions ?
>
> I can't tell without having all the code. You write that it is called
> but I don't see how. The problem is that to sign one doesn't just need
> the original file, one needs the signed file with a dummy signature
> content and then everything except that dummy is used as input for the
> signature process. If the external company signs independently, you
> two need to coordinate "calendar.setTimeInMillis(signDate); " .
>
> What you could also try, considering that it worked with 1.8 which had
> no "external signing" feature, is to use the classic signing in 2.0.6.
> To use that, you don't call "saveIncrementalForExternalSigning",
> instead you do this:
>
> doc.addSignature(signature, signatureInterface /* not
> null */, signatureOptions);
> doc.saveIncremental(fos); // this will result in a
> call to signatureInterface.sign()
> doc.close();
> IOUtils.closeQuietly(signatureOptions);
>
> So whatever was done in the old version with sign() must be done here.
>
>
>
>
> Tilman
>
>>
>> Petr Masopust
>>
>> On 28.6.2017 10:16, Tilman Hausherr wrote:
>>> Am 28.06.2017 um 10:11 schrieb Petr Masopust:
>>>> Hello,
>>>>
>>>> signatureEncoded is equal to cmsSignature in your code. It is
>>>> computed by external company and I don't know how they create it
>>>> and have no control about their code. But their signature was
>>>> correctly inserted with pdfbox 1.8.12 and has invalid checksum with
>>>> pdfbox 2.0.3.
>>>
>>> But you did not call sign(externalSigning.getContent()), that is the
>>> problem. So your code leaves it unclear where your signature came
>>> from, i.e. whether it was calculated from the full PDF minus the
>>> signature content area.
>>>
>>> Tilman
>>>
>>>
>>>>
>>>> Best regards
>>>> Petr Masopust
>>>>
>>>> On 28.6.2017 10:04, Tilman Hausherr wrote:
>>>>> Am 28.06.2017 um 09:55 schrieb Petr Masopust:
>>>>>>
>>>>>> final ExternalSigningSupport
>>>>>> externalSigningSupport =
>>>>>> doc.saveIncrementalForExternalSigning(sink);
>>>>>> externalSigningSupport.setSignature(signatureEncoded);
>>>>>
>>>>>
>>>>> It's too difficult to read your hex dump. However your code above
>>>>> looks weird: signatureEncoded is never computed. In the
>>>>> CreateVisibleSignature sample code, it looks like this:
>>>>>
>>>>>
>>>>> ExternalSigningSupport externalSigning =
>>>>> doc.saveIncrementalForExternalSigning(fos);
>>>>> // invoke external signature service
>>>>> byte[] cmsSignature =
>>>>> sign(externalSigning.getContent());
>>>>>
>>>>> externalSigning.setSignature(cmsSignature);
>>>>>
>>>>> doc.close();
>>>>>
>>>>> signatureOptions.close();
>>>>>
>>>>>
>>>>> I strongly recommend to start with the sample code.
>>>>>
>>>>> Tilman
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
>>>>> For additional commands, e-mail: users-help@pdfbox.apache.org
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Petr Masopust*
>>>> Programátor analytik
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>>
>>>> *ICZ a.s.*
>>>> Na hřebenech II 1718/10
>>>> 140 00 Praha 4
>>>> Česká republika
>>>> www.i.cz
>>>>
>>>> *Tel.:* +420 222 271 578
>>>> *GSM:* +420 724 429 623
>>>> *Fax:* +420 222 271 112
>>>> *E-mail:* petr.masopust@i.cz
>>>>
>>>
>>>
>>
>>
>> --
>>
>> *Petr Masopust*
>> Programátor analytik
>>
>> ------------------------------------------------------------------------
>>
>> *ICZ a.s.*
>> Na hřebenech II 1718/10
>> 140 00 Praha 4
>> Česká republika
>> www.i.cz
>>
>> *Tel.:* +420 222 271 578
>> *GSM:* +420 724 429 623
>> *Fax:* +420 222 271 112
>> *E-mail:* petr.masopust@i.cz
>>
>
>
--
*Petr Masopust*
Programátor analytik
------------------------------------------------------------------------
*ICZ a.s.*
Na hřebenech II 1718/10
140 00 Praha 4
Česká republika
www.i.cz
*Tel.:* +420 222 271 578
*GSM:* +420 724 429 623
*Fax:* +420 222 271 112
*E-mail:* petr.masopust@i.cz
Re: Signatures compatibility between pdfbox 1.8 and 2.0
Posted by Tilman Hausherr <TH...@t-online.de>.
