Digital Signatures break

Similar Messages

• Please help me with the digital signature validation problem?

  Please help me with the digital signature validation problem?

  Hi
  Execute the program in the Debuggin mode.
  In the Debugger Window
  Select Breakpoint -> Break point at -> Breakpoint at source code Menu Item and enter the details of the program/include/line no..
  Activate the System Debugger On from the Settings Menu.
  Hope this would help you.
  Murthy
  Edited by: Kalyanam Seetha Rama Murthy on Jul 18, 2008 7:20 AM

• Issue with multiple digital signatures disabling fast web view

  Hello, I'm using acrobat 9.1 pro and have some questions regarding an issue using multiple signatures on a pdf.
  Why am I asking the question below? My job involves preparing pdf's for submission to FDA. The FDA requires, among other things, that electronically submitted docs have fast web view enabled.
  I am currently exploring ways of using digital signatures to sign pdf reports and still make sure they are FDA spec compliant. My issue involves a document that would have multiple signature fields. What I do is create at least two signature fields in the doc and then save and optimize while enabling fast web view. When I sign the first box and save, the file retains the fast web view status. Yet, when I apply and signatures past the first one, the file is subsequently set to fast web view off without any obvious way of turning it back on. I am confused as to why it gets disabled only after the second, and not right after even the first one was signed. And, of course, I would like to know if it is possible to maintain fast web view and how to do it. I'll gladly accept "tinkering under the hood" of the file suggestions if they exist as well.
  Please let me know if anything is unclear or you need further information.
  Thanks for your time and help.
  ~Vlad

  Hi Vlad,
  Michael actual had the correct answer. The purpose of a "Linearized" file (i.e. a file that has been Optimized for Fast Web View) is to get the first page to display as soon as possible so you can start reading without waiting for the rest of the file to download. As an aside, the designated first page doesn't necessarily have to be page 0 (PDF's use a zero based counting system for pages), but usually it is. To quote the PDF specification, "The primary focus of Linearized PDF is optimized viewing of read-only PDF documents. It is intended that the Linearized PDF be generated once and read many times. Incremental update is still permitted, but the resulting PDF is no longer linearized and subsequently is treated as ordinary PDF."
  When you sign a PDF file the first time the Save process is a "full save", that is the entire document is rewritten so there are no more than two %%EOF (end-of-file) markers in it. The first EOF designates which page to show first and the second EOF designates the end of the rest of the file (so the browser knows when to stop downloading). However, when you add a second (or subsequent) signature the file is saved as an "incremental save" and all of the new data is tacked onto the the end of the original file. This is so you can do a rollback to the previous signed version and allows Acrobat/Reader to check the integrity of each signature independent of any other signatures. It's the incremental save that breaks the linearized optimization of the file.
  Steve

• Digital Signatures (.pfx)

  In the past, we have purchased digital ID's from Verisign to digitally sign our pdf forms.  They recently changed their website format and now when you purchase a digital ID, it will read "Persona Not Verified" as the name of the person that signs the document, instead of the user's actual name.  This totally negates the purpose of a digital signature and I do not understand their reasoning, but so be it.  Does anyone know where you can purchase a digital ID from a trusted source in .pfx format?  Thanks for your input.

  Hi,
  One thing to realize is that the Certificate Authority (the "CA") is treated as a trusted third party. That is, whoever is validating the signature is trusting that the CA verified the identity of the person to whom they issued the digital ID. If they hadn't vetted your identity then it is incumbent upon them to make sure that whoever receives the signed document realizes that the signers identity has not been properly verified. It was actually a break-down in trust on VeriSign's part for all of the years they issued short lived digital IDs that contained a name having not verified the actual identity of the person requesting the digital ID. They are no doing what they should have been doing for years.
  That said, there are many trusted CAs that will issue a digital ID, but what you are going to have a hard time doing is finding one that will issue a digital ID for free that contains your name. As mentioned above you can get a digital ID from Comodo, but as the poster said they had to purchase the ID. Comodo does offer a free digital ID that they call an "e-mail ID" because at the very least they can validate the e-mail address, but since you can create any e-mail address (provided someone else hasn't got that address) with any name associated with it Comodo leaves the name field blank (akin to where VeriSign uses "Persona Not Verified"). You could go back to VeriSign and buy a digital from them where they would add your name, but you have to provide them with proof of identity, but your going to find that with all CAs.
  Adobe partners with several CAs and you can get the list from http://helpx.adobe.com/acrobat/kb/certified-document-services.html but by no means is this an all inclusive list of the CAs that are out there. They number in the hundreds, but many of them are country specific.
  Steve

• Dynamic PDFs with Digital Signatures?

