HASH, SMARTCARD and PKCS#7 detached

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

HASH, SMARTCARD and PKCS#7 detached

0de55a
Hello Guys,

I've reviewed the whole mailing list but couldn't locate any thread where people could sign a PDF properly
working with Java and using a smart card without direct access to the both: private key and middleware. All
 threads I've found have the final message like "Please, help!".

Of course, I've read and used all ideas proposed at http://itextpdf.sourceforge.net/howtosign.html.
I've bought the book iText in Action, Second Edition - there is no real explanation how to sign without private key.

"Page 404 Listing 12.19
Let’s pretend you don’t have access to the private key, so you pass null to the set-
Crypto() method . You use the setExternalDigest() method to reserve space in the
signature dictionary for keys whose content isn’t known yet. You don’t close the Pdf-
Stamper, but you preClose() the signature appearance. Then you create a Signature
object using the private key;"


How can we operate with private key if we assumed "Let’s pretend you don’t have access to the private key"? Or did I miss something?

Please notice I do not claim. The book is really good and I am happy that I've bought this one.
I just want to understand can I really use iText for working with smart card?

I have an OMNI smart card which doesn't have any middleware for Java except .so module.
So, I've written a PERL script which actually gets the hash, copies it to the smart card,
signes it with private key (RSA2048), outputs the result - just a signed digest which is not in PKCS#7 format.

My Java application does following:

1. Load certificates SHA256withRSA

CertificateFactory factory = CertificateFactory.getInstance("X509");
X509Certificate certificate1 =(X509Certificate)factory.generateCertificate(new FileInputStream(certPath1));
Certificate[] certs = new Certificate[2];
certs[0] = certificate1;
X509Certificate certificate2 =(X509Certificate)factory.generateCertificate(new FileInputStream(certPath2));
certs[1] = certificate2;

2.Initialize reader, stamper.

PdfReader reader = new PdfReader(fileIn);
PdfStamper stamper = PdfStamper.createSignature(reader, fout, '\0',  null, true);
PdfSignatureAppearance sap = stamper.getSignatureAppearance();

3.Configure SignatureAppearance

sap.setSignDate(new GregorianCalendar());
sap.setCrypto(null, certs, null, PdfSignatureAppearance.SELF_SIGNED/*WINCER_SIGNED*/);
sap.setReason("Debugging the signing process");
sap.setLocation("Location");
sap.setContact("Contact address");
sap.setExternalDigest(new byte[513], new byte[20], "RSA");
sap.setCertificationLevel(PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED);

4. Create signature dictionary

PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_DETACHED);
dic.setName(PdfPKCS7.getSubjectFields((X509Certificate)certs[0]).getField("CN"));
if (sap.getSignDate()!= null) dic.setDate(new PdfDate(sap.getSignDate()));
if (sap.getReason()!= null) dic.setReason(sap.getReason());
if (sap.getLocation() != null) dic.setLocation(sap.getLocation());
if (sap.getContact() != null) dic.setContact(sap.getContact());
sap.setCryptoDictionary(dic);

5. Reserve space for CONTENTS

int csize = 15000;
HashMap<PdfName, Integer> exc = new HashMap();
exc.put(PdfName.CONTENTS, csize * 2 + 2);
sap.preClose(exc);

6. Calculate content stream digest

MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
byte buf[] = new byte[8192];
int n;
InputStream inp = sap.getRangeStream();
while ((n = inp.read(buf)) > 0) {
 messageDigest.update(buf, 0, n);
 fTmp1.write(buf, 0, n);//tmp - data for digest
}

byte hash[] = messageDigest.digest();

7.  Running PERL script and get the value of signed hash as is (not in PKCS#7 format)
byte[] signedHashBytes = Base64.decodeBase64(signedHash);

8. And the most interesting part - create PKCS#7 object

Calendar cal = sap.getSignDate();
byte[] ocsp = null;
String url = PdfPKCS7.getOCSPURL((X509Certificate) certs[0]);
if (url != null && url.length() > 0) {
     final OcspClientBouncyCastle ocspClient = new OcspClientBouncyCastle((X509Certificate) certs[0],
     (X509Certificate) certs[1], url);
     ocsp = ocspClient.getEncoded();
}


PdfPKCS7 sig = new PdfPKCS7(null, certs, null, "SHA256", null, false);
sig.setExternalDigest(hash, signedHashBytes, "RSA");

PdfLiteral pdfLiteral = (PdfLiteral) dic.get(PdfName.CONTENTS);
byte[] outc = new byte[(pdfLiteral.getPosLength() - 2) / 2];

byte[] ssig = sig.getEncodedPKCS7(null, cal, null, ocsp);

Arrays.fill(outc,(byte)0);

System.arraycopy(ssig, 0, outc, 0, ssig.length);
PdfDictionary dic2 = new PdfDictionary();
dic2.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true));
sap.close(dic2);

9.Result

And as the result this code output PDF which Adobe believes was modified and hence signature is not valid:
"The document has been altered or corrupted since it was signed"

Can you advice what's wrong with code?

