[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Digital Signature of a PDF using Servlet and Client-Applet for signing hash

Posted on 2009-02-10
6
Medium Priority
?
1,846 Views
Last Modified: 2013-12-29
I´m searching for a practical solution to sign a pdf document serverside with a client side smartcard.
As far as I´ve seen with the iText library, it is generally possible, but to generate the hash, which is going to be signed by applet running on the client , you need to use/have already the certchain of the user.

I search a possibility where I could generate a hash value to sign a pdf document (without the need of client input / his certificate chain) while or after generating it.

I thought of a process where the client-applet recieves as start parameter the hash to be signed, signs it using the smartcard and sends b64encoded the hash, certchain, pubkey etc back.

Is there maybe another library available, which can devide these two parts?

Thanks in advance!
0
Comment
Question by:ms_webtimize
  • 4
  • 2
6 Comments
 
LVL 92

Expert Comment

by:objects
ID: 23608394
so what does itext need to do the signing?

0
 

Author Comment

by:ms_webtimize
ID: 23609538
For better understanding I attached a code snippet of the signing process with iText.

This is the part of my servlet which prepares the hash value which needs to be signed by the user.
The problem, as you see is, that we need while setting crypto parameters, we definitively need the certificate chain.
Otherwise while preclosing the pdf document, the the moment when the hash value is somewhere getting calculated, I get a
NullPointerException at com.lowagie.text.pdf.PdfPKCS7.<init>(PdfPKCS7.java:377).

Most likely that libraries are not directly made for this usecase.

I wonder if there might be something else even libraries / solutions apart from open source ?
PdfReader reader = new PdfReader("example.pdf");
FileOutputStream fout = new FileOutputStream("example_signed.pdf");
PdfStamper stamper = PdfStamper.createSignature(reader, fout, '\0');
PdfSignatureAppearance sap = stamper.getSignatureAppearance();
sap.setCrypto(null, certChain, null, PdfSignatureAppearance.WINCER_SIGNED);
sap.setReason("Digital Signature");
sap.setLocation("Paris");
sap.setCertificationLevel(PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED);
sap.setExternalDigest(new byte[256], new byte[20], "RSA");
sap.preClose();
 
MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
InputStream stream = sap.getRangeStream();
byte buf[] = new byte[8192];
int n;
while ((n = stream.read(buf)) > 0) {
	messageDigest.update(buf, 0, n);
}
byte hash[] = messageDigest.digest();

Open in new window

0
 
LVL 92

Expert Comment

by:objects
ID: 23609579
and if it could be done theres a bit of a security risk here isn't there?  You're going to have to pass some pretty sensitive information over the wire aren't you.

Its like trying to pass your signature to someone else to use to sign a document.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:ms_webtimize
ID: 23610112
Security:
This will all happen in a SSL session, as a specific logged-on user.
The public key and certificate chain are nothing to worry about.
The only sensitive part would be that hash value, which is going to be signed by the users smartcard for a specific document.

0
 

Author Comment

by:ms_webtimize
ID: 23610181
The objective behind all this is:
A User needs to sign for example 10 or 100 different documents.
Instead of downloading all those documents, signing them locally and uploading them back to the server, I want to sign them, where they are created.

There must be something, even though it might not be open source.
I am not aware if maybe Adobe Livecycle or any other open/closed-source product might be helpfull here?
0
 

Accepted Solution

by:
ms_webtimize earned 0 total points
ID: 23732262
no solution given
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a project requirement for a displaying a user workbench .This workbench would consist multiple data grids .In each grid the user will be able to see a large number of data. These data grids should allow the user to 1. Sort 2. Export the …
Are you developing a Java application and want to create Excel Spreadsheets? You have come to the right place, this article will describe how you can create Excel Spreadsheets from a Java Application. For the purposes of this article, I will be u…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.
Suggested Courses
Course of the Month17 days, 21 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question