PKCS11Ontercorp
Nilesh Chaudhari
Hi Jaroslav,
Thank you giving time to reply my question i would like to share you following cases need to clarify from your end
1.Slots not showin in below source code
/// <summary>
/// Initializes a new instance of the Pkcs11Signature class
/// </summary>
/// <param name="libraryPath">Path to the unmanaged PCKS#11 library</param>
/// <param name="tokenSerial">Serial number of the token (smartcard) that contains signing key. May be null if tokenLabel is specified.</param>
/// <param name="tokenLabel">Label of of the token (smartcard) that contains signing key. May be null if tokenSerial is specified.</param>
/// <param name="pin">PIN for the token (smartcard)</param>
/// <param name="ckaLabel">Label (value of CKA_LABEL attribute) of the private key used for signing. May be null if ckaId is specified.</param>
/// <param name="ckaId">Hex encoded string with identifier (value of CKA_ID attribute) of the private key used for signing. May be null if ckaLabel is specified.</param>
/// <param name="hashAlgorihtm">Hash algorihtm used for the signature creation</param>
public Pkcs11RsaSignature(string libraryPath, string tokenSerial, string tokenLabel, string pin, string ckaLabel, string ckaId, HashAlgorithm hashAlgorihtm)
{
byte[] pinValue = (pin == null) ? null : ConvertUtils.Utf8StringToBytes(pin);
byte[] ckaIdValue = (ckaId == null) ? null : ConvertUtils.HexStringToBytes(ckaId);
InitializePkcs11Signature(libraryPath, tokenSerial, tokenLabel, pinValue, ckaLabel, ckaIdValue, hashAlgorihtm);
}
/// <summary>
/// Initializes a new instance of the Pkcs11Signature class
/// </summary>
/// <param name="libraryPath">Path to the unmanaged PCKS#11 library</param>
/// <param name="tokenSerial">Serial number of the token (smartcard) that contains signing key. May be null if tokenLabel is specified.</param>
/// <param name="tokenLabel">Label of of the token (smartcard) that contains signing key. May be null if tokenSerial is specified.</param>
/// <param name="pin">PIN for the token (smartcard)</param>
/// <param name="ckaLabel">Label (value of CKA_LABEL attribute) of the private key used for signing. May be null if ckaId is specified.</param>
/// <param name="ckaId">Identifier (value of CKA_ID attribute) of the private key used for signing. May be null if ckaLabel is specified.</param>
/// <param name="hashAlgorihtm">Hash algorihtm used for the signature creation</param>
public Pkcs11RsaSignature(string libraryPath, string tokenSerial, string tokenLabel, byte[] pin, string ckaLabel, byte[] ckaId, HashAlgorithm hashAlgorihtm)
{
InitializePkcs11Signature(libraryPath, tokenSerial, tokenLabel, pin, ckaLabel, ckaId, hashAlgorihtm);
}
/// <summary>
/// Initializes a new instance of the Pkcs11Signature class
/// </summary>
/// <param name="libraryPath">Path to the unmanaged PCKS#11 library</param>
/// <param name="tokenSerial">Serial number of the token (smartcard) that contains signing key. May be null if tokenLabel is specified.</param>
/// <param name="tokenLabel">Label of of the token (smartcard) that contains signing key. May be null if tokenSerial is specified.</param>
/// <param name="pin">PIN for the token (smartcard)</param>
/// <param name="ckaLabel">Label (value of CKA_LABEL attribute) of the private key used for signing. May be null if ckaId is specified.</param>
