digital signature - Signing PDF with rsa_sha1 -

-

i'm trying sign pdf rsa_sha1(adobe.ppklite > adbe.x509.rsa_sha1), , have 2 problems/questions:

  1. don't know if actual pdf content specified byterange should signed, or digest value of content?
  2. is there difference if certificate placed before signature field, or after?

i'm trying sign pdf rsa_sha1(adobe.ppklite > adbe.x509.rsa_sha1)

are sure want use subfilter? further development concerning integrated pdf signatures makes use of integrated cms containers, not naked pkcs#1 signatures...

don't know if actual pdf content specified byterange should signed, or digest value of content?

in contrast adobe.pkcs7.sha1 style signatures , adobe.pkcs7.detached style signatures, whole byte range signed in adobe.x509.rsa_sha1 style signatures, not merely digest value of content. in respect adobe.x509.rsa_sha1 preferable adobe.pkcs7.sha1 because (despite appearance of sha1 in name) not force use sha1 can use better digest algorithms.

(this being said, signing process of course include creating digest value of signed data, that's different matter altogether...)

is there difference if certificate placed before signature field, or after?

both certificates , signature elements in pdf dictionary object, , definition order of elements in such dictionary not matter. obviously, though, order must remain fixed (actually not merely order exact position , contents) once signature created.

the entries in dictionary represent associative table , such shall unordered though arbitrary order may imposed upon them when written in file. ordering shall ignored.

(section 7.3.7 in iso 32000-1)

ps: specification says signature

shall computed on range of bytes in file, shall indicated byterange entry in signature dictionary. range should entire file, including signature dictionary excluding signature value (the contents entry). other ranges may used since not check changes document, use not recommended.

(section 12.8.1 in iso 32000-1)

this seems allow other byte ranges recommended 1 (everything actual signature bytes), too. actually, though, you'll find

for byte range signatures, contents shall hexadecimal string “<” , “>” delimiters. it shall fit precisely in space between ranges specified byterange.

(section 12.8.3.3.2 in iso 32000-1)

which makes should in citation before actual shall if interoperability desired. e.g. adobe reader requires kind of range definition.

newer standards, e.g. etsi pades technical specification documents, more explicitly require it.


Comments

Post a Comment

Popular posts from this blog

java - activate/deactivate sonar maven plugin by profile? -

-
i use sonar plugin executes if activated in maven profile. sonar runs on every compile. the problem build fail other team members not have sonar application installed locally. pom.xml checked in team members same copy including sonar configuration, don't want them modify purpose of disabling sonar (they might inadvertently check modified copy in). please advise how configure maven (.m2/settings.xml) and/or pom.xml sonar feature can enabled/disabled local profile. here sonar configuration in each project's pom.xml: <plugin> <groupid>org.codehaus.mojo</groupid> <artifactid>sonar-maven-plugin</artifactid> <version>1.0</version> <executions> <execution> <id>make-sonar</id> <phase>compile</phase> <goals> <goal>sonar</goal> </goals> </execution> </executions> ...
Read more

python - TypeError: can only concatenate tuple (not "float") to tuple -

-
i'm new python, question might easy, anyway, patience: as trying call newton-raphson method calculate implied volatility in black-scholes formula call/put option pricing, first thing is, newton method in scipy.optimize seems calculate function's zeros, in black-scholes formula, want function's value option price, not zero. (i'm new here programming, i'm not sure techniques.) should write function things like: def f(sigma, price): return bsformula(s0,k,r,t,q,sigma) - price then, while calling newton method, takes args=() 1 parameter in function, write this: value = newton(bsprice2, 0.5, args=price) but error message: file "bs.py", line 36, in bsimpvol value = newton(bsprice2, 0.5, args=float(price)) file "/usr/lib/python2.7/dist-packages/scipy/optimize/zeros.py", line 143, in newton q0 = func(*((p0,) + args)) typeerror: can concatenate tuple (not "float") tuple could tell me why that? how fix it? apprecia...
Read more

java - What is the difference between String. and String.this. ? -

-
this question has answer here: meaning of .this , .class in java 2 answers i'll straight point. im still learning bit of syntax , want know difference between code is code a: public class buttonz extends jbutton{ public buttonz(){ settext(new string(string.valueof(i))); } } please ignore fact i undeclared, not lost. code b: public class buttonz extends jbutton{ public buttonz(){ settext(new string(string.this.charat(i))); } } what don't yet understand difference in typing string.this , string. i under assumption when use dot operator on class accessing it's static methods(and/or variables if they're not hidden). i have studied little bit , have concluded when using string. accessing string static methods.. when using string.this. i'm accessing methods class buttonz extendi...
Read more