Am 28.06.2017 um 10:24 schrieb Petr Masopust:
> sign(externalSigning.getContent()) is "called" by external company and
> I have only their result. They have also original file but I don't
> know their exact algorithm. I don't understand how can differ
> signature (or checksum to be precise) for the same pdf file (and other
> parameters like signing time) from different pdfbox versions ?
I can't tell without having all the code. You write that it is called
but I don't see how. The problem is that to sign one doesn't just need
the original file, one needs the signed file with a dummy signature
content and then everything except that dummy is used as input for the
signature process. If the external company signs independently, you two
need to coordinate "calendar.setTimeInMillis(signDate); " .
What you could also try, considering that it worked with 1.8 which had
no "external signing" feature, is to use the classic signing in 2.0.6.
To use that, you don't call "saveIncrementalForExternalSigning", instead
you do this:
doc.addSignature(signature, signatureInterface /* not
null */, signatureOptions);
doc.saveIncremental(fos); // this will result in a call
to signatureInterface.sign()
doc.close();
IOUtils.closeQuietly(signatureOptions);
So whatever was done in the old version with sign() must be done here.
Tilman
>
> Petr Masopust
>
> On 28.6.2017 10:16, Tilman Hausherr wrote:
>> Am 28.06.2017 um 10:11 schrieb Petr Masopust:
>>> Hello,
>>>
>>> signatureEncoded is equal to cmsSignature in your code. It is
>>> computed by external company and I don't know how they create it and
>>> have no control about their code. But their signature was correctly
>>> inserted with pdfbox 1.8.12 and has invalid checksum with pdfbox 2.0.3.
>>
>> But you did not call sign(externalSigning.getContent()), that is the
>> problem. So your code leaves it unclear where your signature came
>> from, i.e. whether it was calculated from the full PDF minus the
>> signature content area.
>>
>> Tilman
>>
>>
>>>
>>> Best regards
>>> Petr Masopust
>>>
>>> On 28.6.2017 10:04, Tilman Hausherr wrote:
>>>> Am 28.06.2017 um 09:55 schrieb Petr Masopust:
>>>>>
>>>>> final ExternalSigningSupport
>>>>> externalSigningSupport = doc.saveIncrementalForExternalSigning(sink);
>>>>> externalSigningSupport.setSignature(signatureEncoded);
>>>>
>>>>
>>>> It's too difficult to read your hex dump. However your code above
>>>> looks weird: signatureEncoded is never computed. In the
>>>> CreateVisibleSignature sample code, it looks like this:
>>>>
>>>>
>>>> ExternalSigningSupport externalSigning =
>>>> doc.saveIncrementalForExternalSigning(fos);
>>>> // invoke external signature service
>>>> byte[] cmsSignature =
>>>> sign(externalSigning.getContent());
>>>>
>>>> externalSigning.setSignature(cmsSignature);
>>>>
>>>> doc.close();
>>>>
>>>> signatureOptions.close();
>>>>
>>>>
>>>> I strongly recommend to start with the sample code.
>>>>
>>>> Tilman
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
>>>> For additional commands, e-mail: users-help@pdfbox.apache.org
>>>>
>>>
>>>
>>> --
>>>
>>> *Petr Masopust*
>>> Programátor analytik
>>>
>>> ------------------------------------------------------------------------
>>>
>>>
>>> *ICZ a.s.*
>>> Na hřebenech II 1718/10
>>> 140 00 Praha 4
>>> Česká republika
>>> www.i.cz
>>>
>>> *Tel.:* +420 222 271 578
>>> *GSM:* +420 724 429 623
>>> *Fax:* +420 222 271 112
>>> *E-mail:* petr.masopust@i.cz
>>>
>>
>>
>
>
> --
>
> *Petr Masopust*
> Programátor analytik
>
> ------------------------------------------------------------------------
>
> *ICZ a.s.*
> Na hřebenech II 1718/10
> 140 00 Praha 4
> Česká republika
> www.i.cz
>
> *Tel.:* +420 222 271 578
> *GSM:* +420 724 429 623
> *Fax:* +420 222 271 112
> *E-mail:* petr.masopust@i.cz
>
Re: Signatures compatibility between pdfbox 1.8 and 2.0
Posted by Petr Masopust <pe...@i.cz>.