/// <param name="ckaId">Identifier (value of CKA_ID attribute) of the private key used for signing. May be null if ckaLabel is specified.</param>
/// <param name="hashAlgorihtm">Hash algorihtm used for the signature creation</param>
private void InitializePkcs11Signature(string libraryPath, string tokenSerial, string tokenLabel, byte[] pin, string ckaLabel, byte[] ckaId, HashAlgorithm hashAlgorihtm)
{
try
{
if (string.IsNullOrEmpty(libraryPath))
throw new ArgumentNullException("libraryPath");
_pkcs11 = new Pkcs11(libraryPath, true);
_slot = GetUsableSlot(_pkcs11); //FindSlot(tokenSerial, tokenLabel); èFindSlot Function returning null value whether HSM having 1 slots.I had cread one methods which pass pkcs showing at below as
if (_slot == null)
throw new TokenNotFoundException(string.Format("Token with serial \"{0}\" and label \"{1}\" was not found", tokenSerial, tokenLabel));
_session = _slot.OpenSession(true);
_session.Login(CKU.CKU_USER, pin);
_privateKeyHandle = FindPrivateKey(ckaLabel, ckaId);
_ckaLabel = ckaLabel;
_ckaId = ckaId;
if (!Enum.IsDefined(typeof(HashAlgorithm), hashAlgorihtm))
throw new ArgumentException("Invalid hash algorithm specified");
_hashAlgorihtm = hashAlgorihtm;
}
catch
{
if (_session != null)
{
_session.Dispose();
_session = null;
}
if (_pkcs11 != null)
{
_pkcs11.Dispose();
_pkcs11 = null;
}
throw;
}
}
#endregion
//NILESH
private Slot GetUsableSlot(Pkcs11 pkcs11)
{
// Get list of available slots
List<Slot> slots = pkcs11.GetSlotList(true);
// Let's use first slot with token present
return slots[0];
}
#region Private methods
/// <summary>
/// Finds slot containing the token that matches specified criteria
/// </summary>
/// <param name="tokenSerial">Serial number of token that should be found</param>
/// <param name="tokenLabel">Label of token that should be found</param>
/// <returns>Slot containing the token that matches specified criteria</returns>
private Slot FindSlot(string tokenSerial, string tokenLabel)
{
if (this._disposed)
throw new ObjectDisposedException(this.GetType().FullName);
if (string.IsNullOrEmpty(tokenSerial) && string.IsNullOrEmpty(tokenLabel))
throw new ArgumentException("Token serial and/or label has to be specified");
List<Slot> slots = _pkcs11.GetSlotList(true);
foreach (Slot slot in slots)
{
TokenInfo tokenInfo = null;
try
{
tokenInfo = slot.GetTokenInfo();
}
catch (Pkcs11Exception ex)
{
if (ex.RV != CKR.CKR_TOKEN_NOT_RECOGNIZED && ex.RV != CKR.CKR_TOKEN_NOT_PRESENT)
throw;
}
if (tokenInfo == null)
continue;
if (!string.IsNullOrEmpty(tokenSerial))
if (0 != String.Compare(tokenSerial, tokenInfo.SerialNumber, StringComparison.InvariantCultureIgnoreCase))
continue;
if (!string.IsNullOrEmpty(tokenLabel))
if (0 != String.Compare(tokenLabel, tokenInfo.Label, StringComparison.InvariantCultureIgnoreCase))
continue;
return slot;
}
return null;
}
//NILESH
private Slot GetUsableSlot(Pkcs11 pkcs11)
{
// Get list of available slots
List<Slot> slots = pkcs11.GetSlotList(true);
// Let's use first slot with token present
return slots[0];
}
/// <summary>
/// Finds slot containing the token that matches specified criteria
/// </summary>
/// <param name="tokenSerial">Serial number of token that should be found</param>
/// <param name="tokenLabel">Label of token that should be found</param>
/// <returns>Slot containing the token that matches specified criteria</returns>
private Slot FindSlot(string tokenSerial, string tokenLabel)
{
if (this._disposed)