Any help would be appreciated!

Kind regards,
Andriy.



Reply | Threaded
Open this post in threaded view
|

Re: HASH, SMARTCARD and PKCS#7 detached

blowagie
On 17/11/2010 18:52, 0de55a wrote:
>
> Hello Guys,
>
> I've reviewed the whole mailing list but couldn't locate any thread where
> people could sign a PDF properly
> working with Java and using a smart card without direct access to the both:
> private key and middleware. All
>   threads I've found have the final message like "Please, help!".

I'm at Devoxx presenting the Second Edition of "iText in Action" (all
week), so I don't have much time to read and answer mail. I don't know
if this answers your question (I only read the first couple of lines).
There was a smart card example in the first edition, but I chose not to
put it in the second book (because they use specific middleware that
is only used in Belgium). I'm sending you the pages from the first book
in the hope that they are helpful.

If you want to receive further answers: please subscribe to the mailing
list. I'm sure that there are other people who can answer your question,
because iText is used to sign PDFs using a smart card in different
projects. It would be a pity if you missed an answer by not registering,
AND: by not registering you give me administrative work leading to
delays because I'm at Devoxx.

best regards,
Bruno

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php

appD.pdf (250K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: HASH, SMARTCARD and PKCS#7 detached

Andreas Kuehne-3
In reply to this post by 0de55a
Hi Andriy,

looks like you already spent some time with this topic!

 You mentioned you have some shared object files for your card. Does this library support the PKCS11 interface? If yes, things may be a lot easier ...

Greetings

Andreas

----- original Nachricht --------

Betreff: [iText-questions] HASH, SMARTCARD and PKCS#7 detached
Gesendet: Mi, 17. Nov 2010
Von: 0de55a<[hidden email]>

