are the dictionary elements randomly placed?

> Because object numbering and their location in a PDF are completely free
> form – there are no requirements.
>
> Why does it matter?
>
> From: Alvaro Cuno <[hidden email]>
> Reply-To: Post here <[hidden email]>
> To: Post here <[hidden email]>
> Subject: [iText-questions] are the dictionary elements randomly placed?
>
>
> Hello all,
>
> I signed a same file (hello.pdf) three times using the next code:
>
>     public static void sign(String src, String dest)
>             throws IOException, DocumentException, KeyStoreException,
>             NoSuchAlgorithmException, CertificateException,
> UnrecoverableKeyException {
>
>         Security.addProvider(new BouncyCastleProvider());
>         KeyStore ks = KeyStore.getInstance("pkcs12");
>         ks.load(new FileInputStream("citizen1.p12"),
> "password".toCharArray());
>         String alias = (String) ks.aliases().nextElement();
>         PrivateKey key = (PrivateKey) ks.getKey(alias,
> "password".toCharArray());
>         Certificate[] chain = ks.getCertificateChain(alias);
>
>         PdfReader reader = new PdfReader(src);
>         FileOutputStream os = new FileOutputStream(dest);
>         PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0',
> null, true);
>         PdfSignatureAppearance appearance =
> stamper.getSignatureAppearance();
>         appearance.setAcro6Layers(true);
>         appearance.setCrypto(key, chain, null,
> PdfSignatureAppearance.WINCER_SIGNED);
>         appearance.setVisibleSignature(new Rectangle(160, 732, 232, 780), 1,
> null);
>         Calendar cal = Calendar.getInstance();
>         cal.setTime(new Date(0));
> appearance.setSignDate(cal);
>         stamper.close();
>     }
>
> Everything is ok and all digital signatures are valid, however I don't
> understand why the internal structures of the signed documents (see attached
> files) are different?
>
>
> hello-signed-1.pdf      hello-signed-2.pdf       hello-signed-3.pdf
>    ...                              ...                            ...
>    %%EOF                    %%EOF                   %%EOF
>    ...                              ...                            ...
>    10 0 obj                      10 0 obj                    10 0 obj
>    11 0 obj                        8 0 obj                    11 0 obj
>    12 0 obj                      11 0 obj                    12 0 obj
>     8 0 obj                        9 0 obj                      9 0 obj
>     9 0 obj                      12 0 obj                      8 0 obj
>     5 0 obj                        5 0 obj                      5 0 obj
>    ...                              ...                             ...
>
>
> The objects 8, 9 and 11 are related to /n0, /n2, /FRM  fields, ... these
> were inserted randomly? if yes, why?
>
> -
> Alvaro
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a
> reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples:
> http://itextpdf.com/themes/keywords.php

> Op 10/09/2012 1:29, Alvaro Cuno schreef:
>> Everything is ok and all digital signatures are valid, however I don't
>> understand why the internal structures of the signed documents (see
>> attached files) are different?
> 1. You're not using the most recent version of iText; the type of
> signature you're using will be deprecated in PDF 2.0. ISO-32000-2
> recommends: “To support backward compatibility, PDF readers should
> process this value for the /SubFilter key but PDF writers shall not use
> this value for that key.” Please upgrade to the latest iText version and
> use a different type of signature.
> 2. The only thing you need to know, is this: you're using bad software
> if you're able to produce two binary identical PDF files by running the
> same program twice. Object numbers shouldn't matter.
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php

>Ok, if not is a pdf standard requirement, how can I set the fixed form
>instead of the free form? that is it possible? ... I noticed the fact
>because I was experimenting implement digital signatures using
>multiple machines so I can use only local variables.
>
>Greats
>-
>Alvaro
>
>
>On 10 September 2012 01:58, Leonard Rosenthol <[hidden email]> wrote:
>> Because object numbering and their location in a PDF are completely free
>> form ­ there are no requirements.
>>
>> Why does it matter?
>>
>> From: Alvaro Cuno <[hidden email]>
>> Reply-To: Post here <[hidden email]>
>> To: Post here <[hidden email]>
>> Subject: [iText-questions] are the dictionary elements randomly placed?
>>
>>
>> Hello all,
>>
>> I signed a same file (hello.pdf) three times using the next code:
>>
>>     public static void sign(String src, String dest)
>>             throws IOException, DocumentException, KeyStoreException,
>>             NoSuchAlgorithmException, CertificateException,
>> UnrecoverableKeyException {
>>
>>         Security.addProvider(new BouncyCastleProvider());
>>         KeyStore ks = KeyStore.getInstance("pkcs12");
>>         ks.load(new FileInputStream("citizen1.p12"),
>> "password".toCharArray());
>>         String alias = (String) ks.aliases().nextElement();
>>         PrivateKey key = (PrivateKey) ks.getKey(alias,
>> "password".toCharArray());
>>         Certificate[] chain = ks.getCertificateChain(alias);
>>
>>         PdfReader reader = new PdfReader(src);
>>         FileOutputStream os = new FileOutputStream(dest);
>>         PdfStamper stamper = PdfStamper.createSignature(reader, os,
>>'\0',
>> null, true);
>>         PdfSignatureAppearance appearance =
>> stamper.getSignatureAppearance();
>>         appearance.setAcro6Layers(true);
>>         appearance.setCrypto(key, chain, null,
>> PdfSignatureAppearance.WINCER_SIGNED);
>>         appearance.setVisibleSignature(new Rectangle(160, 732, 232,
>>780), 1,
>> null);
>>         Calendar cal = Calendar.getInstance();
>>         cal.setTime(new Date(0));
>> appearance.setSignDate(cal);
>>         stamper.close();
>>     }
>>
>> Everything is ok and all digital signatures are valid, however I don't
>> understand why the internal structures of the signed documents (see
>>attached
>> files) are different?
>>
>>
>> hello-signed-1.pdf      hello-signed-2.pdf       hello-signed-3.pdf
>>    ...                              ...                            ...
>>    %%EOF                    %%EOF                   %%EOF
>>    ...                              ...                            ...
>>    10 0 obj                      10 0 obj                    10 0 obj
>>    11 0 obj                        8 0 obj                    11 0 obj
>>    12 0 obj                      11 0 obj                    12 0 obj
>>     8 0 obj                        9 0 obj                      9 0 obj
>>     9 0 obj                      12 0 obj                      8 0 obj
>>     5 0 obj                        5 0 obj                      5 0 obj
>>    ...                              ...                             ...
>>
>>
>> The objects 8, 9 and 11 are related to /n0, /n2, /FRM  fields, ... these
>> were inserted randomly? if yes, why?
>>
>> -
>> Alvaro
>>
>>
>>
>>-------------------------------------------------------------------------
>>-----
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond.
>>Discussions
>> will include endpoint security, mobile security and the latest in
>>malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> iText-questions mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>
>> iText(R) is a registered trademark of 1T3XT BVBA.
>> Many questions posted to this list can (and will) be answered with a
>> reference to the iText book: http://www.itextpdf.com/book/
>> Please check the keywords list before you ask for examples:
>> http://itextpdf.com/themes/keywords.php
>
>--------------------------------------------------------------------------
>----
>Live Security Virtual Conference
>Exclusive live event will cover all the ways today's security and
>threat landscape has changed and how IT managers can respond. Discussions
>will include endpoint security, mobile security and the latest in malware
>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>_______________________________________________
>iText-questions mailing list
>[hidden email]
>https://lists.sourceforge.net/lists/listinfo/itext-questions
>
>iText(R) is a registered trademark of 1T3XT BVBA.
>Many questions posted to this list can (and will) be answered with a
>reference to the iText book: http://www.itextpdf.com/book/
>Please check the keywords list before you ask for examples:
>http://itextpdf.com/themes/keywords.php

> Alvaro,
>
> Alvaro Cuno wrote
>>  I noticed the fact because I was experimenting implement digital
>> signatures using
>> multiple machines so I can use only local variables.
>
> You will soon see that there are more differences than just the order of
> objects: dates and ids especially.
>
> Please search the archives for "deferred signing".each time you create a
> stamper for signing, the hash of the bytes to sign is different. Some ideas
> on how to get around this problem have been presented on this list.
>
> Regards,   Michael
>
>
>
> --
> View this message in context: http://itext-general.2136553.n4.nabble.com/are-the-dictionary-elements-randomly-placed-tp4656235p4656255.html
> Sent from the iText - General mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php

> Neither iText nor any other PDF producer has such an option, because it
> serves no useful purpose.
>
> I still don't understand why it matters since the PDF is valid and
> processes correctly.
>
> Leonard
>
> On 9/11/12 5:30 AM, "Alvaro Cuno" <[hidden email]> wrote:
>
>>Ok, if not is a pdf standard requirement, how can I set the fixed form
>>instead of the free form? that is it possible? ... I noticed the fact
>>because I was experimenting implement digital signatures using
>>multiple machines so I can use only local variables.
>>
>>Greats
>>-
>>Alvaro
>>
>>
>>On 10 September 2012 01:58, Leonard Rosenthol <[hidden email]> wrote:
>>> Because object numbering and their location in a PDF are completely free
>>> form ­ there are no requirements.
