1

I have the PKCS7 String and I want to sign a pdf with it. I tried to find a way and found iText, But I am not understanding how to use it. Anyone who has suggestions, Please share them.

I found the following code

http://cysorz-software-hardware.blogspot.in/2008/11/how-to-sign-pdf-using-itext-and.html

In the Url, just go the Title "An example with an external hash and signature in Windows Certificate Mode"

which uses iText, But I have no idea how to use it

    {
    KeyStore ks = KeyStore.getInstance("pkcs12");
    ks.load(new FileInputStream("my_private_key.pfx"), "my_password".toCharArray());
     String alias = (String)ks.aliases().nextElement();
      PrivateKey key = (PrivateKey)ks.getKey(alias, "my_password".toCharArray());
       Certificate[] chain = ks.getCertificateChain(alias);
      PdfReader reader = new PdfReader("original.pdf");
      FileOutputStream fout = new FileOutputStream("signed.pdf");
    PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');
     PdfSignatureAppearance sap = stp.getSignatureAppearance();
      sap.setCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED);
    sap.setReason("I'm the author");
    sap.setLocation("Lisbon");
    // comment next line to have an invisible signature
    sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null);
      sap.setExternalDigest(new byte[128], new byte[20], "RSA");
      sap.preClose();
      MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
       byte buf[] = new byte[8192];
       int n;
      InputStream inp = sap.getRangeStream();
      while ((n = inp.read(buf)) > 0) {
        messageDigest.update(buf, 0, n);
     }
   byte hash[] = messageDigest.digest();
       PdfSigGenericPKCS sg = sap.getSigStandard();
      PdfLiteral slit = (PdfLiteral)sg.get(PdfName.CONTENTS);
     byte[] outc = new byte[(slit.getPosLength() - 2) / 2];
      PdfPKCS7 sig = sg.getSigner();
      Signature sign = Signature.getInstance("SHA1withRSA");
      sign.initSign(key);
     sign.update(hash);
      sig.setExternalDigest(sign.sign(), hash, "RSA");
      PdfDictionary dic = new PdfDictionary();
   byte[] ssig = sig.getEncodedPKCS7();
        System.arraycopy(ssig, 0, outc, 0, ssig.length);
          dic.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true));
          sap.close(dic);
             }
Mudit
  • 169
  • 1
  • 20
  • Could you please share the code you tried? Add it to your question. – Amedee Van Gasse Jul 14 '16 at 13:15
  • I found a code but I couldn't understand it. Where to put PKCS7 data in code to sign the pdf. I will add it the qestion – Mudit Jul 14 '16 at 13:26
  • Also add where you found it. – Amedee Van Gasse Jul 14 '16 at 13:28
  • I did add that too – Mudit Jul 14 '16 at 13:33
  • Great. I see that it is from 2008 and uses `com.lowagie` iText, which is 2.1.7 or older. Current iText is `com.itextpdf` and has 2 released versions: 5.5.9 and 7.0.0. I haven't looked into detail, but I am afraid that the examples you found are hopelessly outdated. You can find current examples on the official iText website. – Amedee Van Gasse Jul 14 '16 at 13:37
  • Also, that blog looks like a collection of copy paste articles stolen from various other blogs. – Amedee Van Gasse Jul 14 '16 at 13:40
  • can you help me with using PKCS7 String to sign a pdf? – Mudit Jul 14 '16 at 13:42
  • No, I can't, but I think you now have given enough information to enable someone else to help you out. – Amedee Van Gasse Jul 14 '16 at 13:53
  • Thanks for all the advise. – Mudit Jul 14 '16 at 14:07
  • See: [How to load PKCS7 (.p7b) file in java](http://stackoverflow.com/questions/31118893/how-to-load-pkcs7-p7b-file-in-java) – Robert Jul 14 '16 at 14:49
  • I closed this question by referring to another question that explains what needs to be done. You should also read [iTextSharp - Signed Hash](http://stackoverflow.com/questions/35180097) though, because the answer to that question explains the principles that you need. For more info, download [this free ebook](http://pages.itextpdf.com/ebook-digital-signatures-for-pdf.html). – Bruno Lowagie Jul 14 '16 at 15:44
  • I have a PKCS7 string like "MIILwwYJKoZIhvcNAQcCoIILtDCCC7ACAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0BBwGg........." And I have no idea how to use it to sign a pdf. Please help – Mudit Jul 15 '16 at 04:26
  • @BrunoLowagie Please help me. i am developing a application in which i send document hash to a API and API returns XML which contains a PKCS7 response like "MIILwwYJKoZIhvcNAQcC.......". And i need to use this response to sign that document(pdf). can you tell me how to do that – Mudit Jul 15 '16 at 06:14
  • You say *I have a PKCS#7 string like "MIILwwYJK..."*, but that doesn't make any sense if you don't know how that PKCS#7 string was created. [The page you refer to](http://cysorz-software-hardware.blogspot.in/2008/11/how-to-sign-pdf-using-itext-and.html) is obsolete. Also: **I am helping you** by referring you to two useful answers on StackOverflow. The fact that *you refuse this help*, doesn't inspire me to provide more help. If you don't accept help, why do you ask for it? – Bruno Lowagie Jul 15 '16 at 15:51
  • @BrunoLowagie sorry if you felt that way but I don't know how to use that PKCS7 encoded string with the references you gave me. – Mudit Jul 16 '16 at 04:41
  • And we don't know how you created that PKCS#11 *string* because it doesn't make sense. It should be a byte array, not a *string*. No professional answer can be given on a question as unprofessional as yours. Please tell your employer to purchase a commercial license in order to get professional help. – Bruno Lowagie Jul 16 '16 at 05:59
  • its a PKCS7 string and it will be In byte[ ] format after decoding. – Mudit Jul 16 '16 at 06:04
  • you can say its a PKCS7 signed data in byte[ ] format – Mudit Jul 16 '16 at 06:05

0 Answers0