Digital Signature of a PDF using Servlet and Client-Applet for signing hash

Posted on 2009-02-10
Last Modified: 2013-12-29
I´m searching for a practical solution to sign a pdf document serverside with a client side smartcard.
As far as I´ve seen with the iText library, it is generally possible, but to generate the hash, which is going to be signed by applet running on the client , you need to use/have already the certchain of the user.

I search a possibility where I could generate a hash value to sign a pdf document (without the need of client input / his certificate chain) while or after generating it.

I thought of a process where the client-applet recieves as start parameter the hash to be signed, signs it using the smartcard and sends b64encoded the hash, certchain, pubkey etc back.

Is there maybe another library available, which can devide these two parts?

Thanks in advance!
Question by:ms_webtimize
    LVL 92

    Expert Comment

    so what does itext need to do the signing?


    Author Comment

    For better understanding I attached a code snippet of the signing process with iText.

    This is the part of my servlet which prepares the hash value which needs to be signed by the user.
    The problem, as you see is, that we need while setting crypto parameters, we definitively need the certificate chain.
    Otherwise while preclosing the pdf document, the the moment when the hash value is somewhere getting calculated, I get a
    NullPointerException at com.lowagie.text.pdf.PdfPKCS7.<init>(

    Most likely that libraries are not directly made for this usecase.

    I wonder if there might be something else even libraries / solutions apart from open source ?
    PdfReader reader = new PdfReader("example.pdf");
    FileOutputStream fout = new FileOutputStream("example_signed.pdf");
    PdfStamper stamper = PdfStamper.createSignature(reader, fout, '\0');
    PdfSignatureAppearance sap = stamper.getSignatureAppearance();
    sap.setCrypto(null, certChain, null, PdfSignatureAppearance.WINCER_SIGNED);
    sap.setReason("Digital Signature");
    sap.setExternalDigest(new byte[256], new byte[20], "RSA");
    MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
    InputStream stream = sap.getRangeStream();
    byte buf[] = new byte[8192];
    int n;
    while ((n = > 0) {
    	messageDigest.update(buf, 0, n);
    byte hash[] = messageDigest.digest();

    Open in new window

    LVL 92

    Expert Comment

    and if it could be done theres a bit of a security risk here isn't there?  You're going to have to pass some pretty sensitive information over the wire aren't you.

    Its like trying to pass your signature to someone else to use to sign a document.

    Author Comment

    This will all happen in a SSL session, as a specific logged-on user.
    The public key and certificate chain are nothing to worry about.
    The only sensitive part would be that hash value, which is going to be signed by the users smartcard for a specific document.


    Author Comment

    The objective behind all this is:
    A User needs to sign for example 10 or 100 different documents.
    Instead of downloading all those documents, signing them locally and uploading them back to the server, I want to sign them, where they are created.

    There must be something, even though it might not be open source.
    I am not aware if maybe Adobe Livecycle or any other open/closed-source product might be helpfull here?

    Accepted Solution

    no solution given

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    twoTwo  challenge 35 72
    tenRun challenge 28 67
    scores100 challenge 3 67
    matchUp  challenge 9 51
    INTRODUCTION Working with files is a moderately common task in Java.  For most projects hard coding the file names, using parameters in configuration files, or using command-line arguments is sufficient.   However, when your application has vi…
    International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
    This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
    This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now