>
> Hello Guys,
>
> I've reviewed the whole mailing list but couldn't locate any thread where
> people could sign a PDF properly
> working with Java and using a smart card without direct access to the both:
> private key and middleware. All
>  threads I've found have the final message like "Please, help!".
>
> Of course, I've read and used all ideas proposed at
> http://itextpdf.sourceforge.net/howtosign.html.
> I've bought the book iText in Action, Second Edition - there is no real
> explanation how to sign without private key.
>
> "Page 404 Listing 12.19
> Let’s pretend you don’t have access to the private key, so you pass null to
> the set-
> Crypto() method . You use the setExternalDigest() method to reserve space in
> the
> signature dictionary for keys whose content isn’t known yet. You don’t close
> the Pdf-
> Stamper, but you preClose() the signature appearance. Then you create a
> Signature
> object using the private key;"
>
> How can we operate with private key if we assumed "Let’s pretend you don’t
> have access to the private key"? Or did I miss something?
>
> Please notice I do not claim. The book is really good and I am happy that
> I've bought this one.
> I just want to understand can I really use iText for working with smart
> card?
>
> I have an OMNI smart card which doesn't have any middleware for Java except
> .so module.
> So, I've written a PERL script which actually gets the hash, copies it to
> the smart card,
> signes it with private key (RSA2048), outputs the result - just a signed
> digest which is not in PKCS#7 format.
>
> My Java application does following:
>
> 1. Load certificates SHA256withRSA
>
> CertificateFactory factory = CertificateFactory.getInstance("X509");
> X509Certificate certificate1
> =(X509Certificate)factory.generateCertificate(new
> FileInputStream(certPath1));
> Certificate[] certs = new Certificate[2];
> certs[0] = certificate1;
> X509Certificate certificate2
> =(X509Certificate)factory.generateCertificate(new
> FileInputStream(certPath2));
> certs[1] = certificate2;
>
> 2.Initialize reader, stamper.
>
> PdfReader reader = new PdfReader(fileIn);
> PdfStamper stamper = PdfStamper.createSignature(reader, fout, '\0',  null,
> true);
> PdfSignatureAppearance sap = stamper.getSignatureAppearance();
>
> 3.Configure SignatureAppearance
>
> sap.setSignDate(new GregorianCalendar());
> sap.setCrypto(null, certs, null,
> PdfSignatureAppearance.SELF_SIGNED/*WINCER_SIGNED*/);
> sap.setReason("Debugging the signing process");
> sap.setLocation("Location");
> sap.setContact("Contact address");
> sap.setExternalDigest(new byte[513], new byte[20], "RSA");
> sap.setCertificationLevel(PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWE
> D);
>
> 4. Create signature dictionary
>
> PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE,
> PdfName.ADBE_PKCS7_DETACHED);
> dic.setName(PdfPKCS7.getSubjectFields((X509Certificate)certs[0]).getField("C
> N"));
> if (sap.getSignDate()!= null) dic.setDate(new PdfDate(sap.getSignDate()));
> if (sap.getReason()!= null) dic.setReason(sap.getReason());
> if (sap.getLocation() != null) dic.setLocation(sap.getLocation());
> if (sap.getContact() != null) dic.setContact(sap.getContact());
> sap.setCryptoDictionary(dic);
>
> 5. Reserve space for CONTENTS
>
> int csize = 15000;
> HashMap<PdfName, Integer> exc = new HashMap();
> exc.put(PdfName.CONTENTS, csize * 2 + 2);
> sap.preClose(exc);
>
> 6. Calculate content stream digest
>
> MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
> byte buf[] = new byte[8192];
> int n;
> InputStream inp = sap.getRangeStream();
> while ((n = inp.read(buf)) > 0) {
>  messageDigest.update(buf, 0, n);
>  fTmp1.write(buf, 0, n);//tmp - data for digest
> }
>
> byte hash[] = messageDigest.digest();
>
> 7.  Running PERL script and get the value of signed hash as is (not in
> PKCS#7 format)
> byte[] signedHashBytes = Base64.decodeBase64(signedHash);
>
> 8. And the most interesting part - create PKCS#7 object
>
> Calendar cal = sap.getSignDate();
> byte[] ocsp = null;
> String url = PdfPKCS7.getOCSPURL((X509Certificate) certs[0]);
> if (url != null && url.length() > 0) {
>      final OcspClientBouncyCastle ocspClient = new
> OcspClientBouncyCastle((X509Certificate) certs[0],
>      (X509Certificate) certs[1], url);
>      ocsp = ocspClient.getEncoded();
> }
>
>
> PdfPKCS7 sig = new PdfPKCS7(null, certs, null, "SHA256", null, false);
> sig.setExternalDigest(hash, signedHashBytes, "RSA");
>
> PdfLiteral pdfLiteral = (PdfLiteral) dic.get(PdfName.CONTENTS);
> byte[] outc = new byte[(pdfLiteral.getPosLength() - 2) / 2];
>
> byte[] ssig = sig.getEncodedPKCS7(null, cal, null, ocsp);
>
> Arrays.fill(outc,(byte)0);
>
> System.arraycopy(ssig, 0, outc, 0, ssig.length);
> PdfDictionary dic2 = new PdfDictionary();
> dic2.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true));
> sap.close(dic2);
>
> 9.Result
>
> And as the result this code output PDF which Adobe believes was modified and
> hence signature is not valid:
> "The document has been altered or corrupted since it was signed"
>
> Can you advice what's wrong with code?
>
> Any help would be appreciated!
>
> Kind regards,
> Andriy.
>
>
>
>
> --
> View this message in context:
> http://itext-general.2136553.n4.nabble.com/HASH-SMARTCARD-and-PKCS-7-detache
> d-tp3047252p3047252.html
> Sent from the iText - General mailing list archive at Nabble.com.
>
> ----------------------------------------------------------------------------
> --
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> Spend less time writing and  rewriting code and more time creating great
> experiences on the web. Be a part of the beta today
> http://p.sf.net/sfu/msIE9-sfdev2dev
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> Many questions posted to this list can (and will) be answered with a
> reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples:
> http://itextpdf.com/themes/keywords.php

--- original Nachricht Ende ----


------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
Reply | Threaded
Open this post in threaded view
|

Re: HASH, SMARTCARD and PKCS#7 detached

0de55a
In reply to this post by blowagie
Hi Bruno!

The example from the first book edition was my start point. As far as I understand
there was used middleware which provides signed value in PKCS#7 format that is not my case.
Thanks for the advice, I've subscribed.

Best regards,
Andriy.
Reply | Threaded
Open this post in threaded view
|

Re: HASH, SMARTCARD and PKCS#7 detached

0de55a
In reply to this post by Andreas Kuehne-3
Hi Andreas,

That's right, I've found a lot of interesting information in this topic.

OMNI Smart card provides only .so module without any Java middleware.
This smart card works using CardOS.

