logo
Home JAVASCRIPTJAVACHASHPYTHONPHPCPPIOSSQLHTML
down
shadow

iText 7 PDF signing with GlobalSign DSS


iText 7 PDF signing with GlobalSign DSS
» pdf » iText 7 PDF signing with GlobalSign DSS
By : user3099633
Date : January 11 2021, 03:34 PM
I wish did fix the issue. I'm using c# for my implementation. I'm not too familiar with VB but hopefully this helps. Most of the examples I've seen are using Java and there were some differences in how they implement this, so I had to work around them. The only things I had to implement for this work was the IExternalSignature, IOcspClient, and ITsaClient.
The digest that is sent to GlobalSign are the contents of the document prior to applying to the signature, so the appearance can be left out if applied with signature. The document is not modified until you apply the signature using the PdfSigner.SignDetached, I believe. To compute the digest, you need to use the SHA256 algorithm to hash the message and hexencode it. This is the digest that will be sent to GS. You need to put both the certificates from GlobalSign to create the certificate chain. First add the signing certificate then the certificate you can retrieve from their 'certificate_path' endpoint. I'm not sure about the conversion to that type, but with the c# library, the Sign method of IExternalSignature returns a byte[]. With my own implementation of the interface, I simply converted the SignatureValue we received from GS to a byte[]. For the timestamp, we also implemented our own ITsaClient that calls GS for the timestamp. The digest has to be calculated in the GetTimeStampToken method and sent to GS. The response is a hexencoded string that we convert to a byte[].
code :
public byte[] GetEncoded( X509Certificate checkCert, X509Certificate issuerCert, string url )
{
    var decoded = Base64.Decode(_ocspResponse); //_ocspResponse is same one that we received when fecthing the identity
    var response = new OcspResp(decoded);
    var basicResponse = (BasicOcspResp)response.GetResponseObject();

    return basicResponse.GetEncoded();
}

public class ExternalSignature : IExternalSignature
{
    private readonly SigningIdentity _identity;
    private readonly GlobalSignClient _client;
    public ExternalSignature( GlobalSignClient client, SigningIdentity identity )
    {
        _client = client;
        _identity = identity;
    }

    public string GetEncryptionAlgorithm() => "RSA";

    public string GetHashAlgorithm() => DigestAlgorithms.SHA256;

    public byte[] Sign( byte[] message )
    {
        // Using the System.Security.Cryptography implementation of SHA256
        using (var sha = SHA256.Create())
        {
            // Hash the message, containing the PDF
            var bytes = sha.ComputeHash(message);
            // HexEconde the hashed message to send to GlobalSign   
            var digest = Helpers.ByteArrayToString(bytes);
            // Send the digest to GlobalSign
            var signature = _client.GetSignatureAsync(_identity.Id, digest).Result;
            // Return the returned signature as a byte[]
            return Helpers.StringToByteArray(signature);
        }
    }
}

var signature = new ExternalSignature(_client, signingIdentity);
...
...
//After creating the PDF signer, adding appearance, creating the OCSP and TSA clients.
signer.SignDetached(signature, certChain, null, ocsp, tsa, 0, PdfSigner.CryptoStandard.CMS);


Share : facebook icon twitter icon
Allow signing of pdf using iText

Allow signing of pdf using iText

By : user2640678
Date : March 29 2020, 07:55 AM
I wish this help you This can only be done with Adobe tools. There is no way to change the setting without signing it in iText.
Signing a PDF with an eID using PKCS#11 and iText

Signing a PDF with an eID using PKCS#11 and iText

By : Guangmiao Luan
Date : March 29 2020, 07:55 AM
To fix this issue The provided code sample tries to get the PrivateKey of the signature certificate, I found it odd but figured it was just used as a reference. Navigating through the stack trace of the exception that is triggered when the user cancels the process in the PinPad gave me the following idea, which, fortunately, solved this:
Create a custom com.itextpdf.text.pdf.security.ExternalSignature implementation Implement an utility class that, using the sun.security.pkcs11.wrapper.PKCS11 wrapper, interacts with your eID pkcs11 dll (in my case, pteidpkcs11.dll) and provides a signing method that receives a byte[] message which is then sent to the SmartCard reader to be signed, and returns the byte[] result of this operation Use the utility class in your CustomExternalSignature.sign(...)
PDF Signing with ExternalSiging service using iText,