>>>
>>> Why does it matter?
>>>
>>> From: Alvaro Cuno <[hidden email]>
>>> Reply-To: Post here <[hidden email]>
>>> To: Post here <[hidden email]>
>>> Subject: [iText-questions] are the dictionary elements randomly placed?
>>>
>>>
>>> Hello all,
>>>
>>> I signed a same file (hello.pdf) three times using the next code:
>>>
>>>     public static void sign(String src, String dest)
>>>             throws IOException, DocumentException, KeyStoreException,
>>>             NoSuchAlgorithmException, CertificateException,
>>> UnrecoverableKeyException {
>>>
>>>         Security.addProvider(new BouncyCastleProvider());
>>>         KeyStore ks = KeyStore.getInstance("pkcs12");
>>>         ks.load(new FileInputStream("citizen1.p12"),
>>> "password".toCharArray());
>>>         String alias = (String) ks.aliases().nextElement();
>>>         PrivateKey key = (PrivateKey) ks.getKey(alias,
>>> "password".toCharArray());
>>>         Certificate[] chain = ks.getCertificateChain(alias);
>>>
>>>         PdfReader reader = new PdfReader(src);
>>>         FileOutputStream os = new FileOutputStream(dest);
>>>         PdfStamper stamper = PdfStamper.createSignature(reader, os,
>>>'\0',
>>> null, true);
>>>         PdfSignatureAppearance appearance =
>>> stamper.getSignatureAppearance();
>>>         appearance.setAcro6Layers(true);
>>>         appearance.setCrypto(key, chain, null,
>>> PdfSignatureAppearance.WINCER_SIGNED);
>>>         appearance.setVisibleSignature(new Rectangle(160, 732, 232,
>>>780), 1,
>>> null);
>>>         Calendar cal = Calendar.getInstance();
>>>         cal.setTime(new Date(0));
>>> appearance.setSignDate(cal);
>>>         stamper.close();
>>>     }
>>>
>>> Everything is ok and all digital signatures are valid, however I don't
>>> understand why the internal structures of the signed documents (see
>>>attached
>>> files) are different?
>>>
>>>
>>> hello-signed-1.pdf      hello-signed-2.pdf       hello-signed-3.pdf
>>>    ...                              ...                            ...
>>>    %%EOF                    %%EOF                   %%EOF
>>>    ...                              ...                            ...
>>>    10 0 obj                      10 0 obj                    10 0 obj
>>>    11 0 obj                        8 0 obj                    11 0 obj
>>>    12 0 obj                      11 0 obj                    12 0 obj
>>>     8 0 obj                        9 0 obj                      9 0 obj
>>>     9 0 obj                      12 0 obj                      8 0 obj
>>>     5 0 obj                        5 0 obj                      5 0 obj
>>>    ...                              ...                             ...
>>>
>>>
>>> The objects 8, 9 and 11 are related to /n0, /n2, /FRM  fields, ... these
>>> were inserted randomly? if yes, why?
>>>
>>> -
>>> Alvaro
>>>
>>>
>>>
>>>-------------------------------------------------------------------------
>>>-----
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond.
>>>Discussions
>>> will include endpoint security, mobile security and the latest in
>>>malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> iText-questions mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>
>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>> Many questions posted to this list can (and will) be answered with a
>>> reference to the iText book: http://www.itextpdf.com/book/
>>> Please check the keywords list before you ask for examples:
>>> http://itextpdf.com/themes/keywords.php
>>
>>--------------------------------------------------------------------------
>>----
>>Live Security Virtual Conference
>>Exclusive live event will cover all the ways today's security and
>>threat landscape has changed and how IT managers can respond. Discussions
>>will include endpoint security, mobile security and the latest in malware
>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>_______________________________________________
>>iText-questions mailing list
>>[hidden email]
>>https://lists.sourceforge.net/lists/listinfo/itext-questions
>>
>>iText(R) is a registered trademark of 1T3XT BVBA.
>>Many questions posted to this list can (and will) be answered with a
>>reference to the iText book: http://www.itextpdf.com/book/
>>Please check the keywords list before you ask for examples:
>>http://itextpdf.com/themes/keywords.php
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php

>Hello, a useful example is on deferred signing ...
>
>Alvaro
>
>On 11 September 2012 02:00, Leonard Rosenthol <[hidden email]> wrote:
>> Neither iText nor any other PDF producer has such an option, because it
>> serves no useful purpose.
>>
>> I still don't understand why it matters since the PDF is valid and
>> processes correctly.
>>
>> Leonard
>>
>> On 9/11/12 5:30 AM, "Alvaro Cuno" <[hidden email]> wrote:
>>
>>>Ok, if not is a pdf standard requirement, how can I set the fixed form
>>>instead of the free form? that is it possible? ... I noticed the fact
>>>because I was experimenting implement digital signatures using
>>>multiple machines so I can use only local variables.
>>>
>>>Greats
>>>-
>>>Alvaro
>>>
>>>
>>>On 10 September 2012 01:58, Leonard Rosenthol <[hidden email]>
>>>wrote:
>>>> Because object numbering and their location in a PDF are completely
>>>>free
>>>> form ­ there are no requirements.
>>>>
>>>> Why does it matter?
>>>>
>>>> From: Alvaro Cuno <[hidden email]>
>>>> Reply-To: Post here <[hidden email]>
>>>> To: Post here <[hidden email]>
>>>> Subject: [iText-questions] are the dictionary elements randomly
>>>>placed?
>>>>
>>>>
>>>> Hello all,
>>>>
>>>> I signed a same file (hello.pdf) three times using the next code:
>>>>
>>>>     public static void sign(String src, String dest)
>>>>             throws IOException, DocumentException, KeyStoreException,
>>>>             NoSuchAlgorithmException, CertificateException,
>>>> UnrecoverableKeyException {
>>>>
>>>>         Security.addProvider(new BouncyCastleProvider());
>>>>         KeyStore ks = KeyStore.getInstance("pkcs12");
>>>>         ks.load(new FileInputStream("citizen1.p12"),
>>>> "password".toCharArray());
>>>>         String alias = (String) ks.aliases().nextElement();
>>>>         PrivateKey key = (PrivateKey) ks.getKey(alias,
>>>> "password".toCharArray());
>>>>         Certificate[] chain = ks.getCertificateChain(alias);
>>>>
>>>>         PdfReader reader = new PdfReader(src);
>>>>         FileOutputStream os = new FileOutputStream(dest);
>>>>         PdfStamper stamper = PdfStamper.createSignature(reader, os,
>>>>'\0',
>>>> null, true);
>>>>         PdfSignatureAppearance appearance =
>>>> stamper.getSignatureAppearance();
>>>>         appearance.setAcro6Layers(true);
>>>>         appearance.setCrypto(key, chain, null,
>>>> PdfSignatureAppearance.WINCER_SIGNED);
>>>>         appearance.setVisibleSignature(new Rectangle(160, 732, 232,
>>>>780), 1,
>>>> null);
>>>>         Calendar cal = Calendar.getInstance();
>>>>         cal.setTime(new Date(0));
>>>> appearance.setSignDate(cal);
>>>>         stamper.close();
>>>>     }
>>>>
>>>> Everything is ok and all digital signatures are valid, however I don't
>>>> understand why the internal structures of the signed documents (see
>>>>attached
>>>> files) are different?
>>>>
>>>>
>>>> hello-signed-1.pdf      hello-signed-2.pdf       hello-signed-3.pdf
>>>>    ...                              ...                            ...
>>>>    %%EOF                    %%EOF                   %%EOF
>>>>    ...                              ...                            ...
>>>>    10 0 obj                      10 0 obj                    10 0 obj
>>>>    11 0 obj                        8 0 obj                    11 0 obj
>>>>    12 0 obj                      11 0 obj                    12 0 obj
>>>>     8 0 obj                        9 0 obj                      9 0
>>>>obj
>>>>     9 0 obj                      12 0 obj                      8 0 obj
>>>>     5 0 obj                        5 0 obj                      5 0
>>>>obj
>>>>    ...                              ...
>>>>...
>>>>
>>>>
>>>> The objects 8, 9 and 11 are related to /n0, /n2, /FRM  fields, ...
>>>>these
>>>> were inserted randomly? if yes, why?
>>>>
>>>> -
>>>> Alvaro
>>>>
>>>>
>>>>
>>>>-----------------------------------------------------------------------
>>>>--
>>>>-----
>>>> Live Security Virtual Conference
>>>> Exclusive live event will cover all the ways today's security and
>>>> threat landscape has changed and how IT managers can respond.
>>>>Discussions
>>>> will include endpoint security, mobile security and the latest in
>>>>malware
>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>> _______________________________________________
>>>> iText-questions mailing list
>>>> [hidden email]
>>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>
>>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>>> Many questions posted to this list can (and will) be answered with a
>>>> reference to the iText book: http://www.itextpdf.com/book/
>>>> Please check the keywords list before you ask for examples:
>>>> http://itextpdf.com/themes/keywords.php
>>>
>>>------------------------------------------------------------------------
>>>--
>>>----
>>>Live Security Virtual Conference
>>>Exclusive live event will cover all the ways today's security and
>>>threat landscape has changed and how IT managers can respond.