The card support PKCS11 interface. Initially I've installed openSC however there is a difference in
directories structures which openSC suppose to use comparing with the directories the smartcard has.
OpenSC copies data to the card, sign it, but failed to get the result as output is provided in another
directory rather than OpenSC expects. Like a rough idea OpenSC  in FAQ propose to format the card,
but this won't work for me as I'll lost private key data. This card was supplied by the client and I cannot
change it. This is why I've stopped to use openSC and divided signing process in two steps: PERL script
that covers operation with the smartcard and updated version of JSignPDF for supporting external signed  
digest.

However, getting the signed PDF I still have the problem with Adobe reports
 "The document has been altered or corrupted since it was signed".

I would appreciate if someone can advice what's wrong with code or how can I locate the
reason of this message from Adobe.

Cheers,
Andriy.
Reply | Threaded
Open this post in threaded view
|

Re: HASH, SMARTCARD and PKCS#7 detached

Andreas Kuehne-3
In reply to this post by 0de55a
Hi Andriy,

PKCS11 support is good news. We build a signature server with support for HSMs offering PKCS11 interface.

There are many posts on this list regarding the problems around external signing using a smart card. It's a tricky business to bring PDF signature and QES together espacially when the card is not instantly available at any time. With our siging server we focussed on mass signing using smart cards and solved the problems like unpredictable signature size and inserting a signature into an already written PDF file. You may use our server right away ( available at http://sourceforge.net/projects/sirius-sign/ ) or grab some classes useful for you ( I would recommend to start at PDFPKCS7ProcessorBean.java ).

A guide to setup a PKCS11 signing unit is available in the Wiki ...

Greetings

Andreas

----- original Nachricht --------

Betreff: Re: [iText-questions] HASH, SMARTCARD and PKCS#7 detached
Gesendet: Do, 18. Nov 2010
Von: 0de55a<[hidden email]>

>
> Hi Andreas,
>
> That's right, I've found a lot of interesting information in this topic.
>
> OMNI Smart card provides only .so module without any Java middleware.
> This smart card works using CardOS.
>
> The card support PKCS11 interface. Initially I've installed openSC however
> there is a difference in
> directories structures which openSC suppose to use comparing with the
> directories the smartcard has.
> OpenSC copies data to the card, sign it, but failed to get the result as
> output is provided in another
> directory rather than OpenSC expects. Like a rough idea OpenSC  in FAQ
> propose to format the card,
> but this won't work for me as I'll lost private key data. This card was
> supplied by the client and I cannot
> change it. This is why I've stopped to use openSC and divided signing
> process in two steps: PERL script
> that covers operation with the smartcard and updated version of JSignPDF
> for
> supporting external signed  
> digest.
>
> However, getting the signed PDF I still have the problem with Adobe reports
>  "The document has been altered or corrupted since it was signed".
>
> I would appreciate if someone can advice what's wrong with code or how can
> I
> locate the
> reason of this message from Adobe.
>
> Cheers,
> Andriy.
> --
> View this message in context:
> http://itext-general.2136553.n4.nabble.com/HASH-SMARTCARD-and-PKCS-7-detache
> d-tp3047252p3048411.html
> Sent from the iText - General mailing list archive at Nabble.com.
>
> ----------------------------------------------------------------------------
> --
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> Spend less time writing and  rewriting code and more time creating great
> experiences on the web. Be a part of the beta today
> http://p.sf.net/sfu/msIE9-sfdev2dev
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> Many questions posted to this list can (and will) be answered with a
> reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples:
> http://itextpdf.com/themes/keywords.php
>

--- original Nachricht Ende ----


------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
Reply | Threaded
Open this post in threaded view
|

Re: HASH, SMARTCARD and PKCS#7 detached

0de55a
Hi Andreas!

  Thanks for useful links. Will check out them next week and will post any update I'll have.

Kind regards,
Andriy.
Reply | Threaded
Open this post in threaded view
|

Re: HASH, SMARTCARD and PKCS#7 detached

0de55a
Hello Guys,

The  problem has been solved. To remind - the PERL script signs digest value and returns simply signed data. My assumption was that PKCS7 class from iText can cover all stuff related to PKCS7 structure using signed hash data and provide proper output. However, this didn't work for me.

This is why I have updated PERL script so it returns data in PKCS#7 format and I just get the data and put them into dictionary. In my case the PERL script was the replacement for the smart card middleware.