PDF Signing with ExternalSiging service using iText,

By : user7913380
Date : March 29 2020, 07:55 AM
I wish did fix the issue. I found the root cause of the issue, I made a small mistake, the content estimation variable in not correct in above source due to that paddedSig was not created properly. Wrong value as shown in above source. int contentEstimated = 8129; Correct Value is int contentEstimated = 8192; Rest of the code is fine.
Signing with OCSP by using iText

Signing with OCSP by using iText

By : Ruchira
Date : March 29 2020, 07:55 AM
hope this fix your issue There actually are two separate aspects to your question, on one hand you want to know why the two documents (the one you created and the one the Swisscom provided) behave differently in your Adobe Reader, and on the other hand you ask how to embed CRL and OCSP into the pdf.
Differences between the signed documents A matter of Adobe Reader versions
code :
IExternalSignatureContainer external = new ExternalBlankSignatureContainer(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_DETACHED);
PdfSignature external2 = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_DETACHED);//ADBE_PKCS7_SHA1);
//as pdf name I tried also PdfName.ETSI_RFC3161

adbe-revocationInfoArchival OBJECT IDENTIFIER ::=
                              { adbe(1.2.840.113583) acrobat(1) security(1) 8 }

   RevocationInfoArchival ::= SEQUENCE {
     crl [0] EXPLICIT SEQUENCE of CRLs, OPTIONAL
     ocsp [1] EXPLICIT SEQUENCE of OCSP Responses, OPTIONAL
     otherRevInfo [2] EXPLICIT SEQUENCE of OtherRevInfo, OPTIONAL
   }
   OtherRevInfo ::= SEQUENCE {
     Type OBJECT IDENTIFIER
     Value OCTET STRING
   }
External signing PDF with iText

External signing PDF with iText

By : Josh Chamber
Date : March 29 2020, 07:55 AM
like below fixes the issue There are a number of issues in your code.
First of all your code mixes different iText signing API generations. There is the older API generation which requires you to work very near to the PDF internals, and there is the newer (since version 5.3.x) API which is implemented as a layer over the older API and does not require you to know those internals.
code :
MakeSignature.SignExternalContainer(sap, external, 8192);
signatureContainer = new PdfPKCS7(null, chain, "SHA256", false);
byte[] hash = DigestAlgorithms.Digest(sap.GetRangeStream(), "SHA256");

signatureContainer = new PdfPKCS7(null, chain, "SHA256", false);
byte[] hash = DigestAlgorithms.Digest(sap.GetRangeStream(), "SHA256");
//byte[] signatureHash = signatureContainer.getAuthenticatedAttributeBytes(hash, null, null, CryptoStandard.CMS);

return hash;

sigField.SetExternalDigest(signedBytes, null, "RSA");
return sigField.GetEncodedPKCS7(signedBytes, null, null, null, CryptoStandard.CMS);

class RemoteSignature : IExternalSignature
{
    public virtual byte[] Sign(byte[] message) {
        IDigest messageDigest = DigestUtilities.GetDigest(GetHashAlgorithm());
        byte[] messageHash = DigestAlgorithms.Digest(messageDigest, message);
        //
        // Request signature for hash value messageHash
        // and return signature bytes
        //
        return CALL_YOUR_SERVICE_FOR_SIGNATURE_OF_HASH(messageHash);
    } 

    public virtual String GetHashAlgorithm() {
        return "SHA-256";
    } 

    public virtual String GetEncryptionAlgorithm() {
        return "RSA";
    } 
}

PdfReader reader = new PdfReader(...);
PdfStamper pdfStamper = PdfStamper.CreateSignature(...);
PdfSignatureAppearance sap = pdfStamper.SignatureAppearance;
// set sap properties for signing
IExternalSignature signature = new RemoteSignature();
MakeSignature.SignDetached(sap, signature, chain, null, null, null, 0, CryptoStandard.CMS);