throw new ObjectDisposedException(this.GetType().FullName);
if (string.IsNullOrEmpty(tokenSerial) && string.IsNullOrEmpty(tokenLabel))
throw new ArgumentException("Token serial and/or label has to be specified");
List<Slot> slots = _pkcs11.GetSlotList(true);
foreach (Slot slot in slots)
{
TokenInfo tokenInfo = null;
try
{
tokenInfo = slot.GetTokenInfo();
}
catch (Pkcs11Exception ex)
{
if (ex.RV != CKR.CKR_TOKEN_NOT_RECOGNIZED && ex.RV != CKR.CKR_TOKEN_NOT_PRESENT)
throw;
}
if (tokenInfo == null)
continue;
if (!string.IsNullOrEmpty(tokenSerial))
if (0 != String.Compare(tokenSerial, tokenInfo.SerialNumber, StringComparison.InvariantCultureIgnoreCase))
continue;
if (!string.IsNullOrEmpty(tokenLabel))
if (0 != String.Compare(tokenLabel, tokenInfo.Label, StringComparison.InvariantCultureIgnoreCase)) /// returning -1
continue;
return slot;
}
return null;
}
In above case I had tried lot of time for your source code but failed.I want to clear from your end whether I have created only 1 slots in HSM that’s the problem or any other please clear me I want to know String.Compare(tokenLabel, tokenInfo.Label, StringComparison.InvariantCultureIgnoreCase) why the comparision is required to check
2.issue related to digital certificate not sign to pdf I had refered all the code from Pkcs11Interop.PDF-master
I got another error on ICollection<Org.BouncyCastle.X509.X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates);
“Provided certificates do not contain self-signed root certificate"
at Net.Pkcs11Interop.PDF.CertUtils.BuildCertPath(Byte[] signingCertificate, List`1 otherCertificates) in c:\Users\INT3401\Desktop\HSMBySify\Pkcs11Interop.PDF-master\Pkcs11Interop.PDF-master\src\Pkcs11Interop.PDF\CertUtils.cs:line 182
at HSMCOMM.Form1.SignPdfDocument() in c:\Users\INT3401\Desktop\HSMBySify\Practise\HSMCOMM\HSMCOMM\Form1.cs:line 252
at HSMCOMM.Form1.button2_Click(Object sender, EventArgs e) in c:\Users\INT3401\Desktop\HSMBySify\Practise\HSMCOMM\HSMCOMM\Form1.cs:line 179
error raise on below your source code
foreach (byte[] otherCertificate in otherCertificates)
{
BCX509.X509Certificate otherCert = ToBouncyCastleObject(otherCertificate);
otherCerts.Add(ToBouncyCastleObject(otherCertificate));
if (IsSelfSigned(otherCert))
trustAnchors.Add(new TrustAnchor(otherCert, null)); //error come at that line
}
I request to please go with HSM details that shared from HSM vendor and certificate is attached.
HSM Appliance
Login : admin
pwd : P@ssw0rd
Partition Name : partition1 / Slot1
P@ssw0rd
handle=14 label=Nilesh Chaudhari : Certificate
handle=18 label=Nilesh Chaudhari : Public Key
handle=19 label=Nilesh Chaudhari : Private Key
id = 111111
Jaroslav Imrich
I am not sure I understand what is your question. Let's assume that you have problem identifying correct slot so please post the output from demo app [0] executed with the following parameters:
Pkcs11Interop.PDF.Demo.exe --pkcs11-library "your_pkcs11_library.dll" --list-tokens
Don't forget to replace "your_pkcs11_library.dll" with the correct name of the PKCS#11 library shipped by your HSM vendor.
Regards, Jaroslav
[0] https://github.com/jariq/Pkcs11Interop.PDF/tree/master/src/Pkcs11Interop.PDF.Demo
Nilesh Chaudhari
Thank you for sharing me slots related query solution i had tried following o/p showing.
Please my target is to print digital signature to uploaded pdf from HSM.please guide me i am new for the same.
Regards
Nilesh
...
