Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>Your question somewhat oversimplifies the situation.</p> <p>Concerning PKCS#7 &lt;-> PKCS#1:</p> <p>Yes, a PKCS#7 signature container contains SignerInfo objects which respectively essentially contain a PKCS#1 style signature and some attributes. BUT this PKCS#1 style signature generally is NOT merely signing the document data but instead is signing a structure of so called "signed attributes". One of these is a document hash, others can be the signing time, a link to the signer certificate, and other information; these extra information is required in many use cases. Only the most primitively built SignerInfo structures sign the document data directly.</p> <p>In general, therefore, if you simply take a PKCS#1 signature of some data and wrap it in a PKCS#7 container, that signature container won't be accepted.</p> <p>For details see <a href="http://www.ietf.org/rfc/rfc3852.txt" rel="noreferrer">RFC 3852</a>.</p> <p>Concerning integrated PDF signatures:</p> <p>Your description of your implementation-to-be is somewhat vague. You seem to think that the document hash to sign is a hash of the original PDF. In case of integrated PDF signatures this is wrong: In order to create an integrated PDF signature, you first extend the PDF by some data which envelop a placeholder for the PKCS#7 signature container (recommended by the specification) or the PKCS#1 signature to integrate. Then you need to hash this extended PDF except the placeholder. (By the current PDF specification you could hash less than that but this won't be accepted by the current Adobe Acrobat/Reader and shouldn't be accepted by any serious verifier).</p> <p>For details see <a href="http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/pdfs/PDF32000_2008.pdf" rel="noreferrer">ISO 32000-1:2008 as published by Adobe</a></p> <p>Depending on the legal requirements you may also have to take into account PDF Advanced Electronic Signatures (PAdES) as specified by ETSI, cf. <a href="http://www.etsi.org/website/newsandevents/200909_electronicsignature.aspx" rel="noreferrer">ETSI standard for EU-compliant electronic signatures</a>. These will become part of ISO 32000-2, aka PDF 2.0.</p> <p>So, are you still sure your use case allows for those very simple PKCS#7 signatures you have in mind, and are your PKCS#1 source signatures created for the right document? In that case building those containers is easily done by looking at <a href="http://www.ietf.org/rfc/rfc3852.txt" rel="noreferrer">RFC 3852</a>.</p> <p>Anyways, you should have a look at the whitepaper <a href="http://itextpdf.com/book/digitalsignatures" rel="noreferrer">Digital Signatures for PDF documents</a> by Bruno Lowagie (iText Software).</p>
    singulars
    1. This table or related slice is empty.
    1. POHow can we Convert PKCS#1 to PKCS #7 if I have the Certificate?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. This table or related slice is empty.
    1. USmkl
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POHow can we Convert PKCS#1 to PKCS #7 if I have the Certificate?
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTAcceptedByOriginator
    1. COThanks a lot. I figured everything out using iText Software (JAVA). (Also worked fine with Origami PDF ruby library)
      singulars
      1. PO
      1. USSajith Amma
    2. COI'm in the same position as you Sajith Amma. I'm getting a PKCS#1 signature from a service and a certificate, but I need a PKCS#7 signature to actually sign the pdf document I have pre signed with a blank container. How did you solve your problem? I'm also using iText (actually iTextSharp, but that doesn't really matter).
      singulars
      1. PO
      1. USAxel Örn Sigurðsson
    3. CO@AxelÖrnSigurðsson Is there any special signature profile you have to support (e.g. some PAdES variant or PDF-2 specific stuff; or some other requirement concerning the structure of the PKCS#7 / CMS container)? If not, it should be easy using e.g. BouncyCastle to construct the signature container. If not, you should make it a question in its own right but not be too hopeful.
      singulars
      1. PO
      1. USmkl
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload