EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Sign PDF externally, and then calculate and add PKCS#7

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#25323
Posted: 06/17/2013 14:59:39
by Martin Obispo (Basic support level)
Joined: 06/06/2012
Posts: 7

Hi,

I´m working on digitally sign a pdf, but using a SmartCard, I mean, i don´t have access to private keys.

Also, this is made in java, and I can´t install any drivers on the sistem, so, the comunication with the smart card is based on APDUs.

Today, I´m using iText to do the work, and it´s working, but we need to stop using this libraty.

The process (in JAVA 1.6), is:

Load the pdf file.
Calculate the Digest (how to do that with eldos?)
-- Then, I send the information to the SmartCard, and the calculed signature is reutrned. --
After that, I need to create the PKCS#15 and then insert it in the PDF file.

Can this be done with eldos? do you have any example?

Best regards,
Martin.
#25327
Posted: 06/18/2013 01:11:03
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

First of all you'll need our SecureBlackbox Java Edition to perform PDF signing. It includes PKCS#11 implementation (based on JNI). The digests will be calculated and sent to a token automatically. You need to do next:

1) select signing key using TElPKCS11CertStorage;
2) use selected key to sign a document as its shown in our sample that is located in \secbboxjava\Samples\PDFBlackbox\SecurePDF folder.

Quote
After that, I need to create the PKCS#15 and then insert it in the PDF file.

PKCS#15 is not supported by SecureBlackbox at the moment. You can add it to our wish-list: https://www.eldos.com/sbb/wishlist.php
#25335
Posted: 06/18/2013 07:13:25
by Martin Obispo (Basic support level)
Joined: 06/06/2012
Posts: 7

Hi Vsevolod,

Thanks for your answer. My problem is I can´t use PKCS#11, I don´t have how to access de certificate storage, since I can´t install any dirver on the system, I can´t use it.

I can ONLY send and receive APDUs to the smartcard, so, the pdf process must be done without even knowking the certificate/privateKey to use. This is done externally, using APDUs directly on the smartcard.

I only need to calculate the Digest, from the PDF, and after the external processing (signing), instert the result on the same pdf (ie, insert the pkcs#7 and the visual signature).

I can access the x509 certificate, and store it on the system, but, the signature calculation must be done using APDUS directly on the SmartCard.

Can Eldos do this? at least, calculate the Digest and then insert the result on the pdf?

Rgds,
Martin.
#25337
Posted: 06/18/2013 09:28:27
by Dmytro Bogatskyy (EldoS Corp.)

Quote
I can ONLY send and receive APDUs to the smartcard, so, the pdf process must be done without even knowking the certificate/privateKey to use. This is done externally, using APDUs directly on the smartcard.

At the moment, Application Protocol Data Unit (APDU) is not supported by SecureBlackbox.
Quote
I only need to calculate the Digest, from the PDF, and after the external processing (signing), insert the result on the same pdf (ie, insert the pkcs#7 and the visual signature).

Yes, it is possible. For this you would need to use async signing methods (Distributed Cryptography add-on).
Please see Samples\C#\PDFBlackbox\ASPNet_Distributed or Azure samples.
Those samples use an ActiveX, Flex or Java applet to perform signing. But it is possible to obtain a digest value from the async state object, to sign it using your own code and then insert this signature into pdf document.
However, a signature widget should be added to the pdf document prior signing as it also signed.
#25338
Posted: 06/18/2013 10:21:35
by Martin Obispo (Basic support level)
Joined: 06/06/2012
Posts: 7

Hi Dmytro,

Thanks for the info!

One more question, the async signing methods can be used from Java? the sample is made on c#, I only can use Java.

Rgds,
Martin.
#25339
Posted: 06/18/2013 10:55:46
by Dmytro Bogatskyy (EldoS Corp.)

Quote
One more question, the async signing methods can be used from Java? the sample is made on c#, I only can use Java.

Yes, in the same way.
#25341
Posted: 06/18/2013 11:14:22
by Martin Obispo (Basic support level)
Joined: 06/06/2012
Posts: 7

Hi Dmytro,

I´m trying to use it in Java, but can´t find the TElDCAsyncState class, see attached screen capture in Eclipse. I´ve imported SecureBlackbox.DC.jar as it seem s to be the correct class, according to

secbboxjava%20(2)/Help/documentation/ref_cl_dcasyncstate.html

document.

I´m using the last packages downloaded from the site.

Rgds,
Martin.


#25342
Posted: 06/18/2013 14:54:03
by Vsevolod Ievgiienko (EldoS Corp.)

Its located in SecureBlackbox.Base.* package.
#25373
Posted: 06/20/2013 06:06:06
by Ammar Gaffar Ali (Basic support level)
Joined: 06/20/2013
Posts: 6

I have the same scenario, we have ID smart card with skd supported by the ID Authority, they support SingPKCS7 function that sign your input data which is array of bytes and returns detached signature in byte[] format.

My target is:
Append this detached Signature (array of bytes) to PDF.
Extract this signature (array of bytes) from the PDF for verification purposes.

How to do this?
#25374
Posted: 06/20/2013 07:03:17
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

Quote
Append this detached Signature (array of bytes) to PDF.

You can do this in the same way as mentioned in previous messages. ( https://www.eldos.com/forum/read.php?F...ssage25337 )
Quote
Extract this signature (array of bytes) from the PDF for verification purposes.

You can use TElPDFPublicKeySecurityHandler.SignatureContents property to get access to the signature byte array.
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 12819 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!