Jaroslav Imrich
tokenSerial = "454186010"
tokenLabel = "partition1"
Nilesh Chaudhari
Thank you very much for solved my 1 problem but i am struggling now signing digital certificate but throw error as
I got another error on ICollection<Org.BouncyCastle.X509.X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates);
“Provided certificates do not contain self-signed root certificate"
at Net.Pkcs11Interop.PDF.CertUtils.BuildCertPath(Byte[] signingCertificate, List`1 otherCertificates) in c:\Users\INT3401\Desktop\HSMBySify\Pkcs11Interop.PDF-master\Pkcs11Interop.PDF-master\src\Pkcs11Interop.PDF\CertUtils.cs:line 182
at HSMCOMM.Form1.SignPdfDocument() in c:\Users\INT3401\Desktop\HSMBySify\Practise\HSMCOMM\HSMCOMM\Form1.cs:line 252
at HSMCOMM.Form1.button2_Click(Object sender, EventArgs e) in c:\Users\INT3401\Desktop\HSMBySify\Practise\HSMCOMM\HSMCOMM\Form1.cs:line 179
error raise on below your source code
foreach (byte[] otherCertificate in otherCertificates)
{
BCX509.X509Certificate otherCert = ToBouncyCastleObject(otherCertificate);
otherCerts.Add(ToBouncyCastleObject(otherCertificate));
if (IsSelfSigned(otherCert))
trustAnchors.Add(new TrustAnchor(otherCert, null)); //error come at that line
}
I request to please go with HSM
details that i had already shared you and certificate is attached also
On Wednesday, March 9, 2016 at 11:07:58 AM UTC+5:30, Nilesh Chaudhari wrote:
...
Jaroslav Imrich
Regards, Jaroslav
Nilesh Chaudhari
possible then let me know
Jaroslav Imrich
Thank you jaroslave can I pass null value to outer certicate.if
possible then let me know
I am not sure I understand what does "outer certificate" refer to.
Nilesh Chaudhari
As you provided solution not to be understand if you possible to share me source code then its better to understand will you please explain me
what the below code
// When signing certificate is stored on the token it can be usually read with GetSigningCertificate() method
byte[] signingCertificate = pkcs11RsaSignature.GetSigningCertificate();
// All certificates stored on the token can be usually read with GetAllCertificates() method
List<byte[]> otherCertificates = pkcs11RsaSignature.GetAllCertificates();
till the same issue come.please guide me.I need to complete at the earliest.
On Wednesday, March 9, 2016 at 11:07:58 AM UTC+5:30, Nilesh Chaudhari wrote:
...
Nilesh Chaudhari
Hi Jaroslav,
I had tried from pkcs11Interop.PDF.Demo.exe but same error coming see the below stacktrace
C:\Users\INT3401\Desktop\HSMBySify\Pkcs11Interop.PDF-master\Pkcs11Interop.PDF-master\src\Pkcs11Interop.PDF.Demo\bin\Release>pkcs11Interop.PDF.Demo.exe --pkcs11-library "cryptoki.dll" "--sign" "--token-serial" "454186010" "--token-label" "partition1" "--key-label" "Nilesh Chaudhari" "--pin" "P@ssw0rd" "--input-pdf" "C\temp\unsigned.pdf" "--output-pdf" "C\tem\Signed.pdf"
Signing PDF document "C\temp\unsigned.pdf" using private key with ID "" and label "Nilesh Chaudhari" stored on token with serial "454186010" and label "partition1"
Operation error: Org.BouncyCastle.Pkix.PkixCertPathBuilderException - Provided certificates do not contain self-signed root certificate
at Net.Pkcs11Interop.PDF.CertUtils.BuildCertPath(Byte[] signingCertificate, List`1 otherCertificates) in c:\Users\INT3401\Desktop\HSMBySify\Pkcs11Interop.PDF-master\Pkcs11Interop.PDF-master\src\Pkcs11Interop.PDF\CertUtils.cs:line 182
On Wednesday, March 9, 2016 at 11:07:58 AM UTC+5:30, Nilesh Chaudhari wrote:
...