>>>Discussions
>>>will include endpoint security, mobile security and the latest in
>>>malware
>>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>_______________________________________________
>>>iText-questions mailing list
>>>[hidden email]
>>>https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>
>>>iText(R) is a registered trademark of 1T3XT BVBA.
>>>Many questions posted to this list can (and will) be answered with a
>>>reference to the iText book: http://www.itextpdf.com/book/
>>>Please check the keywords list before you ask for examples:
>>>http://itextpdf.com/themes/keywords.php
>>
>>
>>
>>-------------------------------------------------------------------------
>>-----
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond.
>>Discussions
>> will include endpoint security, mobile security and the latest in
>>malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> iText-questions mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>
>> iText(R) is a registered trademark of 1T3XT BVBA.
>> Many questions posted to this list can (and will) be answered with a
>>reference to the iText book: http://www.itextpdf.com/book/
>> Please check the keywords list before you ask for examples:
>>http://itextpdf.com/themes/keywords.php
>
>--------------------------------------------------------------------------
>----
>Live Security Virtual Conference
>Exclusive live event will cover all the ways today's security and
>threat landscape has changed and how IT managers can respond. Discussions
>will include endpoint security, mobile security and the latest in malware
>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>_______________________________________________
>iText-questions mailing list
>[hidden email]
>https://lists.sourceforge.net/lists/listinfo/itext-questions
>
>iText(R) is a registered trademark of 1T3XT BVBA.
>Many questions posted to this list can (and will) be answered with a
>reference to the iText book: http://www.itextpdf.com/book/
>Please check the keywords list before you ask for examples:
>http://itextpdf.com/themes/keywords.php

> Deferred signing doesn't care about the order of the objects….
>
> People have been implementing such for over a decade w/o any problems….
>
> Leonard
>
> On 9/12/12 6:00 AM, "Alvaro Cuno" <[hidden email]> wrote:
>
>>Hello, a useful example is on deferred signing ...
>>
>>Alvaro
>>
>>On 11 September 2012 02:00, Leonard Rosenthol <[hidden email]> wrote:
>>> Neither iText nor any other PDF producer has such an option, because it
>>> serves no useful purpose.
>>>
>>> I still don't understand why it matters since the PDF is valid and
>>> processes correctly.
>>>
>>> Leonard
>>>
>>> On 9/11/12 5:30 AM, "Alvaro Cuno" <[hidden email]> wrote:
>>>
>>>>Ok, if not is a pdf standard requirement, how can I set the fixed form
>>>>instead of the free form? that is it possible? ... I noticed the fact
>>>>because I was experimenting implement digital signatures using
>>>>multiple machines so I can use only local variables.
>>>>
>>>>Greats
>>>>-
>>>>Alvaro
>>>>
>>>>
>>>>On 10 September 2012 01:58, Leonard Rosenthol <[hidden email]>
>>>>wrote:
>>>>> Because object numbering and their location in a PDF are completely
>>>>>free
>>>>> form ­ there are no requirements.
>>>>>
>>>>> Why does it matter?
>>>>>
>>>>> From: Alvaro Cuno <[hidden email]>
>>>>> Reply-To: Post here <[hidden email]>
>>>>> To: Post here <[hidden email]>
>>>>> Subject: [iText-questions] are the dictionary elements randomly
>>>>>placed?
>>>>>
>>>>>
>>>>> Hello all,
>>>>>
>>>>> I signed a same file (hello.pdf) three times using the next code:
>>>>>
>>>>>     public static void sign(String src, String dest)
>>>>>             throws IOException, DocumentException, KeyStoreException,
>>>>>             NoSuchAlgorithmException, CertificateException,
>>>>> UnrecoverableKeyException {
>>>>>
>>>>>         Security.addProvider(new BouncyCastleProvider());
>>>>>         KeyStore ks = KeyStore.getInstance("pkcs12");
>>>>>         ks.load(new FileInputStream("citizen1.p12"),
>>>>> "password".toCharArray());
>>>>>         String alias = (String) ks.aliases().nextElement();
>>>>>         PrivateKey key = (PrivateKey) ks.getKey(alias,
>>>>> "password".toCharArray());
>>>>>         Certificate[] chain = ks.getCertificateChain(alias);
>>>>>
>>>>>         PdfReader reader = new PdfReader(src);
>>>>>         FileOutputStream os = new FileOutputStream(dest);
>>>>>         PdfStamper stamper = PdfStamper.createSignature(reader, os,
>>>>>'\0',
>>>>> null, true);
>>>>>         PdfSignatureAppearance appearance =
>>>>> stamper.getSignatureAppearance();
>>>>>         appearance.setAcro6Layers(true);
>>>>>         appearance.setCrypto(key, chain, null,
>>>>> PdfSignatureAppearance.WINCER_SIGNED);
>>>>>         appearance.setVisibleSignature(new Rectangle(160, 732, 232,
>>>>>780), 1,
>>>>> null);
>>>>>         Calendar cal = Calendar.getInstance();
>>>>>         cal.setTime(new Date(0));
>>>>> appearance.setSignDate(cal);
>>>>>         stamper.close();
>>>>>     }
>>>>>
>>>>> Everything is ok and all digital signatures are valid, however I don't
>>>>> understand why the internal structures of the signed documents (see
>>>>>attached
>>>>> files) are different?
>>>>>
>>>>>
>>>>> hello-signed-1.pdf      hello-signed-2.pdf       hello-signed-3.pdf
>>>>>    ...                              ...                            ...
>>>>>    %%EOF                    %%EOF                   %%EOF
>>>>>    ...                              ...                            ...
>>>>>    10 0 obj                      10 0 obj                    10 0 obj
>>>>>    11 0 obj                        8 0 obj                    11 0 obj
>>>>>    12 0 obj                      11 0 obj                    12 0 obj
>>>>>     8 0 obj                        9 0 obj                      9 0
>>>>>obj
>>>>>     9 0 obj                      12 0 obj                      8 0 obj
>>>>>     5 0 obj                        5 0 obj                      5 0
>>>>>obj
>>>>>    ...                              ...
>>>>>...
>>>>>
>>>>>
>>>>> The objects 8, 9 and 11 are related to /n0, /n2, /FRM  fields, ...
>>>>>these
>>>>> were inserted randomly? if yes, why?
>>>>>
>>>>> -
>>>>> Alvaro
>>>>>
>>>>>
>>>>>
>>>>>-----------------------------------------------------------------------
>>>>>--
>>>>>-----
>>>>> Live Security Virtual Conference
>>>>> Exclusive live event will cover all the ways today's security and
>>>>> threat landscape has changed and how IT managers can respond.
>>>>>Discussions
>>>>> will include endpoint security, mobile security and the latest in
>>>>>malware
>>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>> _______________________________________________
>>>>> iText-questions mailing list
>>>>> [hidden email]
>>>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>>
>>>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>>>> Many questions posted to this list can (and will) be answered with a
>>>>> reference to the iText book: http://www.itextpdf.com/book/
>>>>> Please check the keywords list before you ask for examples:
>>>>> http://itextpdf.com/themes/keywords.php
>>>>
>>>>------------------------------------------------------------------------
>>>>--
>>>>----
>>>>Live Security Virtual Conference
>>>>Exclusive live event will cover all the ways today's security and
>>>>threat landscape has changed and how IT managers can respond.
>>>>Discussions
>>>>will include endpoint security, mobile security and the latest in
>>>>malware
>>>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>_______________________________________________
>>>>iText-questions mailing list
>>>>[hidden email]
>>>>https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>
>>>>iText(R) is a registered trademark of 1T3XT BVBA.
>>>>Many questions posted to this list can (and will) be answered with a
>>>>reference to the iText book: http://www.itextpdf.com/book/
>>>>Please check the keywords list before you ask for examples:
>>>>http://itextpdf.com/themes/keywords.php
>>>
>>>
>>>
>>>-------------------------------------------------------------------------
>>>-----
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond.
>>>Discussions
>>> will include endpoint security, mobile security and the latest in
>>>malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> iText-questions mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>
>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>> Many questions posted to this list can (and will) be answered with a
>>>reference to the iText book: http://www.itextpdf.com/book/
>>> Please check the keywords list before you ask for examples:
>>>http://itextpdf.com/themes/keywords.php
>>
>>--------------------------------------------------------------------------
>>----
>>Live Security Virtual Conference
>>Exclusive live event will cover all the ways today's security and
>>threat landscape has changed and how IT managers can respond. Discussions
>>will include endpoint security, mobile security and the latest in malware
>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>_______________________________________________
>>iText-questions mailing list
>>[hidden email]
>>https://lists.sourceforge.net/lists/listinfo/itext-questions
>>
>>iText(R) is a registered trademark of 1T3XT BVBA.