  LCD 9 – Acrobat 9 standard/Pro
  Looking for the definitive answer on this one.  My PDFs have a need to be both dynamic and use multiple digital signatures.  For now I design as static with multi dig sig and deal with break-out forms and such via a portfolio.
  It would be nice if I could design a form that has both flowable sections (think dynamically added rows in a table using script, or even simple textfields that expand as you fill them up via flowed content areas) and these digital signatures.  As soon as I make that PDF dynamic the signatures are immediately invalidated as the form shows changes.
  Is there any workaround to this?  Some of the process I have to design for need flowed fields, and all require digital signatures on the form.  We use Entrust as the security for dig sig - and that will not change so cannot use any inherent Adobe signature security methods.
  Thanks,
  Jim

  Hi Jim,
  Yes, the file was created for Acrobat 10, but other than the warning you see on file open it will behave the same way in 9.x as it does in 10. However that said, you don't want to look at the file in Acrobat because you can't edit it or see the layout there. You need to view the file in LiveCycle Designer which gets installed along with Acrobat, and when you do get the file open in Designer it won't complain. Once you get the file open in Acrobat select the Forms > Edit Form in Designer menu item and that's where you can see the properties used to get page flow to work.
  I've attached another copy without any data that won't complain when you open it in Acrobat. It is for all intents and purposes the same file, the only reason there are fewer pages is due to the lack of data in the table.
  Steve

• Digital signature help

  I have a created a PDF in Acrobat 8.0 that requires multiple digital signatures. I am emailing the file to the people and asking for their digital signature.  When I try to save the file with Person1's signature to a file with Person's2 digital signature, it deletes Person's1 signature and inserts Person2's signature. How can I save the file so both signatures are retained?
  I need help ASAP. It is driving me crazy.

  Hi,
  You can't merge signed files because it modifies the PDF layer which would break the signature. One of the limitations of digital signatures is they are serial operations, that is one signature follows the previous signature. You cannot do this in parallel and merger the contents into one file. You could put the multiple files into a single Package (later renamed to Portfolio in Acrobat 9) file, but each signed copy would still be a stand alone file attachment within the Package.
  The bottom line is, if you really need all of the different digital signatures in the same PDF file you need to send it to the first recipient, have them sign it, and then forward the file to the next recipient (or back to you).
  Steve

• Use of digital signatures within a workflow

  Hello all,
  We attempt to build a workflow, where users will be digitally signing the forms being routed. However there are implications some implications with signing the documents.
  Here is the use scenario
  1. Initiator fills a form with datadigitally signs the formand then submits the form.
  2. 1st participant reviews the signed formthen he also signs the form on a separate area
  3. The signed (by initiator and participant) form is then archived. The data are extracted and stored to a third party system (e.g. a database)
  What we have tried up to now
  a. used Designer 7.0 to design a XFA form template incorporating some data entry fields and two signature fields.
  b. embedded a binding schema and saved as .xdp
  deployed the form to LC Form Manager
  c. we RE the deployed form properties to allow for digital signatures in Reader
  d. used Workflow Designer to create a simple workflow with two users (initiator to fill and sign the form, 1st participant to sign the form, 2nd participant for viewing the result)
  3. set a Init-Form to use this particular template (the url points to our form)
  4. set a Form-Var (the variable is of type document, the XFA schema is also displayed)
  5. set data mappings (user properties) to use Form-Var as both input and output
  Now, the sad story
  i. initiator logins to FM, selects the form, fills some data, signs and submits the form
  ii. 1st participant receives a working item in his worklist
  iii. he opens the form, any data the initiator entered are there, BUT the digital signature field (where initiator previously signed) is EMPTY
  iv. initiator navigates to his archive and sees the same (data but no signature)
  Remark: whenever this form opens (1st participant worklist or initiator archive), the form takes up all the space within Internet Explorer, i.e. the FM left-side navigation and any other frames disappear
  Any idea to workaround on this would be great. Thanks in advance for your help,
  ~Evangelos

  Hi Evangelos,
  Your issue is that you are submitting back an XDP format and not the PDF format. To resolve this issue, open your form and select the FSSUBMIT_ field from the heirarchy. Click on the Object palette and look at your Submit options. On that tab look at the Submit Format dropdown. You will want to choose PDF instead of XML Data Package (XDP). I have attached the working version of your form!!!
  Basically you where reconstructing the PDF with the submitted data (the data does not have the signature in it) and hence the signature was being lost. The signature info is only part of the finished PDF.
  NOTE: that the signatures will break from step to step (i.e. a yellow exclamation mark will appear) but Adobe are aware of this, and it will be fixed in the future.
  regards
  David.