Jaroslav Imrich
C:\Users\INT3401\Desktop\HSMBySify\Pkcs11Interop.PDF-master\Pkcs11Interop.PDF-master\src\Pkcs11Interop.PDF.Demo\bin\Release>pkcs11Interop.PDF.Demo.exe --pkcs11-library "cryptoki.dll" "--sign" "--token-serial" "454186010" "--token-label" "partition1" "--key-label" "Nilesh Chaudhari" "--pin" "P@ssw0rd" "--input-pdf" "C\temp\unsigned.pdf" "--output-pdf" "C\tem\Signed.pdf"
Signing PDF document "C\temp\unsigned.pdf" using private key with ID "" and label "Nilesh Chaudhari" stored on token with serial "454186010" and label "partition1"
Operation error: Org.BouncyCastle.Pkix.PkixCertPathBuilderException - Provided certificates do not contain self-signed root certificate
at Net.Pkcs11Interop.PDF.CertUtils.BuildCertPath(Byte[] signingCertificate, List`1 otherCertificates) in c:\Users\INT3401\Desktop\HSMBySify\Pkcs11Interop.PDF-master\Pkcs11Interop.PDF-master\src\Pkcs11Interop.PDF\CertUtils.cs:line 182
at Net.Pkcs11Interop.PDF.DemoApp.Main(String[] args) in c:\Users\INT3401\Desktop\HSMBySify\Pkcs11Interop.PDF-master\Pkcs11Interop.PDF-master\src\Pkcs11Interop.PDF.Demo\DemoApp.cs:line 377
Nilesh Chaudhari
C:\Users\INT3401\Desktop\HSMBySify\Pkcs11Interop.PDF-master\Pkcs11Interop.PDF-master\src\Pkcs11Interop.PDF.Demo\bin\Release>pkcs11Interop.PDF.Demo.exe --pkcs11-library "cryptoki.dll" "--sign" "--token-serial" "454186010" "--token-label" "partition1" "--key-label" "Nilesh Chaudhari" "--pin" "P@ssw0rd" "--input-pdf" "C\temp\unsigned.pdf" "--output-pdf" "C\tem\Signed.pdf" "--certs-dir" "C:\Users\INT3401\Desktop\HSMBySify\ca-certs\"
Signing PDF document "C\temp\unsigned.pdf" using private key with ID "" and label "Nilesh Chaudhari" stored on token with serial "454186010" and label "partition1"
at System.IO.Path.CheckInvalidPathChars(String path)
at System.IO.Path.NormalizePathFast(String path, Boolean fullCheck)
at System.IO.Path.NormalizePath(String path, Boolean fullCheck)
at System.IO.Path.GetFullPathInternal(String path)
at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption)
at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
at System.IO.Directory.GetFiles(String path)
at Net.Pkcs11Interop.PDF.DemoApp.Main(String[] args) in c:\Users\INT3401\Desktop\HSMBySify\Pkcs11Interop.PDF-master\Pkcs11Interop.PDF-master\src\Pkcs11Interop.PDF.Demo\DemoApp.cs:line 117
C:\Users\INT3401\Desktop\HSMBySify\Pkcs11Interop.PDF-master\Pkcs11Interop.PDF-master\src\Pkcs11Interop.PDF.Demo\bin\Release>
I want to sign through application level not from command please guide me I want close this at the earliest.
On Wednesday, March 9, 2016 at 11:07:58 AM UTC+5:30, Nilesh Chaudhari wrote:
...
Nilesh Chaudhari
Please guide me I am awaiting your reply
Regards
Nilesh
On Wednesday, March 9, 2016 at 11:07:58 AM UTC+5:30, Nilesh Chaudhari wrote:
...
Jaroslav Imrich
I am sorry but I won't be able to help you. It seems that Pkcs11Interop.PDF library requires a lot of integration on your side and therefore is not a best solution for you. Your best bet is to use some other library.
Nilesh Chaudhari
We are in last stage of development.I am so surprising why and what is
the reason behind that i unable use Pkcs11Interop.PDF library for DG
signing to PDF.If you possible to you some solution related to my code
then suggest,I will modify in my source code.or suggest my which are
other library are available.