>>Many questions posted to this list can (and will) be answered with a
>>reference to the iText book: http://www.itextpdf.com/book/
>>Please check the keywords list before you ask for examples:
>>http://itextpdf.com/themes/keywords.php
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php

> Alvaro,
>
> Alvaro Cuno wrote
>> I found some discussions about deferred signing:
>
> Ok. So you do have some hints on how to continue.
>
> Alvaro Cuno wrote
>> Certainly, the FileID and the ModDate are mentioned but nothing about the
>> order of the objects is discussed. Where I can read about that? Is this
>> documented?
>
> More to the point: iText nowhere promisses or documents that running the
> same code produces PDFs with identical object IDs and identical order of
> objects. So why should it be expected to do so?
>
> I have not yet noticed different orders of objects myself, but as I have not
> expected the order to be a constant, I might simply have overlooked it. It
> after all is irrelevant...
>
> In my opinion you should try and check your use case. If I understand you
> correctly, you want to calculate the digest value of the document byte
> ranges to sign on one machine A, send that digest somewhere for signing, and
> receive the signature on yet another machine B to combine it with the
> original, unprocessed PDF.
>
> As stated in the postings to this mailing list you already found, simply
> starting the integrated signing process independently on machines A and B
> does not work as long as you want to use an unpatched iText.
>
> If those processes have to be separated that far, you instead have to store
> the result of the unfinished signing process (after maybe marking the
> signature value placeholder in some unique way) on machine A to some storage
> accessible from machine B, and on machine B you later have to insert the
> retrieved signature into that unfinished result.
>
> On this mailing list Andreas Kühne numerous times pointed to an
> implementation of that process.
>
> You actually can optimize that process somewhat: If signing in append mode,
> you only need to place the appended bytes into that storage, and you can
> also skip the placeholder as long as you remember its position and length.
> This way you may be able to restrict the intermediate storage requirements.
>
> Regards,   Michael
>
> PS: You should consider updating the iText version you use and also select a
> different signature type: adbe.pkcs7.sha1 is a bad choice.
>
>
>
> --
> View this message in context: http://itext-general.2136553.n4.nabble.com/are-the-dictionary-elements-randomly-placed-tp4656235p4656285.html
> Sent from the iText - General mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php

>Sorry, I was too brief ... let me explain more in detail my use case:
>
>Computer1                         Computer2            Computer3
>  o----getMetahash(pdf, params)--->o
>  o<---------------metahash---------------o
>  o-------------------------------cipher(metahash)------------->o
>  o<----------------------------------signature----------------------o
>  o-------signDoc(pdf, signature)---->o
>  o<-----signedPdf-------------------------o
>
>Notice that the only one needs to know about pdf processing is
>Computer2, and because it can't store any intermediate results
>Computer2 need to generate the same pdf structure twice. I think the
>setting before is a deferred signing because the multiple steps.
>
>However, if the placement of objects is random then I will have to
>redesign the previous scenario.
>
>Thanks for the advice
>
>-
>Alvaro
>
>On 12 September 2012 00:37, Leonard Rosenthol <[hidden email]> wrote:
>> Deferred signing doesn't care about the order of the objects….
>>
>> People have been implementing such for over a decade w/o any problems….
>>
>> Leonard
>>
>> On 9/12/12 6:00 AM, "Alvaro Cuno" <[hidden email]> wrote:
>>
>>>Hello, a useful example is on deferred signing ...
>>>
>>>Alvaro
>>>
>>>On 11 September 2012 02:00, Leonard Rosenthol <[hidden email]>
>>>wrote:
>>>> Neither iText nor any other PDF producer has such an option, because
>>>>it
>>>> serves no useful purpose.
>>>>
>>>> I still don't understand why it matters since the PDF is valid and
>>>> processes correctly.
>>>>
>>>> Leonard
>>>>
>>>> On 9/11/12 5:30 AM, "Alvaro Cuno" <[hidden email]> wrote:
>>>>
>>>>>Ok, if not is a pdf standard requirement, how can I set the fixed form
>>>>>instead of the free form? that is it possible? ... I noticed the fact
>>>>>because I was experimenting implement digital signatures using
>>>>>multiple machines so I can use only local variables.
>>>>>
>>>>>Greats
>>>>>-
>>>>>Alvaro
>>>>>
>>>>>
>>>>>On 10 September 2012 01:58, Leonard Rosenthol <[hidden email]>
>>>>>wrote:
>>>>>> Because object numbering and their location in a PDF are completely
>>>>>>free
>>>>>> form ­ there are no requirements.
>>>>>>
>>>>>> Why does it matter?
>>>>>>
>>>>>> From: Alvaro Cuno <[hidden email]>
>>>>>> Reply-To: Post here <[hidden email]>
>>>>>> To: Post here <[hidden email]>
>>>>>> Subject: [iText-questions] are the dictionary elements randomly
>>>>>>placed?
>>>>>>
>>>>>>
>>>>>> Hello all,
>>>>>>
>>>>>> I signed a same file (hello.pdf) three times using the next code:
>>>>>>
>>>>>>     public static void sign(String src, String dest)
>>>>>>             throws IOException, DocumentException,
>>>>>>KeyStoreException,
>>>>>>             NoSuchAlgorithmException, CertificateException,
>>>>>> UnrecoverableKeyException {
>>>>>>
>>>>>>         Security.addProvider(new BouncyCastleProvider());
>>>>>>         KeyStore ks = KeyStore.getInstance("pkcs12");
>>>>>>         ks.load(new FileInputStream("citizen1.p12"),
>>>>>> "password".toCharArray());
>>>>>>         String alias = (String) ks.aliases().nextElement();
>>>>>>         PrivateKey key = (PrivateKey) ks.getKey(alias,
>>>>>> "password".toCharArray());
>>>>>>         Certificate[] chain = ks.getCertificateChain(alias);
>>>>>>
>>>>>>         PdfReader reader = new PdfReader(src);
>>>>>>         FileOutputStream os = new FileOutputStream(dest);
>>>>>>         PdfStamper stamper = PdfStamper.createSignature(reader, os,
>>>>>>'\0',
>>>>>> null, true);
>>>>>>         PdfSignatureAppearance appearance =
>>>>>> stamper.getSignatureAppearance();
>>>>>>         appearance.setAcro6Layers(true);
>>>>>>         appearance.setCrypto(key, chain, null,
>>>>>> PdfSignatureAppearance.WINCER_SIGNED);
>>>>>>         appearance.setVisibleSignature(new Rectangle(160, 732, 232,
>>>>>>780), 1,
>>>>>> null);
>>>>>>         Calendar cal = Calendar.getInstance();
>>>>>>         cal.setTime(new Date(0));
>>>>>> appearance.setSignDate(cal);
>>>>>>         stamper.close();
>>>>>>     }
>>>>>>
>>>>>> Everything is ok and all digital signatures are valid, however I
>>>>>>don't
>>>>>> understand why the internal structures of the signed documents (see
>>>>>>attached
>>>>>> files) are different?
>>>>>>
>>>>>>
>>>>>> hello-signed-1.pdf      hello-signed-2.pdf       hello-signed-3.pdf
>>>>>>    ...                              ...
>>>>>>...
>>>>>>    %%EOF                    %%EOF                   %%EOF
>>>>>>    ...                              ...
>>>>>>...
>>>>>>    10 0 obj                      10 0 obj                    10 0
>>>>>>obj
>>>>>>    11 0 obj                        8 0 obj                    11 0
>>>>>>obj
>>>>>>    12 0 obj                      11 0 obj                    12 0
>>>>>>obj
>>>>>>     8 0 obj                        9 0 obj                      9 0
>>>>>>obj
>>>>>>     9 0 obj                      12 0 obj                      8 0
>>>>>>obj
>>>>>>     5 0 obj                        5 0 obj                      5 0
>>>>>>obj
>>>>>>    ...                              ...
>>>>>>...
>>>>>>
>>>>>>
>>>>>> The objects 8, 9 and 11 are related to /n0, /n2, /FRM  fields, ...
>>>>>>these
>>>>>> were inserted randomly? if yes, why?
>>>>>>
>>>>>> -
>>>>>> Alvaro
>>>>>>
>>>>>>
>>>>>>
>>>>>>---------------------------------------------------------------------
>>>>>>--
>>>>>>--
>>>>>>-----
>>>>>> Live Security Virtual Conference
>>>>>> Exclusive live event will cover all the ways today's security and
>>>>>> threat landscape has changed and how IT managers can respond.
>>>>>>Discussions
>>>>>> will include endpoint security, mobile security and the latest in
>>>>>>malware
>>>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>>> _______________________________________________
>>>>>> iText-questions mailing list
>>>>>> [hidden email]
>>>>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>>>
>>>>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>>>>> Many questions posted to this list can (and will) be answered with a
>>>>>> reference to the iText book: http://www.itextpdf.com/book/
>>>>>> Please check the keywords list before you ask for examples:
>>>>>> http://itextpdf.com/themes/keywords.php
>>>>>
>>>>>----------------------------------------------------------------------
>>>>>--
>>>>>--
>>>>>----
>>>>>Live Security Virtual Conference
>>>>>Exclusive live event will cover all the ways today's security and
>>>>>threat landscape has changed and how IT managers can respond.