    ...
    SHA-256: (0x)30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 || H.
    ...

class RemoteSignature : IExternalSignature
{
    public virtual byte[] Sign(byte[] message) {
        IDigest messageDigest = DigestUtilities.GetDigest(GetHashAlgorithm());
        byte[] messageHash = DigestAlgorithms.Digest(messageDigest, message);
        byte[] sha256Prefix = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20};
        byte[] digestInfo = new byte[sha256Prefix.Length + messageHash.Length];
        sha256Prefix.CopyTo(digestInfo, 0);
        messageHash.CopyTo(digestInfo, sha256Prefix.Length);
        //
        // Request signature for DigestInfo value digestInfo
        // and return signature bytes
        //
        return CALL_YOUR_SERVICE_FOR_SIGNATURE_OF_DIGEST_INFO(digestInfo);
    } 

    public virtual String GetHashAlgorithm() {
        return "SHA-256";
    } 

    public virtual String GetEncryptionAlgorithm() {
        return "RSA";
    } 
}
Related Posts Related Posts :
  • How can I make a PDF with text that no one can copy?
  • How do I get Adobe Reader to produce efficient XPS
  • Add a Print Button to Vendor Credits (view mode) with Advanced PDF Template in Netsuite SuiteScripts 2.0
  • How to force a pdf download automatically?
  • Change metadata of pdf file with pypdf
  • Latex Inverse search from a pdf in Okular to TexMaker
  • Remove or hide PDF layer using ABCPdf?
  • Merge several PDF together and create new PDF/A with Apache PdfBox
  • Does TrueType require the 'cmap' table; must it cover all contained glyphs?
  • PostScript - Preserve internal hyperlinks in PDF
  • ps2pdf - Unable to open initial device
  • What happens internally in an OS, when opening a hyperlink from within a pdf document?
  • Is the /Widths array of a PDF font object redundant information?
  • Blue Prism text to PDF
  • How to run imagemagick to batch convert only the first page of multiple PDF files to JPEG?
  • PDFBOX - when signing PDF, SignatureInterface's sign is not called
  • Can Flutter for Web show Pdf or Webview?
  • Reload a PDF in Chromium while keeping the page
  • JSPDF .html() function returning blank pdf page
  • PDF m l operators
  • Problems with PDF fonts generated with ggsave under windows when linking in Illustrator
  • Without embeded fonts, is PDF limited to only 4281 characters (of AGL)? How to display more glyphs?
  • PDFBOX merge several PDF without render Optional Content Group visibility
  • Some PDFs are converted improperly using imagemagick
  • Attachment not being sent with email - GScript
  • Render HTML or GSP as a PDF and save it on server
  • Convert PDF to CMYK but ignore black?
  • ghostscript cmyk export yields wrong black
  • Problem with size of lower indexed letters like: j,p,q,g etc. inside PDF files
  • Missing presentation forms (glyphs) of some arabic characters in Unicode
  • Convert content stream of graphical text (consisting of `q` and `Q`) to proper content stream
  • Downloading PDF file on my test for further upload
  • What "font type" are the 14 standard PDF fonts?
  • PDF: obfuscating text encoding to prevent automatic parsing and copy+paste
  • Generating PDF from scratch, how are glyphs mapped to character codes?
  • Apache PDFBox - no fields?
  • Incorrect offset in cross reference table in pdf
  • What does PDF Version 1.x refer to?
  • Netsuite Invoice Pdf Show Amount Applied
  • iText 7 need to skip reading page header elements
  • pdf tounicode maps cid to incorrect character
  • Soure PDF Code Edited and it is nor Visible
    		•
    shadow
    Privacy Policy - Terms - Contact Us © festivalmusicasacra.org