Hope you understand my situation and appreciate your help
Regards
Nilesh
Nilesh Chaudhari
Finally I got one solution that was already you was shared to me i.e. I was pass full certification path for my "signingCertificate". CA that issued my certificate.also used following code for getting all the details of certificate from path as
// Read additional certificates from directory
if (!string.IsNullOrEmpty(certsDir))
foreach (string file in Directory.GetFiles(certsDir))
otherCertificates.Add(File.ReadAllBytes(file));
DG successfully applied to PDF.I want some clarification from your side.every time i need to pass root certificate through path why that need to pass.please guide me I am in last phase of development.
I really thankful to your support..
Regards
Nilesh
On Wednesday, March 9, 2016 at 11:07:58 AM UTC+5:30, Nilesh Chaudhari wrote:
...
Jaroslav Imrich
I want some clarification from your side.every time i need to pass root certificate through path why that need to pass.
Nilesh Chaudhari
Thank you very much for explanation.I have requirement.I want to sign in bulk i.e unsigned PDF call from folder and sign all the PDF through Pkcs11Interop.PDF library. will you please guide me how i do the same also and tell me how i show PDF sign notation inside PDF.
Regards
Nilesh
On Wednesday, March 9, 2016 at 11:07:58 AM UTC+5:30, Nilesh Chaudhari wrote:
...
Jaroslav Imrich
I want to sign in bulk i.e unsigned PDF call from folder and sign all the PDF through Pkcs11Interop.PDF library.
[0] https://github.com/jariq/Pkcs11Interop.PDF/blob/1.2.0/src/Pkcs11Interop.PDF.Tests/Pkcs11RsaSignatureTest.cs#L712
tell me how i show PDF sign notation inside PDF.
[1] http://itextpdf.com/support
Nilesh Chaudhari
I wanted to know It is possible to call all signature name existing in HSM into List or drop down box.Please let me know how its posible
Regards
Nilesh
con...@savsoft.info
I am also getting same error message " Provided certificates do not contain self-signed root certificate"
Can you please share how did you add path in variable certsDir ?
Nilesh Chaudhari
--
You received this message because you are subscribed to a topic in the Google Groups "Pkcs11Interop" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/pkcs11interop/zcajK5RQh9g/unsubscribe.
To unsubscribe from this group and all its topics, send an email to pkcs11intero...@googlegroups.com.
To post to this group, send email to pkcs11...@googlegroups.com.
Visit this group at https://groups.google.com/group/pkcs11interop.
To view this discussion on the web visit https://groups.google.com/d/msgid/pkcs11interop/7e3ccae9-268d-4afe-896f-0f5d0c2c8f49%40googlegroups.com.
con...@savsoft.info
On Wednesday, March 9, 2016 at 11:07:58 AM UTC+5:30, Nilesh Chaudhari wrote:
con...@savsoft.info
I have signed pdf successfully but had an issue.
PDF doesn't contain signature validate icon.
Like message "Signature valid or invalid"
Adobe reader show green tick on top-left corner but no signature stamp in pdf document.
con...@savsoft.info
Nilesh Chaudhari
--
You received this message because you are subscribed to a topic in the Google Groups "Pkcs11Interop" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/pkcs11interop/zcajK5RQh9g/unsubscribe.
To unsubscribe from this group and all its topics, send an email to pkcs11intero...@googlegroups.com.
To post to this group, send email to pkcs11...@googlegroups.com.
Visit this group at https://groups.google.com/group/pkcs11interop.
To view this discussion on the web visit https://groups.google.com/d/msgid/pkcs11interop/11af648b-d106-45fd-87ab-79d2315c3e9b%40googlegroups.com.
con...@savsoft.info
string unsignedPdfPath = @"C:\pdfcertificates\unsigned\un.pdf";
string signedPdfPath = @"C:\pdfcertificates\signed\sn.pdf";
string libraryPath = @"C:\Windows\System32\SignatureP11.dll";
// Do something interesting with unsigned PDF document
FileInfo unsignedPdfInfo = new FileInfo(unsignedPdfPath);
// Assert.IsTrue(unsignedPdfInfo.Length > 0);
// Specify label of of the token that contains signing key. May be null if tokenSerial is specified
string tokenLabel = null;
// Specify PIN for the token
string pin = "987654";
// Specify label (value of CKA_LABEL attribute) of the private key used for signing. May be null if ckaId is specified.