>>>>>Discussions
>>>>>will include endpoint security, mobile security and the latest in
>>>>>malware
>>>>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>>_______________________________________________
>>>>>iText-questions mailing list
>>>>>[hidden email]
>>>>>https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>>
>>>>>iText(R) is a registered trademark of 1T3XT BVBA.
>>>>>Many questions posted to this list can (and will) be answered with a
>>>>>reference to the iText book: http://www.itextpdf.com/book/
>>>>>Please check the keywords list before you ask for examples:
>>>>>http://itextpdf.com/themes/keywords.php
>>>>
>>>>
>>>>
>>>>-----------------------------------------------------------------------
>>>>--
>>>>-----
>>>> Live Security Virtual Conference
>>>> Exclusive live event will cover all the ways today's security and
>>>> threat landscape has changed and how IT managers can respond.
>>>>Discussions
>>>> will include endpoint security, mobile security and the latest in
>>>>malware
>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>> _______________________________________________
>>>> iText-questions mailing list
>>>> [hidden email]
>>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>
>>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>>> Many questions posted to this list can (and will) be answered with a
>>>>reference to the iText book: http://www.itextpdf.com/book/
>>>> Please check the keywords list before you ask for examples:
>>>>http://itextpdf.com/themes/keywords.php
>>>
>>>------------------------------------------------------------------------
>>>--
>>>----
>>>Live Security Virtual Conference
>>>Exclusive live event will cover all the ways today's security and
>>>threat landscape has changed and how IT managers can respond.
>>>Discussions
>>>will include endpoint security, mobile security and the latest in
>>>malware
>>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>_______________________________________________
>>>iText-questions mailing list
>>>[hidden email]
>>>https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>
>>>iText(R) is a registered trademark of 1T3XT BVBA.
>>>Many questions posted to this list can (and will) be answered with a
>>>reference to the iText book: http://www.itextpdf.com/book/
>>>Please check the keywords list before you ask for examples:
>>>http://itextpdf.com/themes/keywords.php
>>
>>
>>-------------------------------------------------------------------------
>>-----
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond.
>>Discussions
>> will include endpoint security, mobile security and the latest in
>>malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> iText-questions mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>
>> iText(R) is a registered trademark of 1T3XT BVBA.
>> Many questions posted to this list can (and will) be answered with a
>>reference to the iText book: http://www.itextpdf.com/book/
>> Please check the keywords list before you ask for examples:
>>http://itextpdf.com/themes/keywords.php
>
>--------------------------------------------------------------------------
>----
>Live Security Virtual Conference
>Exclusive live event will cover all the ways today's security and
>threat landscape has changed and how IT managers can respond. Discussions
>will include endpoint security, mobile security and the latest in malware
>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>_______________________________________________
>iText-questions mailing list
>[hidden email]
>https://lists.sourceforge.net/lists/listinfo/itext-questions
>
>iText(R) is a registered trademark of 1T3XT BVBA.
>Many questions posted to this list can (and will) be answered with a
>reference to the iText book: http://www.itextpdf.com/book/
>Please check the keywords list before you ask for examples:
>http://itextpdf.com/themes/keywords.php

>Thanks you very much, now things are more clear for me. One last
>question (I promise), the randomness of fileID, ModDate and placement
>of the objects is for security reasons?
>
>Thanks in advance.
>
>
>On 12 September 2012 04:01, mkl <[hidden email]> wrote:
>> Alvaro,
>>
>> Alvaro Cuno wrote
>>> I found some discussions about deferred signing:
>>
>> Ok. So you do have some hints on how to continue.
>>
>> Alvaro Cuno wrote
>>> Certainly, the FileID and the ModDate are mentioned but nothing about
>>>the
>>> order of the objects is discussed. Where I can read about that? Is this
>>> documented?
>>
>> More to the point: iText nowhere promisses or documents that running the
>> same code produces PDFs with identical object IDs and identical order of
>> objects. So why should it be expected to do so?
>>
>> I have not yet noticed different orders of objects myself, but as I
>>have not
>> expected the order to be a constant, I might simply have overlooked it.
>>It
>> after all is irrelevant...
>>
>> In my opinion you should try and check your use case. If I understand
>>you
>> correctly, you want to calculate the digest value of the document byte
>> ranges to sign on one machine A, send that digest somewhere for
>>signing, and
>> receive the signature on yet another machine B to combine it with the
>> original, unprocessed PDF.
>>
>> As stated in the postings to this mailing list you already found, simply
>> starting the integrated signing process independently on machines A and
>>B
>> does not work as long as you want to use an unpatched iText.
>>
>> If those processes have to be separated that far, you instead have to
>>store
>> the result of the unfinished signing process (after maybe marking the
>> signature value placeholder in some unique way) on machine A to some
>>storage
>> accessible from machine B, and on machine B you later have to insert the
>> retrieved signature into that unfinished result.
>>
>> On this mailing list Andreas Kühne numerous times pointed to an
>> implementation of that process.
>>
>> You actually can optimize that process somewhat: If signing in append
>>mode,
>> you only need to place the appended bytes into that storage, and you can
>> also skip the placeholder as long as you remember its position and
>>length.
>> This way you may be able to restrict the intermediate storage
>>requirements.
>>
>> Regards,   Michael
>>
>> PS: You should consider updating the iText version you use and also
>>select a
>> different signature type: adbe.pkcs7.sha1 is a bad choice.
>>
>>
>>
>> --
>> View this message in context:
>>http://itext-general.2136553.n4.nabble.com/are-the-dictionary-elements-ra
>>ndomly-placed-tp4656235p4656285.html
>> Sent from the iText - General mailing list archive at Nabble.com.
>>
>>
>>-------------------------------------------------------------------------
>>-----
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond.
>>Discussions
>> will include endpoint security, mobile security and the latest in
>>malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> iText-questions mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>
>> iText(R) is a registered trademark of 1T3XT BVBA.
>> Many questions posted to this list can (and will) be answered with a
>>reference to the iText book: http://www.itextpdf.com/book/
>> Please check the keywords list before you ask for examples:
>>http://itextpdf.com/themes/keywords.php
>
>--------------------------------------------------------------------------
>----
>Live Security Virtual Conference
>Exclusive live event will cover all the ways today's security and
>threat landscape has changed and how IT managers can respond. Discussions
>will include endpoint security, mobile security and the latest in malware
>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>_______________________________________________
>iText-questions mailing list
>[hidden email]
>https://lists.sourceforge.net/lists/listinfo/itext-questions
>
>iText(R) is a registered trademark of 1T3XT BVBA.
>Many questions posted to this list can (and will) be answered with a
>reference to the iText book: http://www.itextpdf.com/book/
>Please check the keywords list before you ask for examples:
>http://itextpdf.com/themes/keywords.php

> Why would you ever want a scenario with three computers to do something as
> simple as signing a file?  This just seems like extreme overkill for no
> practical reason.
>
> As discussed, you will either need to cache the "prepared for signing"
> file or modify the iText sources.
>
> Leonard
>
> On 9/13/12 5:42 AM, "Alvaro Cuno" <[hidden email]> wrote:
>
>>Sorry, I was too brief ... let me explain more in detail my use case:
>>
>>Computer1                         Computer2            Computer3
>>  o----getMetahash(pdf, params)--->o
>>  o<---------------metahash---------------o
>>  o-------------------------------cipher(metahash)------------->o
>>  o<----------------------------------signature----------------------o
>>  o-------signDoc(pdf, signature)---->o
>>  o<-----signedPdf-------------------------o
>>
>>Notice that the only one needs to know about pdf processing is
>>Computer2, and because it can't store any intermediate results
>>Computer2 need to generate the same pdf structure twice. I think the
>>setting before is a deferred signing because the multiple steps.
>>
>>However, if the placement of objects is random then I will have to
>>redesign the previous scenario.
>>
>>Thanks for the advice
>>
>>-
>>Alvaro
>>
>>On 12 September 2012 00:37, Leonard Rosenthol <[hidden email]> wrote:
>>> Deferred signing doesn't care about the order of the objects….
>>>
>>> People have been implementing such for over a decade w/o any problems….
>>>
>>> Leonard
>>>
>>> On 9/12/12 6:00 AM, "Alvaro Cuno" <[hidden email]> wrote:
>>>
>>>>Hello, a useful example is on deferred signing ...
>>>>
>>>>Alvaro
>>>>
>>>>On 11 September 2012 02:00, Leonard Rosenthol <[hidden email]>
>>>>wrote:
>>>>> Neither iText nor any other PDF producer has such an option, because
>>>>>it
>>>>> serves no useful purpose.
>>>>>
>>>>> I still don't understand why it matters since the PDF is valid and
>>>>> processes correctly.
>>>>>
>>>>> Leonard
>>>>>
>>>>> On 9/11/12 5:30 AM, "Alvaro Cuno" <[hidden email]> wrote:
>>>>>
>>>>>>Ok, if not is a pdf standard requirement, how can I set the fixed form
>>>>>>instead of the free form? that is it possible? ... I noticed the fact
>>>>>>because I was experimenting implement digital signatures using
>>>>>>multiple machines so I can use only local variables.