Thanks to Andreas for the advice!
fra
Reply | Threaded
Open this post in threaded view
|

Re: HASH, SMARTCARD and PKCS#7 detached

fra
Hi 0de55a
sorry for disturb, but i think i have the same problem, but i don't know how i can convert my byte[] data to PKCS#7 format.
Sorry, maybe it is very stupid question but i can't resolve this problem.
Can you give me any advice?
(I am working in c# but java it is ok)

thanks in advance.
Reply | Threaded
Open this post in threaded view
|

Re: HASH, SMARTCARD and PKCS#7 detached

Andreas Kuehne-3
In reply to this post by 0de55a
Hi Fra,

as this topic turns out to be of general interest, I'll build a sample using Bouncy Castle. I'll post it to the list in the next days if noone else got some code at hand ...

Greetings

Andreas
----- original Nachricht --------

Betreff: Re: [iText-questions] HASH, SMARTCARD and PKCS#7 detached
Gesendet: Mo, 28. Feb 2011
Von: fra<[hidden email]>

> Hi 0de55a
> sorry for disturb, but i think i have the same problem, but i don't know
> how
> i can convert my byte[] data to PKCS#7 format.
> Sorry, maybe it is very stupid question but i can't resolve this problem.
> Can you give me any advice?
> (I am working in c# but java it is ok)
>
> thanks in advance.
>
> --
> View this message in context:
> http://itext-general.2136553.n4.nabble.com/HASH-SMARTCARD-and-PKCS-7-detache
> d-tp3047252p3328061.html
> Sent from the iText - General mailing list archive at Nabble.com.
>
> ----------------------------------------------------------------------------
> --
> Free Software Download: Index, Search & Analyze Logs and other IT data in
> Real-Time with Splunk. Collect, index and harness all the fast moving IT
> data
> generated by your applications, servers and devices whether physical,
> virtual
> or in the cloud. Deliver compliance at lower cost and gain new business
> insights. http://p.sf.net/sfu/splunk-dev2dev 
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText® is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a
> reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples:
> http://itextpdf.com/themes/keywords.php
>

--- original Nachricht Ende ----


------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in
Real-Time with Splunk. Collect, index and harness all the fast moving IT data
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText&#174; is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
Reply | Threaded
Open this post in threaded view
|

Re: HASH, SMARTCARD and PKCS#7 detached

iText mailing list
Op 28/02/2011 16:24, [hidden email] schreef:
> Hi Fra,
>
> as this topic turns out to be of general interest, I'll build a sample using Bouncy Castle. I'll post it to the list in the next days if noone else got some code at hand ...
That would be great.
I'll find a place on the itextpdf.com site somewhere to place it for
further reference.

------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in
Real-Time with Splunk. Collect, index and harness all the fast moving IT data
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText&#174; is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
Reply | Threaded
Open this post in threaded view
|

Re: HASH, SMARTCARD and PKCS#7 detached

0de55a
In reply to this post by fra
Hi Fra,

As I described above my solution used PERL script which transforms signed data from SmartCard into PKCS#7 format. The rest of Java code is described in the first post of this topic.

Best regards,
Andriy.
Reply | Threaded
Open this post in threaded view
|

Re: HASH, SMARTCARD and PKCS#7 detached

0de55a
In reply to this post by Andreas Kuehne-3
Hi Andreas,
 
   I believe a lot of people will appreciate you if they will have a good example on Java.

Best regards,
Andriy.
EOF
Reply | Threaded
Open this post in threaded view
|

Re: HASH, SMARTCARD and PKCS#7 detached

EOF
In reply to this post by 0de55a
Hi Andriy!
Have you solved this problem?
Thank you! Regards,
Francesco
Reply | Threaded
Open this post in threaded view
|

Re[2]: HASH, SMARTCARD and PKCS#7 detached

0de55a
Hi Francesco,

 Yes, I've solved it. But for the task I've used a trick with the solution based on Perl code actually.
 Perl module prepared the key in the required format and Java code just used it for the rest of things.
 If my memory services me well the author of library promised to create an example in Java using native access to the smart card avoiding using the drivers.
 Is there any progres?

Best regards,
Andriy.

> Hi Andriy!
> Have you solved this problem?
> Thank you! Regards,
> Francesco
>
> _______________________________________________
> If you reply to this email, your message will be added to the discussion below:
> http://itext-general.2136553.n4.nabble.com/HASH-SMARTCARD-and-PKCS-7-detached-tp3047252p3850243.html
>
> To unsubscribe from HASH, SMARTCARD and PKCS#7 detached, visit реклама -----------------------------------------------------------
Никогда не покупали в интернете?
Лучшее место для покупок онлайн -
http://aukro.ua