string ckaLabel = null;
// Specify hex encoded string with identifier (value of CKA_ID attribute) of the private key used for signing. May be null if ckaLabel is specified.
string ckaId = "686a9f35e1eb104ae05e9c65df715481b38ced40";
// Specify hash algorihtm used for the signature creation
HashAlgorithm hashAlgorithm = HashAlgorithm.SHA256;
string certsDir = @"C:\Program Files (x86)\Watchdata\WD PROXKey\Cert";
// Create instance of Pkcs11Signature class that allows iText to create PKCS#1 v1.5 RSA signature with the private key stored on PKCS#11 compatible device
using (Pkcs11RsaSignature pkcs11RsaSignature = new Pkcs11RsaSignature(libraryPath, tokenSerial, tokenLabel, pin, ckaLabel, ckaId, hashAlgorithm))
{
// When signing certificate is stored on the token it can be usually read with GetSigningCertificate() method
byte[] signingCertificate = pkcs11RsaSignature.GetSigningCertificate();
// All certificates stored on the token can be usually read with GetAllCertificates() method
List<byte[]> otherCertificates = pkcs11RsaSignature.GetAllCertificates();
// Read additional certificates from directory
if (!string.IsNullOrEmpty(certsDir))
foreach (string file in Directory.GetFiles(certsDir))
otherCertificates.Add(File.ReadAllBytes(file));
// Build certification path for the signing certificate
ICollection<Org.BouncyCastle.X509.X509Certificate> certPath = CertUtils.BuildCertPath(signingCertificate, otherCertificates);
// Read unsigned PDF document
using (PdfReader pdfReader = new PdfReader(unsignedPdfPath))
{
// Create output stream for signed PDF document
using (FileStream outputStream = new FileStream(signedPdfPath, FileMode.Create))
{
// Create PdfStamper that applies extra content to the PDF document
using (PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0', Path.GetTempFileName(), true))
{
// Sign PDF document
MakeSignature.SignDetached(pdfStamper.SignatureAppearance, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES);
}
}
}
}
Nilesh Chaudhari
--
You received this message because you are subscribed to a topic in the Google Groups "Pkcs11Interop" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/pkcs11interop/zcajK5RQh9g/unsubscribe.
To unsubscribe from this group and all its topics, send an email to pkcs11intero...@googlegroups.com.
To post to this group, send email to pkcs11...@googlegroups.com.
Visit this group at https://groups.google.com/group/pkcs11interop.
To view this discussion on the web visit https://groups.google.com/d/msgid/pkcs11interop/9218bb67-9e60-4547-b9ec-116230a22174%40googlegroups.com.
con...@savsoft.info
Using itextsharp.
I want appearance like http://www.plotsoft.com/images/sign_valid.png
Nilesh Chaudhari
To unsubscribe from this group and all its topics, send an email to pkcs11intero...@googlegroups.com.
To post to this group, send email to pkcs11...@googlegroups.com.
Visit this group at https://groups.google.com/group/pkcs11interop.
To view this discussion on the web visit https://groups.google.com/d/msgid/pkcs11interop/860e91d0-7072-46ca-ba17-8adf321154fd%40googlegroups.com.
con...@savsoft.info
I am PHP Developer, contact me if you required any support for PHP platform.
Thanks again!
Following code works.
using (PdfStamper pdfStamper = PdfStamper.CreateSignature(pdfReader, outputStream, '\0', Path.GetTempFileName(), true))
{
// Sign PDF document
PdfSignatureAppearance signapp= pdfStamper.SignatureAppearance;
signapp.Reason=reason;
signapp.Location=location;
signapp.SignDate=DateTime.Now;
signapp.SetVisibleSignature(new iTextSharp.text.Rectangle(340, 80, 550,160), 1, "signatureName");
// Sign PDF document
MakeSignature.SignDetached(signapp, pkcs11RsaSignature, certPath, null, null, null, 0, CryptoStandard.CADES);
}