>>>>>>
>>>>>>Greats
>>>>>>-
>>>>>>Alvaro
>>>>>>
>>>>>>
>>>>>>On 10 September 2012 01:58, Leonard Rosenthol <[hidden email]>
>>>>>>wrote:
>>>>>>> Because object numbering and their location in a PDF are completely
>>>>>>>free
>>>>>>> form ­ there are no requirements.
>>>>>>>
>>>>>>> Why does it matter?
>>>>>>>
>>>>>>> From: Alvaro Cuno <[hidden email]>
>>>>>>> Reply-To: Post here <[hidden email]>
>>>>>>> To: Post here <[hidden email]>
>>>>>>> Subject: [iText-questions] are the dictionary elements randomly
>>>>>>>placed?
>>>>>>>
>>>>>>>
>>>>>>> Hello all,
>>>>>>>
>>>>>>> I signed a same file (hello.pdf) three times using the next code:
>>>>>>>
>>>>>>>     public static void sign(String src, String dest)
>>>>>>>             throws IOException, DocumentException,
>>>>>>>KeyStoreException,
>>>>>>>             NoSuchAlgorithmException, CertificateException,
>>>>>>> UnrecoverableKeyException {
>>>>>>>
>>>>>>>         Security.addProvider(new BouncyCastleProvider());
>>>>>>>         KeyStore ks = KeyStore.getInstance("pkcs12");
>>>>>>>         ks.load(new FileInputStream("citizen1.p12"),
>>>>>>> "password".toCharArray());
>>>>>>>         String alias = (String) ks.aliases().nextElement();
>>>>>>>         PrivateKey key = (PrivateKey) ks.getKey(alias,
>>>>>>> "password".toCharArray());
>>>>>>>         Certificate[] chain = ks.getCertificateChain(alias);
>>>>>>>
>>>>>>>         PdfReader reader = new PdfReader(src);
>>>>>>>         FileOutputStream os = new FileOutputStream(dest);
>>>>>>>         PdfStamper stamper = PdfStamper.createSignature(reader, os,
>>>>>>>'\0',
>>>>>>> null, true);
>>>>>>>         PdfSignatureAppearance appearance =
>>>>>>> stamper.getSignatureAppearance();
>>>>>>>         appearance.setAcro6Layers(true);
>>>>>>>         appearance.setCrypto(key, chain, null,
>>>>>>> PdfSignatureAppearance.WINCER_SIGNED);
>>>>>>>         appearance.setVisibleSignature(new Rectangle(160, 732, 232,
>>>>>>>780), 1,
>>>>>>> null);
>>>>>>>         Calendar cal = Calendar.getInstance();
>>>>>>>         cal.setTime(new Date(0));
>>>>>>> appearance.setSignDate(cal);
>>>>>>>         stamper.close();
>>>>>>>     }
>>>>>>>
>>>>>>> Everything is ok and all digital signatures are valid, however I
>>>>>>>don't
>>>>>>> understand why the internal structures of the signed documents (see
>>>>>>>attached
>>>>>>> files) are different?
>>>>>>>
>>>>>>>
>>>>>>> hello-signed-1.pdf      hello-signed-2.pdf       hello-signed-3.pdf
>>>>>>>    ...                              ...
>>>>>>>...
>>>>>>>    %%EOF                    %%EOF                   %%EOF
>>>>>>>    ...                              ...
>>>>>>>...
>>>>>>>    10 0 obj                      10 0 obj                    10 0
>>>>>>>obj
>>>>>>>    11 0 obj                        8 0 obj                    11 0
>>>>>>>obj
>>>>>>>    12 0 obj                      11 0 obj                    12 0
>>>>>>>obj
>>>>>>>     8 0 obj                        9 0 obj                      9 0
>>>>>>>obj
>>>>>>>     9 0 obj                      12 0 obj                      8 0
>>>>>>>obj
>>>>>>>     5 0 obj                        5 0 obj                      5 0
>>>>>>>obj
>>>>>>>    ...                              ...
>>>>>>>...
>>>>>>>
>>>>>>>
>>>>>>> The objects 8, 9 and 11 are related to /n0, /n2, /FRM  fields, ...
>>>>>>>these
>>>>>>> were inserted randomly? if yes, why?
>>>>>>>
>>>>>>> -
>>>>>>> Alvaro
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>---------------------------------------------------------------------
>>>>>>>--
>>>>>>>--
>>>>>>>-----
>>>>>>> Live Security Virtual Conference
>>>>>>> Exclusive live event will cover all the ways today's security and
>>>>>>> threat landscape has changed and how IT managers can respond.
>>>>>>>Discussions
>>>>>>> will include endpoint security, mobile security and the latest in
>>>>>>>malware
>>>>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>>>> _______________________________________________
>>>>>>> iText-questions mailing list
>>>>>>> [hidden email]
>>>>>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>>>>
>>>>>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>>>>>> Many questions posted to this list can (and will) be answered with a
>>>>>>> reference to the iText book: http://www.itextpdf.com/book/
>>>>>>> Please check the keywords list before you ask for examples:
>>>>>>> http://itextpdf.com/themes/keywords.php
>>>>>>
>>>>>>----------------------------------------------------------------------
>>>>>>--
>>>>>>--
>>>>>>----
>>>>>>Live Security Virtual Conference
>>>>>>Exclusive live event will cover all the ways today's security and
>>>>>>threat landscape has changed and how IT managers can respond.
>>>>>>Discussions
>>>>>>will include endpoint security, mobile security and the latest in
>>>>>>malware
>>>>>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>>>_______________________________________________
>>>>>>iText-questions mailing list
>>>>>>[hidden email]
>>>>>>https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>>>
>>>>>>iText(R) is a registered trademark of 1T3XT BVBA.
>>>>>>Many questions posted to this list can (and will) be answered with a
>>>>>>reference to the iText book: http://www.itextpdf.com/book/
>>>>>>Please check the keywords list before you ask for examples:
>>>>>>http://itextpdf.com/themes/keywords.php
>>>>>
>>>>>
>>>>>
>>>>>-----------------------------------------------------------------------
>>>>>--
>>>>>-----
>>>>> Live Security Virtual Conference
>>>>> Exclusive live event will cover all the ways today's security and
>>>>> threat landscape has changed and how IT managers can respond.
>>>>>Discussions
>>>>> will include endpoint security, mobile security and the latest in
>>>>>malware
>>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>> _______________________________________________
>>>>> iText-questions mailing list
>>>>> [hidden email]
>>>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>>
>>>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>>>> Many questions posted to this list can (and will) be answered with a
>>>>>reference to the iText book: http://www.itextpdf.com/book/
>>>>> Please check the keywords list before you ask for examples:
>>>>>http://itextpdf.com/themes/keywords.php
>>>>
>>>>------------------------------------------------------------------------
>>>>--
>>>>----
>>>>Live Security Virtual Conference
>>>>Exclusive live event will cover all the ways today's security and
>>>>threat landscape has changed and how IT managers can respond.
>>>>Discussions
>>>>will include endpoint security, mobile security and the latest in
>>>>malware
>>>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>_______________________________________________
>>>>iText-questions mailing list
>>>>[hidden email]
>>>>https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>
>>>>iText(R) is a registered trademark of 1T3XT BVBA.
>>>>Many questions posted to this list can (and will) be answered with a
>>>>reference to the iText book: http://www.itextpdf.com/book/
>>>>Please check the keywords list before you ask for examples:
>>>>http://itextpdf.com/themes/keywords.php
>>>
>>>
>>>-------------------------------------------------------------------------
>>>-----
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond.
>>>Discussions
>>> will include endpoint security, mobile security and the latest in
>>>malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> iText-questions mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>
>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>> Many questions posted to this list can (and will) be answered with a
>>>reference to the iText book: http://www.itextpdf.com/book/
>>> Please check the keywords list before you ask for examples:
>>>http://itextpdf.com/themes/keywords.php
>>
>>--------------------------------------------------------------------------
>>----
>>Live Security Virtual Conference
>>Exclusive live event will cover all the ways today's security and
>>threat landscape has changed and how IT managers can respond. Discussions
>>will include endpoint security, mobile security and the latest in malware
>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>_______________________________________________
>>iText-questions mailing list
>>[hidden email]
>>https://lists.sourceforge.net/lists/listinfo/itext-questions
>>
>>iText(R) is a registered trademark of 1T3XT BVBA.
>>Many questions posted to this list can (and will) be answered with a
>>reference to the iText book: http://www.itextpdf.com/book/
>>Please check the keywords list before you ask for examples:
>>http://itextpdf.com/themes/keywords.php
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php

> ModDate is obvious - it's the date, so if you do something at a different
> time, the value is different.
>
> FileID uses various "random values", which also change with time or other
> factors.
>
> Object Ids and locations vary simply by design.