sign(externalSigning.getContent()) is "called" by external company and I
have only their result. They have also original file but I don't know
their exact algorithm. I don't understand how can differ signature (or
checksum to be precise) for the same pdf file (and other parameters like
signing time) from different pdfbox versions ?
Petr Masopust
On 28.6.2017 10:16, Tilman Hausherr wrote:
> Am 28.06.2017 um 10:11 schrieb Petr Masopust:
>> Hello,
>>
>> signatureEncoded is equal to cmsSignature in your code. It is
>> computed by external company and I don't know how they create it and
>> have no control about their code. But their signature was correctly
>> inserted with pdfbox 1.8.12 and has invalid checksum with pdfbox 2.0.3.
>
> But you did not call sign(externalSigning.getContent()), that is the
> problem. So your code leaves it unclear where your signature came
> from, i.e. whether it was calculated from the full PDF minus the
> signature content area.
>
> Tilman
>
>
>>
>> Best regards
>> Petr Masopust
>>
>> On 28.6.2017 10:04, Tilman Hausherr wrote:
>>> Am 28.06.2017 um 09:55 schrieb Petr Masopust:
>>>>
>>>> final ExternalSigningSupport externalSigningSupport
>>>> = doc.saveIncrementalForExternalSigning(sink);
>>>> externalSigningSupport.setSignature(signatureEncoded);
>>>
>>>
>>> It's too difficult to read your hex dump. However your code above
>>> looks weird: signatureEncoded is never computed. In the
>>> CreateVisibleSignature sample code, it looks like this:
>>>
>>>
>>> ExternalSigningSupport externalSigning =
>>> doc.saveIncrementalForExternalSigning(fos);
>>> // invoke external signature service
>>> byte[] cmsSignature =
>>> sign(externalSigning.getContent());
>>>
>>> externalSigning.setSignature(cmsSignature);
>>>
>>> doc.close();
>>>
>>> signatureOptions.close();
>>>
>>>
>>> I strongly recommend to start with the sample code.
>>>
>>> Tilman
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
>>> For additional commands, e-mail: users-help@pdfbox.apache.org
>>>
>>
>>
>> --
>>
>> *Petr Masopust*
>> Programátor analytik
>>
>> ------------------------------------------------------------------------
>>
>> *ICZ a.s.*
>> Na hřebenech II 1718/10
>> 140 00 Praha 4
>> Česká republika
>> www.i.cz
>>
>> *Tel.:* +420 222 271 578
>> *GSM:* +420 724 429 623
>> *Fax:* +420 222 271 112
>> *E-mail:* petr.masopust@i.cz
>>
>
>
--
*Petr Masopust*
Programátor analytik
------------------------------------------------------------------------
*ICZ a.s.*
Na hřebenech II 1718/10
140 00 Praha 4
Česká republika
www.i.cz
*Tel.:* +420 222 271 578
*GSM:* +420 724 429 623
*Fax:* +420 222 271 112
*E-mail:* petr.masopust@i.cz
Re: Signatures compatibility between pdfbox 1.8 and 2.0
Posted by Tilman Hausherr <TH...@t-online.de>.
Am 28.06.2017 um 10:11 schrieb Petr Masopust:
> Hello,
>
> signatureEncoded is equal to cmsSignature in your code. It is computed
> by external company and I don't know how they create it and have no
> control about their code. But their signature was correctly inserted
> with pdfbox 1.8.12 and has invalid checksum with pdfbox 2.0.3.
But you did not call sign(externalSigning.getContent()), that is the
problem. So your code leaves it unclear where your signature came from,
i.e. whether it was calculated from the full PDF minus the signature
content area.
