Signing PDF with a PKCS11 smart card

Google

Mailing List

Home

Forum Home

JBoss - Java Application Server

Tomcat - JSP/Servlet container

Struts - A MVC web framework

iText - An open source PDF Java Library

JDOM - JDOM XML Parser

J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition

J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog

JSP - A mailing list about Java Server Pages specification and reference

Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology

Struts & Hibernate

Subjects

•	JSP editor plugin for eclipse ?
•	org apache jasper JasperException: Unable to compile class for JSP
•	Tomcat: Connection reset by peer: socket write error
•	Cannot retrieve definition for form bean null
•	Struts Tiles Tutorial (free Struts training)
•	Where do I download Tomcat 4 0 6?
•	Data Access Object (DAO) pattern, example DAO 's
•	Where to download Tomcat v 4 1 24 from?
•	Tomcat 5 0 16 Requested resource not available
•	Oracle Connection Pooling in 3 2 2
•	Servlet : Session invalidate
•	Servlet action is currently unavailable
•	Tomcat/Struts Unicode Encoding/Decoding problems
•	Tomcat and webapplication specific java library path
•	Running a Simple JMS Example
•	Mapping in workers2 properties
•	org apache jasper JasperException
•	Cannot find message resources under key org apache struts action MESSAGE
•	problem with html:text bean throwing exception
•	Cannot find message resources under key org apache struts action MESSAGE
•	invalid direct reference problem with solution
•	Tool for jsp debug Try Sysdeo Eclipse Plugin
•	Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
•	weblogic ejbc
•	java properties file
•	Jboss 3 2 3 Coyote Can 't re
•	Tomcat 5, Apache2 and mod jk2 integration problem
•	JBoss example problem new to J2EE
•	url string for connecting jboss to oracle
•	Value attribute of <html:checkbox
•	javax servlet ServletException: BeanUtils populate
•	HTTP Status 404 The requested resource is not available
•	5 0 18: Windows XP Pro vs Windows 2000

Signing PDF with a PKCS11 smart card

Signing PDF with a PKCS11 smart card

2006-07-29 - By cicuta@(protected)

Back

Reply: 1 2 3

Hello!
I'm rather new to both iText and smart cards, but I need to sign a PDF twice,
preserving the first signature, using a pkcs#11 provider (I use the Sun
implementation).
With standard Java I managed to load the right DLL and get access to the
keystore and eventually to the certificate and the interface to the private key.
I know the latter is not the actual key, so signing with the chunk suggested in
the javadoc of PDFStamper.createSignature won't work. Instead I tried

PdfReader reader = new PdfReader(this.fileToSign);
FileOutputStream fout = new FileOutputStream(this.signedFile);
PdfStamper stamper = PdfStamper.createSignature(reader, fout, '\0', new
File("/temp"), true);
PdfSignatureAppearance sap = stamper.getSignatureAppearance(); // I
want it invisible
sap.setReason(this.reason);
sap.setLocation(this.location);

java.util.Calendar

now=java.util.Calendar

.getInstance();
sap.setSignDate(now);
sap.setCrypto(null, chain, null, PdfSignatureAppearance.SELF_SIGNED);
sap.setExternalDigest(new byte[128], null, "RSA");
sap.preClose();
byte[] content = inputStreamToByteArray(sap.getRangeStream()); //
<<<<<<<<< Exception thrown here <<<<<<<<<<<
Signature signature = Signature.getInstance("SHA1withRSA", provider);
byte[] signatureBytes = signature.sign();
signature.initSign((PrivateKey)key);
signature.update(content);

PdfPKCS7 sig = sap.getSigStandard().getSigner();
sig.setExternalDigest(signatureBytes, null, "RSA");
PdfDictionary dic = new PdfDictionary();
dic.put(PdfName.CONTENTS, new
PdfString(sig.getEncodedPKCS1()).setHexWriting(true));
sap.close(dic);

When I reach
byte[] signatureBytes = signature.sign();
I get a SignatureException: "object not initialized for signing"
On the smart card I use are two aliases: I get the same result with both of them
(although I must admit I'm not sure which one I should use: I don't know exactly
what they represent!)
I figured that if the code I use worked, I could use it "as is" to append the
second signature.
Please could someone either help me with the code for signing (maybe twice ;) )
or address me to a good tutorial about what's inside a PKCS11 smart card and how
it's organized?
Thanks in advance!

-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- -----
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
iText-questions mailing list
iText-questions@(protected)
https://lists.sourceforge.net/lists/listinfo/itext-questions