>
> Leonard
>
>
> On 9/13/12 5:58 AM, "Alvaro Cuno" <[hidden email]> wrote:
>
>>Thanks you very much, now things are more clear for me. One last
>>question (I promise), the randomness of fileID, ModDate and placement
>>of the objects is for security reasons?
>>
>>Thanks in advance.
>>
>>
>>On 12 September 2012 04:01, mkl <[hidden email]> wrote:
>>> Alvaro,
>>>
>>> Alvaro Cuno wrote
>>>> I found some discussions about deferred signing:
>>>
>>> Ok. So you do have some hints on how to continue.
>>>
>>> Alvaro Cuno wrote
>>>> Certainly, the FileID and the ModDate are mentioned but nothing about
>>>>the
>>>> order of the objects is discussed. Where I can read about that? Is this
>>>> documented?
>>>
>>> More to the point: iText nowhere promisses or documents that running the
>>> same code produces PDFs with identical object IDs and identical order of
>>> objects. So why should it be expected to do so?
>>>
>>> I have not yet noticed different orders of objects myself, but as I
>>>have not
>>> expected the order to be a constant, I might simply have overlooked it.
>>>It
>>> after all is irrelevant...
>>>
>>> In my opinion you should try and check your use case. If I understand
>>>you
>>> correctly, you want to calculate the digest value of the document byte
>>> ranges to sign on one machine A, send that digest somewhere for
>>>signing, and
>>> receive the signature on yet another machine B to combine it with the
>>> original, unprocessed PDF.
>>>
>>> As stated in the postings to this mailing list you already found, simply
>>> starting the integrated signing process independently on machines A and
>>>B
>>> does not work as long as you want to use an unpatched iText.
>>>
>>> If those processes have to be separated that far, you instead have to
>>>store
>>> the result of the unfinished signing process (after maybe marking the
>>> signature value placeholder in some unique way) on machine A to some
>>>storage
>>> accessible from machine B, and on machine B you later have to insert the
>>> retrieved signature into that unfinished result.
>>>
>>> On this mailing list Andreas Kühne numerous times pointed to an
>>> implementation of that process.
>>>
>>> You actually can optimize that process somewhat: If signing in append
>>>mode,
>>> you only need to place the appended bytes into that storage, and you can
>>> also skip the placeholder as long as you remember its position and
>>>length.
>>> This way you may be able to restrict the intermediate storage
>>>requirements.
>>>
>>> Regards,   Michael
>>>
>>> PS: You should consider updating the iText version you use and also
>>>select a
>>> different signature type: adbe.pkcs7.sha1 is a bad choice.
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>>http://itext-general.2136553.n4.nabble.com/are-the-dictionary-elements-ra
>>>ndomly-placed-tp4656235p4656285.html
>>> Sent from the iText - General mailing list archive at Nabble.com.
>>>
>>>
>>>-------------------------------------------------------------------------
>>>-----
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond.
>>>Discussions
>>> will include endpoint security, mobile security and the latest in
>>>malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> iText-questions mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>
>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>> Many questions posted to this list can (and will) be answered with a
>>>reference to the iText book: http://www.itextpdf.com/book/
>>> Please check the keywords list before you ask for examples:
>>>http://itextpdf.com/themes/keywords.php
>>
>>--------------------------------------------------------------------------
>>----
>>Live Security Virtual Conference
>>Exclusive live event will cover all the ways today's security and
>>threat landscape has changed and how IT managers can respond. Discussions
>>will include endpoint security, mobile security and the latest in malware
>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>_______________________________________________
>>iText-questions mailing list
>>[hidden email]
>>https://lists.sourceforge.net/lists/listinfo/itext-questions
>>
>>iText(R) is a registered trademark of 1T3XT BVBA.
>>Many questions posted to this list can (and will) be answered with a
>>reference to the iText book: http://www.itextpdf.com/book/
>>Please check the keywords list before you ask for examples:
>>http://itextpdf.com/themes/keywords.php
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php

> Alvaro,
>
> Alvaro Cuno wrote
>> the randomness of fileID, ModDate and placement of the objects is for
>> security reasons?
>
> Each time you start to create a signature, you do start a new result
> document. Thus, the IDs by definition must differ. If those two processes
> didn't start at the time, the modification date must be different by
> definition. And the order of the object being of no relevance to the
> document may be random.
>
> Regards,   Michael
>
>
>
> --
> View this message in context: http://itext-general.2136553.n4.nabble.com/are-the-dictionary-elements-randomly-placed-tp4656235p4656317.html
> Sent from the iText - General mailing list archive at Nabble.com.
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> iText-questions mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php

>It seems an excessive setting but, for example, if Computer1 is a
>mobile device, Computer2 is a server and Computer3 is a smartcard we
>are in a real scenario.
>
>On 13 September 2012 01:10, Leonard Rosenthol <[hidden email]> wrote:
>> Why would you ever want a scenario with three computers to do something
>>as
>> simple as signing a file?  This just seems like extreme overkill for no
>> practical reason.
>>
>> As discussed, you will either need to cache the "prepared for signing"
>> file or modify the iText sources.
>>
>> Leonard
>>
>> On 9/13/12 5:42 AM, "Alvaro Cuno" <[hidden email]> wrote:
>>
>>>Sorry, I was too brief ... let me explain more in detail my use case:
>>>
>>>Computer1                         Computer2            Computer3
>>>  o----getMetahash(pdf, params)--->o
>>>  o<---------------metahash---------------o
>>>  o-------------------------------cipher(metahash)------------->o
>>>  o<----------------------------------signature----------------------o
>>>  o-------signDoc(pdf, signature)---->o
>>>  o<-----signedPdf-------------------------o
>>>
>>>Notice that the only one needs to know about pdf processing is
>>>Computer2, and because it can't store any intermediate results
>>>Computer2 need to generate the same pdf structure twice. I think the
>>>setting before is a deferred signing because the multiple steps.
>>>
>>>However, if the placement of objects is random then I will have to
>>>redesign the previous scenario.
>>>
>>>Thanks for the advice
>>>
>>>-
>>>Alvaro
>>>
>>>On 12 September 2012 00:37, Leonard Rosenthol <[hidden email]>
>>>wrote:
>>>> Deferred signing doesn't care about the order of the objects….
>>>>
>>>> People have been implementing such for over a decade w/o any
>>>>problems….
>>>>
>>>> Leonard
>>>>
>>>> On 9/12/12 6:00 AM, "Alvaro Cuno" <[hidden email]> wrote:
>>>>
>>>>>Hello, a useful example is on deferred signing ...
>>>>>
>>>>>Alvaro
>>>>>
>>>>>On 11 September 2012 02:00, Leonard Rosenthol <[hidden email]>
>>>>>wrote:
>>>>>> Neither iText nor any other PDF producer has such an option, because
>>>>>>it
>>>>>> serves no useful purpose.
>>>>>>
>>>>>> I still don't understand why it matters since the PDF is valid and
>>>>>> processes correctly.
>>>>>>
>>>>>> Leonard
>>>>>>
>>>>>> On 9/11/12 5:30 AM, "Alvaro Cuno" <[hidden email]> wrote:
>>>>>>
>>>>>>>Ok, if not is a pdf standard requirement, how can I set the fixed
>>>>>>>form
>>>>>>>instead of the free form? that is it possible? ... I noticed the
>>>>>>>fact
>>>>>>>because I was experimenting implement digital signatures using
>>>>>>>multiple machines so I can use only local variables.
>>>>>>>
>>>>>>>Greats
>>>>>>>-
>>>>>>>Alvaro
>>>>>>>
>>>>>>>
>>>>>>>On 10 September 2012 01:58, Leonard Rosenthol <[hidden email]>
>>>>>>>wrote:
>>>>>>>> Because object numbering and their location in a PDF are
>>>>>>>>completely
>>>>>>>>free
>>>>>>>> form ­ there are no requirements.
>>>>>>>>
>>>>>>>> Why does it matter?
>>>>>>>>
>>>>>>>> From: Alvaro Cuno <[hidden email]>
>>>>>>>> Reply-To: Post here <[hidden email]>
>>>>>>>> To: Post here <[hidden email]>
>>>>>>>> Subject: [iText-questions] are the dictionary elements randomly
>>>>>>>>placed?
