There may be multiple ranges but the crypto plugins shipped with Acrobat
don't like more than two. Don't ask me why.
Paulo
----- Original Message -----
From: "Martin Brunecky" <mbrunecky@(protected)>
To: <itext-questions@(protected)>
Sent: Wednesday, June 13, 2007 11:38 PM
Subject: [iText-questions] Suspicious data: SigDict /ByteRange value
>
>
> Gentlemen:
>
> Continuing my efforts to use USPS EPM TSA (time-stamp-autority), I am
> running into another difficulty:
>
>
>
> I am using (Java version) of example (as Paolo kindly directed me):
>
> http://itextpdf.sourceforge.net/howtosign.html#signextitextsharp.
>
>
>
> I would like to be able to EXCLUDE some other (than /Content) part of my
> signature from the digest computation.
>
> I am using the above example and the following code works just fine. I get
> a
> good PDF file and my Adobe Reader is happy with my signature.
>
>
>
> But when I try to exclude an additional byte range (I uncomment the lines
> marked //HERE below), the Reader (7.0) reports:
>
> Error during signature verification
>
> Signature contains incorrect, unrecognized, corrupted or suspicious data
>
> Support information: SigDict /ByteRange value
>
>
>
>
>
> PdfReader reader = new PdfReader(srcFile);
>
> FileOutputStream fout = new FileOutputStream(dstFile);
>
> PdfStamper stp = PdfStamper.createSignature(reader, fout,
> '\0');
>
> PdfSignatureAppearance sap = stp.getSignatureAppearance();
>
>
>
> .
>
> PdfSignature dic = new PdfSignature(validatorFilter,
> validSubFilter);
>
> dic.setDate(new PdfDate(sap.getSignDate()));
>
> dic.setName(signer.getCommonName()); // was:
> (PdfPKCS7.GetSubjectFields(chain[0]).GetField("CN"));
>
> dic.setReason(reason);
>
> dic.setLocation(sap.getLocation());
>
> sap.setCryptoDictionary(dic);
>
> HashMap exc = new HashMap();
>
> exc.put(PdfName.CONTENTS, new Integer(contentEst * 2 + 2));
>
> //HERE exc.put(PdfName.REASON, new Integer(reason.length()
> +
> 2));
>
> sap.preClose(exc);
>
> .
>
> PdfPKCS7 sgn = new PdfPKCS7(key, chain, null, "SHA1", "BC",
> true); // true if subfilter adbe.pkcs7.sha1
>
> InputStream is = sap.getRangeStream();
>
> .
>
> encodedTST = sgn.getEncodedPKCS7();
>
> PdfDictionary dic2 = new PdfDictionary();
>
> dic2.put(PdfName.CONTENTS, new
> PdfString(tstBytes).setHexWriting(true));
>
> //HERE dic2.put(PdfName.REASON, new PdfString(reason)); //
> NOTE: no text change here
>
> sap.close(dic2);
>
>
>
>
>
> The main difference in the generated PDF file is:
>
> /ByteRange [0 265 7427 4135 ]
>
> /ByteRange [0 227 256 10 7428 4135 ]
>
>
>
> The PDF specification says there may be multiple ranges.
>
>
>
>
>
>
>
>
>
>
>
> Martin Brunecky
> Software Architect
>
>
>
>
> <mailto:mbrunecky@(protected)
> AIM: mbrunecky
>
>
> tel:
> fax:
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
iText-questions mailing list
iText-questions@(protected)
https://lists.sourceforge.net/lists/listinfo/itext-questions
Buy the iText book: http://itext.ugent.be/itext-in-action/
