1

I have to digitally sign PDF from a smart card . The problem is that smart card is at the client and Files are on the server . I have searched a lot but found nothing helpful . Now I want to do it with these steps .

  1. Calculate the Hash of PDF
  2. Send it to client .
  3. Get the Certificate and Private key on the client with the Applet and sign the hash
  4. Send back the signed hash to the server
  5. Attach the signature to the PDF .

I am using iText Lib for signing . But It's setCrypto method requires certificate , that i don't have at server and without preclosing the PDF I can't calculate the hash . I have also used signing with external digest but this piece of code doesn't even sign the document.

If anyone can help me out.

BenMorel
  • 34,448
  • 50
  • 182
  • 322
Vijay
  • 1,024
  • 6
  • 18
  • Which is the aim of signing the PDF? That the PDF is property of the client? That a "stolen" PDF can be retraced to the owner? Encryption? Authentication (contractual)? You could get a hash from the client, store it in the PDF and use your own certificate, _to prove non-tampering and ownership_. Or do you mean encryption with the clients public key? No. – Joop Eggen Jun 02 '12 at 11:00
  • Acutally files are programtically generated and sotred on the server and a specific role logs in application verify the documents and want to digitally sign them . That specific role have the smart card and then he plugs the smart card in his machine and files are on server. And the problem with hash is that hash should be calculated after adding the signatures appearance. I can't calculate it before. – Vijay Jun 02 '12 at 11:07
  • For solving your particular task we offer Distributed Cryptography add-on for our SecureBlackbox product. See detailed description of how it works in my answer here: http://stackoverflow.com/questions/10656100/signing-pdfs-on-a-server-document-using-a-signature-from-the-user/10656679#10656679 . The answer applies to your needs as we offer Java edition of SecureBlackbox which you can use to accomplish your task. – Eugene Mayevski 'Callback Jun 02 '12 at 11:26
  • Have you read [Digital Signatures for PDF documents](http://itextpdf.com/book/digitalsignatures), *A White Paper by Bruno Lowagie (iText Software)* on creating and verifying digital signatures integrated in PDFs using iText? – mkl Nov 05 '13 at 19:58
  • You can't get the private key of your client from the smartcard. You need to send the hash of the document from the server (careful, this can be a flaw in your protocol) and then use PKCS#11 to send the hash into your smartcard and to sign it. This is a bit more advanced but the code base is the same: https://github.com/dnascimento/AISSProject I'm working on a implementation with Go https://github.com/dnascimento/citizen-card-reader ;) – dario nascimento Oct 13 '15 at 20:39
  • Your pdf component on server shall be able to support providing pdf hash and then inject back signature container received from browser back to pdf file. On browser side, use Signer.Digital Chrome Extension (Disclosure: freely provided by my company CISPL) or any browser extension that can return signature value back to server, where the pdf component will inject back the signature to pdf document. Refer https://stackoverflow.com/a/55676351/9659885 – Bharat Vasant May 24 '19 at 06:49

0 Answers0