>>>>>>>>
>>>>>>>>
>>>>>>>> Hello all,
>>>>>>>>
>>>>>>>> I signed a same file (hello.pdf) three times using the next code:
>>>>>>>>
>>>>>>>>     public static void sign(String src, String dest)
>>>>>>>>             throws IOException, DocumentException,
>>>>>>>>KeyStoreException,
>>>>>>>>             NoSuchAlgorithmException, CertificateException,
>>>>>>>> UnrecoverableKeyException {
>>>>>>>>
>>>>>>>>         Security.addProvider(new BouncyCastleProvider());
>>>>>>>>         KeyStore ks = KeyStore.getInstance("pkcs12");
>>>>>>>>         ks.load(new FileInputStream("citizen1.p12"),
>>>>>>>> "password".toCharArray());
>>>>>>>>         String alias = (String) ks.aliases().nextElement();
>>>>>>>>         PrivateKey key = (PrivateKey) ks.getKey(alias,
>>>>>>>> "password".toCharArray());
>>>>>>>>         Certificate[] chain = ks.getCertificateChain(alias);
>>>>>>>>
>>>>>>>>         PdfReader reader = new PdfReader(src);
>>>>>>>>         FileOutputStream os = new FileOutputStream(dest);
>>>>>>>>         PdfStamper stamper = PdfStamper.createSignature(reader,
>>>>>>>>os,
>>>>>>>>'\0',
>>>>>>>> null, true);
>>>>>>>>         PdfSignatureAppearance appearance =
>>>>>>>> stamper.getSignatureAppearance();
>>>>>>>>         appearance.setAcro6Layers(true);
>>>>>>>>         appearance.setCrypto(key, chain, null,
>>>>>>>> PdfSignatureAppearance.WINCER_SIGNED);
>>>>>>>>         appearance.setVisibleSignature(new Rectangle(160, 732,
>>>>>>>>232,
>>>>>>>>780), 1,
>>>>>>>> null);
>>>>>>>>         Calendar cal = Calendar.getInstance();
>>>>>>>>         cal.setTime(new Date(0));
>>>>>>>> appearance.setSignDate(cal);
>>>>>>>>         stamper.close();
>>>>>>>>     }
>>>>>>>>
>>>>>>>> Everything is ok and all digital signatures are valid, however I
>>>>>>>>don't
>>>>>>>> understand why the internal structures of the signed documents
>>>>>>>>(see
>>>>>>>>attached
>>>>>>>> files) are different?
>>>>>>>>
>>>>>>>>
>>>>>>>> hello-signed-1.pdf      hello-signed-2.pdf
>>>>>>>>hello-signed-3.pdf
>>>>>>>>    ...                              ...
>>>>>>>>...
>>>>>>>>    %%EOF                    %%EOF                   %%EOF
>>>>>>>>    ...                              ...
>>>>>>>>...
>>>>>>>>    10 0 obj                      10 0 obj                    10 0
>>>>>>>>obj
>>>>>>>>    11 0 obj                        8 0 obj                    11 0
>>>>>>>>obj
>>>>>>>>    12 0 obj                      11 0 obj                    12 0
>>>>>>>>obj
>>>>>>>>     8 0 obj                        9 0 obj                      9
>>>>>>>>0
>>>>>>>>obj
>>>>>>>>     9 0 obj                      12 0 obj                      8 0
>>>>>>>>obj
>>>>>>>>     5 0 obj                        5 0 obj                      5
>>>>>>>>0
>>>>>>>>obj
>>>>>>>>    ...                              ...
>>>>>>>>...
>>>>>>>>
>>>>>>>>
>>>>>>>> The objects 8, 9 and 11 are related to /n0, /n2, /FRM  fields, ...
>>>>>>>>these
>>>>>>>> were inserted randomly? if yes, why?
>>>>>>>>
>>>>>>>> -
>>>>>>>> Alvaro
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>-------------------------------------------------------------------
>>>>>>>>--
>>>>>>>>--
>>>>>>>>--
>>>>>>>>-----
>>>>>>>> Live Security Virtual Conference
>>>>>>>> Exclusive live event will cover all the ways today's security and
>>>>>>>> threat landscape has changed and how IT managers can respond.
>>>>>>>>Discussions
>>>>>>>> will include endpoint security, mobile security and the latest in
>>>>>>>>malware
>>>>>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>>>>> _______________________________________________
>>>>>>>> iText-questions mailing list
>>>>>>>> [hidden email]
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>>>>>
>>>>>>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>>>>>>> Many questions posted to this list can (and will) be answered
>>>>>>>>with a
>>>>>>>> reference to the iText book: http://www.itextpdf.com/book/
>>>>>>>> Please check the keywords list before you ask for examples:
>>>>>>>> http://itextpdf.com/themes/keywords.php
>>>>>>>
>>>>>>>--------------------------------------------------------------------
>>>>>>>--
>>>>>>>--
>>>>>>>--
>>>>>>>----
>>>>>>>Live Security Virtual Conference
>>>>>>>Exclusive live event will cover all the ways today's security and
>>>>>>>threat landscape has changed and how IT managers can respond.
>>>>>>>Discussions
>>>>>>>will include endpoint security, mobile security and the latest in
>>>>>>>malware
>>>>>>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>>>>_______________________________________________
>>>>>>>iText-questions mailing list
>>>>>>>[hidden email]
>>>>>>>https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>>>>
>>>>>>>iText(R) is a registered trademark of 1T3XT BVBA.
>>>>>>>Many questions posted to this list can (and will) be answered with a
>>>>>>>reference to the iText book: http://www.itextpdf.com/book/
>>>>>>>Please check the keywords list before you ask for examples:
>>>>>>>http://itextpdf.com/themes/keywords.php
>>>>>>
>>>>>>
>>>>>>
>>>>>>---------------------------------------------------------------------
>>>>>>--
>>>>>>--
>>>>>>-----
>>>>>> Live Security Virtual Conference
>>>>>> Exclusive live event will cover all the ways today's security and
>>>>>> threat landscape has changed and how IT managers can respond.
>>>>>>Discussions
>>>>>> will include endpoint security, mobile security and the latest in
>>>>>>malware
>>>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>>> _______________________________________________
>>>>>> iText-questions mailing list
>>>>>> [hidden email]
>>>>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>>>
>>>>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>>>>> Many questions posted to this list can (and will) be answered with a
>>>>>>reference to the iText book: http://www.itextpdf.com/book/
>>>>>> Please check the keywords list before you ask for examples:
>>>>>>http://itextpdf.com/themes/keywords.php
>>>>>
>>>>>----------------------------------------------------------------------
>>>>>--
>>>>>--
>>>>>----
>>>>>Live Security Virtual Conference
>>>>>Exclusive live event will cover all the ways today's security and
>>>>>threat landscape has changed and how IT managers can respond.
>>>>>Discussions
>>>>>will include endpoint security, mobile security and the latest in
>>>>>malware
>>>>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>>>_______________________________________________
>>>>>iText-questions mailing list
>>>>>[hidden email]
>>>>>https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>>
>>>>>iText(R) is a registered trademark of 1T3XT BVBA.
>>>>>Many questions posted to this list can (and will) be answered with a
>>>>>reference to the iText book: http://www.itextpdf.com/book/
>>>>>Please check the keywords list before you ask for examples:
>>>>>http://itextpdf.com/themes/keywords.php
>>>>
>>>>
>>>>-----------------------------------------------------------------------
>>>>--
>>>>-----
>>>> Live Security Virtual Conference
>>>> Exclusive live event will cover all the ways today's security and
>>>> threat landscape has changed and how IT managers can respond.
>>>>Discussions
>>>> will include endpoint security, mobile security and the latest in
>>>>malware
>>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>> _______________________________________________
>>>> iText-questions mailing list
>>>> [hidden email]
>>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>
>>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>>> Many questions posted to this list can (and will) be answered with a
>>>>reference to the iText book: http://www.itextpdf.com/book/
>>>> Please check the keywords list before you ask for examples:
>>>>http://itextpdf.com/themes/keywords.php
>>>
>>>------------------------------------------------------------------------
>>>--
>>>----
>>>Live Security Virtual Conference
>>>Exclusive live event will cover all the ways today's security and
>>>threat landscape has changed and how IT managers can respond.
>>>Discussions
>>>will include endpoint security, mobile security and the latest in
>>>malware
>>>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>>_______________________________________________
>>>iText-questions mailing list
>>>[hidden email]
>>>https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>
>>>iText(R) is a registered trademark of 1T3XT BVBA.
>>>Many questions posted to this list can (and will) be answered with a
>>>reference to the iText book: http://www.itextpdf.com/book/
>>>Please check the keywords list before you ask for examples:
>>>http://itextpdf.com/themes/keywords.php
>>
>>
>>-------------------------------------------------------------------------
>>-----
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond.
>>Discussions
>> will include endpoint security, mobile security and the latest in
>>malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> iText-questions mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>
>> iText(R) is a registered trademark of 1T3XT BVBA.
>> Many questions posted to this list can (and will) be answered with a
>>reference to the iText book: http://www.itextpdf.com/book/
>> Please check the keywords list before you ask for examples:
>>http://itextpdf.com/themes/keywords.php
>
>--------------------------------------------------------------------------
>----
>Got visibility?
>Most devs has no idea what their production app looks like.
>Find out how fast your code is with AppDynamics Lite.
>http://ad.doubleclick.net/clk;262219671;13503038;y?
>http://info.appdynamics.com/FreeJavaPerformanceDownload.html
>_______________________________________________
>iText-questions mailing list
>[hidden email]
>https://lists.sourceforge.net/lists/listinfo/itext-questions
>
>iText(R) is a registered trademark of 1T3XT BVBA.
>Many questions posted to this list can (and will) be answered with a
>reference to the iText book: http://www.itextpdf.com/book/
>Please check the keywords list before you ask for examples:
>http://itextpdf.com/themes/keywords.php