0

I have a hash of a certificate using the example at http://techblog.bozho.net/?p=37 and wish to use this to fill in a signature field in a pdf form with iTextSharp. Does anyone have any examples or know how? This is a web app and the only method I can find for capturing the signature from a smart card local to the client.

Ken

user1689636
  • 1

1 Answers1

0

You can't use a hash of the certificate for signing. Signing is performed using the private key (and not its hash either).

For web application you have two options - either transfer the whole document to the client, or use some distributed signing mechanism which involves a client-side module (either a browser plugin / java applet or a standalone application).

Our company developed a distributed cryptography add-on to SecureBlackbox, which is described in details in this SO answer and which does what you need. The scheme in the answer explains how distributed signing would work.

Community
  • 1
  • 1
Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121
  • Maybe i phrased that incorrectly. I have a hash of a signature using javascript and outdated method via CAPICOM. The script referenced above prompts me to choose which cert from my I.E. store to use for signing, which I did. I then want to transfer this hash to the web server and using IText to parse it and sign the document server side. Are we still talking the same scenario? – user1689636 Apr 22 '14 at 15:34
  • @user1689636 Well, I can't say about iText, though this might be possible with it as well. With our PDF security components this is possible. Yet I must note, that JavaScript-based security is insecure – Eugene Mayevski 'Callback Apr 22 '14 at 18:08