iText detached signature means -
could please explain me more in details giving me illustration (one attached , 1 detached) of itext detached signature means?
i found wonderful documentation: itext digital signature pdf itext digital signature i'm still not sure understand itext detached signature concept.
readig documetation (see link) found definition :
in pdf, refer detached signature. according wikipedia, detached signature type of digital signature kept ‘separate signed data’, opposed ‘bundled single file’. this definition isn’t exclusively right in context of pdf: signature enclosed in pdf file, attributes of signature ‘part of signature’, opposed ‘stored in signature dictionary’.
where not clear me " attributes of signature " means (what signature attributes it's refer ?)
note author of article (itext documentation) he's working snippets of signed pdf file:
class="lang-none prettyprint-override">%pdf-1.4 %âãÏÓ 3 0 obj <</f 132/type/annot/subtype/widget/rect[0 0 0 0]/ft/sig /dr<<>>/t(signature)/v 1 0 r/p 4 0 r/ap<</n 2 0 r>>>> endobj 1 0 obj <</contents <0481801e6d931d561563fb254e27c846e08325570847ed63d6f9e35 ... b2c8788a5> /type/sig/subfilter/adbe.pkcs7.detached/location(ghent)/m(d:20120928104114+02'00') /byterange [0 160 16546 1745 ]/filter/adobe.ppklite/reason(test)/contactinfo()>> endobj ... 9 0 obj <</length 63>>stream q bt 36 806 td 0 -18 td /f1 12 tf (hello world!)tj 0 0 td et q endstream endobj ... 11 0 obj <</type/catalog/acroform<</fields[3 0 r]/dr<</font<</helv 5 0 r /zadb 6 0 r>>>>/da(/helv 0 tf 0 g )/sigflags 3>>/pages 10 0 r>> endobj xref 0 12 0000000000 65535 f ... 0000017736 00000 n trailer <</root 11 0 r/id [<08ed1afb8ac41e841738c8b24d592465><bd91a30f9c94b8facf5673e7d7c998dc>]/info 7 0 r/size 12>> startxref 17879 %%eof
while white paper quoted from, digital signatures pdf documents bruno lowagie, indeed must-read attempting create integrated pdf signatures using itext (and source of info if not using itext), concur explanation therein of utilize of word "detached" in "detached pdf signature" doesn't nail home:
note: in pdf, refer detached signature. according wikipedia, detached signature type of digital signature kept ‘separate signed data’, opposed ‘bundled single file’. definition isn’t exclusively right in context of pdf: signature enclosed in pdf file, attributes of signature ‘part of signature’, opposed ‘stored in signature dictionary’.
first of all, calling these signatures "detached" not term enforced current specification. reason why anyway, identifier used in signature dictionaries of such signatures (adbe.pkcs7.detached or etsi.cades.detached) contains word.
thus, question should be: why these identifiers contain word "detached"?
to understand 1 needs know there 2 kinds of integrated pdf signatures embed pkcs#7 signature container pdf, respectively identified adbe.pkcs7.detached , adbe.pkcs7.sha1.
the difference between these 2 types of signatures that
for adbe.pkcs7.sha1 signatures sha1 digest signed byte ranges of pdf calculated , embedded incontentinfo construction of signature container , embedded info packet signed in pkcs#7 way; for adbe.pkcs7.detached signatures, on other hand, the contentinfo construction of signature container left empty , signed info ranges of external document signed in pkcs#7 way. thus, in case of adbe.pkcs7.sha1 signatures signed info embedded in container while in case of adbe.pkcs7.detached signatures signed info not.
thus, on level of pkcs#7 signature containers signed info , signature detached each other in latter case.
(the fact signing in pkcs#7 way can --- , --- include calculating hash of info sign, adding hash number of so-called authenticated attributes, , signing these special attributes, shouldn't distract us.)
the other type of detached signatures (etsi.cades.detached) constructed adbe.pkcs7.detached containers. differences between them profiling of additional attributes of container.
the white paper's argumentation concerning attributes beingness part of signature container illustrate difference between signature types mentioned before , adbe.x509.rsa_sha1 signatures 3rd original integrated pdf signature type. type not based on signature containers naked signatures; thus, info in case has stored in own structures in pdf
itext digital-signature
No comments:
Post a Comment