• Acrobat X Pro - Digital Signatures

  Good Morning!
  I am trying to add a digital signature field in Adobe Pro X.  It seems fine when I'm doing the editing and preview, but when I save as .pdf, the form doesn't allow it to be signed.  If I click on the form in that field nothing happens.
  Does anyone know what I'm missing?
  Thanks!
  Brian

  My apologies for my miscommunication, and thank you for your patience.  Do you think it has anything to do with the fact that I created it from MS Word?  Let me start from the beginning on what I did, because I might be breaking something:
  I created a "memo" in MS Word.
  Using Acrobat Pro X, I chose "create form" so I could add a digital signature field as well as a text field.
  When I go to Save As, Reader Extended PDF all of the options are greyed out so I can't select them.

• Implementing XAdES in Java XML Digital Signature API

  Hi,
  I've got some problems with implementing XAdES standard with Java XML Digital Signature API. Below is a code (SignatureTest1), that produces a digital signature with some XAdES tags placed in <ds:Object> tag. The signature is later validated with a Validator class. Everything works fine, until I set a XAdES namespace (SignatureTest1.xadesNS="http://uri.etsi.org/01903/v1.3.2#"). In this case validation of XAdES elements fails.
  The reason of validation failture is a difference between arguments passed to a digest method when document is being signed and validated. When the document is being signed a log looks like this:
  FINER: Pre-digested input:
  2007-08-21 15:38:44 org.jcp.xml.dsig.internal.DigesterOutputStream write
  FINER: <SignedProperties xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SignP"></SignedProperties>
  2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference digest
  FINE: Reference object uri = #SignP
  2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference digest
  FINE: Reference digesting completed,but while validating:
  FINER: Pre-digested input:
  2007-08-21 15:38:44 org.jcp.xml.dsig.internal.DigesterOutputStream write
  FINER: <SignedProperties xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SignP"></SignedProperties>
  2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference validate
  FINE: Expected digest: MAQ/vctdkyVHVzoQWnOnQdeBw8g=
  2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference validate
  FINE: Actual digest: D7WajkF0U5t1GnVJqj9g1IntLQg=
  2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate
  FINE: Reference[#SignP] is valid: falseHow can I fix this?
  Signer class:
  import java.io.FileInputStream;
  import java.io.FileOutputStream;
  import java.io.OutputStream;
  import java.security.KeyPair;
  import java.security.KeyPairGenerator;
  import java.util.ArrayList;
  import java.util.Collections;
  import java.util.Iterator;
  import java.util.List;
  import javax.xml.crypto.dom.DOMStructure;
  import javax.xml.crypto.dsig.CanonicalizationMethod;
  import javax.xml.crypto.dsig.DigestMethod;
  import javax.xml.crypto.dsig.Reference;
  import javax.xml.crypto.dsig.SignatureMethod;
  import javax.xml.crypto.dsig.SignedInfo;
  import javax.xml.crypto.dsig.Transform;
  import javax.xml.crypto.dsig.XMLObject;
  import javax.xml.crypto.dsig.XMLSignature;
  import javax.xml.crypto.dsig.XMLSignatureFactory;
  import javax.xml.crypto.dsig.dom.DOMSignContext;
  import javax.xml.crypto.dsig.dom.DOMValidateContext;
  import javax.xml.crypto.dsig.keyinfo.KeyInfo;
  import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
  import javax.xml.crypto.dsig.keyinfo.KeyValue;
  import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
  import javax.xml.crypto.dsig.spec.TransformParameterSpec;
  import javax.xml.parsers.DocumentBuilderFactory;
  import javax.xml.transform.Transformer;
  import javax.xml.transform.TransformerFactory;
  import javax.xml.transform.dom.DOMSource;
  import javax.xml.transform.stream.StreamResult;
  import org.w3c.dom.Document;
  import org.w3c.dom.Element;
  import org.w3c.dom.NodeList;
  import com.sun.org.apache.xml.internal.security.utils.IdResolver;
  public class SignatureTest1 {
       public static String xadesNS=null;//"http://uri.etsi.org/01903/v1.3.2#";
       public static String signatureID="Sig1";
       public static String signedPropID="SignP";
       public static void main(String[] arg) {
          try{
            XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
            List<Reference> refs = new ArrayList<Reference>();
            Reference ref1 = fac.newReference
                ("", fac.newDigestMethod(DigestMethod.SHA1, null),
                    Collections.singletonList
                  (fac.newTransform
                 (Transform.ENVELOPED, (TransformParameterSpec) null)),
                 null, null);
            refs.add(ref1);
            Reference ref2 = fac.newReference("#"+signedPropID,fac.newDigestMethod(DigestMethod.SHA1,null),null,"http://uri.etsi.org/01903/v1.3.2#SignedProperties",null);
            refs.add(ref2);
            SignedInfo si = fac.newSignedInfo
                (fac.newCanonicalizationMethod
                 (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
                  (C14NMethodParameterSpec) null),