Tilman
>
> Best regards
> Petr Masopust
>
> On 28.6.2017 10:04, Tilman Hausherr wrote:
>> Am 28.06.2017 um 09:55 schrieb Petr Masopust:
>>>
>>> final ExternalSigningSupport externalSigningSupport
>>> = doc.saveIncrementalForExternalSigning(sink);
>>> externalSigningSupport.setSignature(signatureEncoded);
>>
>>
>> It's too difficult to read your hex dump. However your code above
>> looks weird: signatureEncoded is never computed. In the
>> CreateVisibleSignature sample code, it looks like this:
>>
>>
>> ExternalSigningSupport externalSigning =
>> doc.saveIncrementalForExternalSigning(fos);
>> // invoke external signature service
>> byte[] cmsSignature =
>> sign(externalSigning.getContent());
>>
>> externalSigning.setSignature(cmsSignature);
>>
>> doc.close();
>>
>> signatureOptions.close();
>>
>>
>> I strongly recommend to start with the sample code.
>>
>> Tilman
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
>> For additional commands, e-mail: users-help@pdfbox.apache.org
>>
>
>
> --
>
> *Petr Masopust*
> Programátor analytik
>
> ------------------------------------------------------------------------
>
> *ICZ a.s.*
> Na hřebenech II 1718/10
> 140 00 Praha 4
> Česká republika
> www.i.cz
>
> *Tel.:* +420 222 271 578
> *GSM:* +420 724 429 623
> *Fax:* +420 222 271 112
> *E-mail:* petr.masopust@i.cz
>
Re: Signatures compatibility between pdfbox 1.8 and 2.0
Posted by Petr Masopust <pe...@i.cz>.
Hello,
signatureEncoded is equal to cmsSignature in your code. It is computed
by external company and I don't know how they create it and have no
control about their code. But their signature was correctly inserted
with pdfbox 1.8.12 and has invalid checksum with pdfbox 2.0.3.
Best regards
Petr Masopust
On 28.6.2017 10:04, Tilman Hausherr wrote:
> Am 28.06.2017 um 09:55 schrieb Petr Masopust:
>>
>> final ExternalSigningSupport externalSigningSupport =
>> doc.saveIncrementalForExternalSigning(sink);
>> externalSigningSupport.setSignature(signatureEncoded);
>
>
> It's too difficult to read your hex dump. However your code above
> looks weird: signatureEncoded is never computed. In the
> CreateVisibleSignature sample code, it looks like this:
>
>
> ExternalSigningSupport externalSigning =
> doc.saveIncrementalForExternalSigning(fos);
> // invoke external signature service
> byte[] cmsSignature = sign(externalSigning.getContent());
>
> externalSigning.setSignature(cmsSignature);
>
> doc.close();
>
> signatureOptions.close();
>
>
> I strongly recommend to start with the sample code.
>
> Tilman
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: users-help@pdfbox.apache.org
>
--
*Petr Masopust*
Programátor analytik
------------------------------------------------------------------------
*ICZ a.s.*
Na hřebenech II 1718/10
140 00 Praha 4
Česká republika
www.i.cz
*Tel.:* +420 222 271 578
*GSM:* +420 724 429 623
*Fax:* +420 222 271 112
*E-mail:* petr.masopust@i.cz
Re: Signatures compatibility between pdfbox 1.8 and 2.0
Posted by Tilman Hausherr <TH...@t-online.de>.
Am 28.06.2017 um 09:55 schrieb Petr Masopust:
>
> final ExternalSigningSupport externalSigningSupport =
> doc.saveIncrementalForExternalSigning(sink);
> externalSigningSupport.setSignature(signatureEncoded);
It's too difficult to read your hex dump. However your code above looks
weird: signatureEncoded is never computed. In the CreateVisibleSignature
sample code, it looks like this:
ExternalSigningSupport externalSigning =
doc.saveIncrementalForExternalSigning(fos);
// invoke external signature service
byte[] cmsSignature = sign(externalSigning.getContent());
externalSigning.setSignature(cmsSignature);
doc.close();
signatureOptions.close();
I strongly recommend to start with the sample code.
Tilman
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org