                 fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
                 refs);
           KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
            kpg.initialize(512);
            KeyPair kp = kpg.generateKeyPair();
            KeyInfoFactory kif = fac.getKeyInfoFactory();
            KeyValue kv = kif.newKeyValue(kp.getPublic());
           KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
            dbf.setNamespaceAware(true);
            Document doc =
                dbf.newDocumentBuilder().parse("purchaseOrder.xml");
            DOMSignContext dsc = new DOMSignContext
                (kp.getPrivate(), doc.getDocumentElement());
            dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds");
            Element QPElement = createElement(doc, "QualifyingProperties",null,xadesNS);
          QPElement.setAttributeNS(null, "Target", signatureID);
          Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
          SPElement.setAttributeNS(null, "Id", signedPropID);
          IdResolver.registerElementById(SPElement, signedPropID);
          QPElement.appendChild(SPElement);
          Element UPElement = createElement(doc, "UnsignedProperties", null,xadesNS);
          QPElement.appendChild(UPElement);
          DOMStructure qualifPropStruct = new DOMStructure(QPElement);
          List<DOMStructure> xmlObj = new ArrayList<DOMStructure>();
          xmlObj.add(qualifPropStruct);
          XMLObject object = fac.newXMLObject(xmlObj,"QualifyingInfos",null,null);
          List objects = Collections.singletonList(object);
          XMLSignature signature = fac.newXMLSignature(si, ki,objects,signatureID,null);
            signature.sign(dsc);
            OutputStream os = new FileOutputStream("signedPurchaseOrder.xml");
            TransformerFactory tf = TransformerFactory.newInstance();
            Transformer trans = tf.newTransformer();
            trans.transform(new DOMSource(doc), new StreamResult(os));
          }catch(Exception e){
               e.printStackTrace();
          try{
          Validator.main(null);
          }catch(Exception e){
               System.out.println("Validator exception");
               e.printStackTrace();
       public static Element createElement(Document doc, String tag,String prefix, String nsURI) {
            String qName = prefix == null ? tag : prefix + ":" + tag;
           return doc.createElementNS(nsURI, qName);
  }Validator class:
  import javax.xml.crypto.*;
  import javax.xml.crypto.dsig.*;
  import javax.xml.crypto.dom.*;
  import javax.xml.crypto.dsig.dom.DOMValidateContext;
  import javax.xml.crypto.dsig.keyinfo.*;
  import java.io.FileInputStream;
  import java.security.*;
  import java.util.Collections;
  import java.util.Iterator;
  import java.util.List;
  import javax.xml.parsers.DocumentBuilderFactory;
  import org.w3c.dom.Document;
  import org.w3c.dom.NodeList;
  * This is a simple example of validating an XML
  * Signature using the JSR 105 API. It assumes the key needed to
  * validate the signature is contained in a KeyValue KeyInfo.
  public class Validator {
      // Synopsis: java Validate [document]
      //       where "document" is the name of a file containing the XML document
      //       to be validated.
      public static void main(String[] args) throws Exception {
       // Instantiate the document to be validated
       DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
       dbf.setNamespaceAware(true);
       Document doc =
              dbf.newDocumentBuilder().parse(new FileInputStream("signedPurchaseOrder.xml"));
       // Find Signature element
       NodeList nl =
           doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
       if (nl.getLength() == 0) {
           throw new Exception("Cannot find Signature element");
       // Create a DOM XMLSignatureFactory that will be used to unmarshal the
       // document containing the XMLSignature
       XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
       // Create a DOMValidateContext and specify a KeyValue KeySelector
          // and document context
       DOMValidateContext valContext = new DOMValidateContext
           (new KeyValueKeySelector(), nl.item(0));
       // unmarshal the XMLSignature
       XMLSignature signature = fac.unmarshalXMLSignature(valContext);
       // Validate the XMLSignature (generated above)
       boolean coreValidity = signature.validate(valContext);
       // Check core validation status
       if (coreValidity == false) {
               System.err.println("Signature failed core validation");
           boolean sv = signature.getSignatureValue().validate(valContext);
           System.out.println("signature validation status: " + sv);
           // check the validation status of each Reference
           Iterator i = signature.getSignedInfo().getReferences().iterator();
           for (int j=0; i.hasNext(); j++) {
            boolean refValid =
                ((Reference) i.next()).validate(valContext);
            System.out.println("ref["+j+"] validity status: " + refValid);
       } else {
               System.out.println("Signature passed core validation");
       * KeySelector which retrieves the public key out of the
       * KeyValue element and returns it.
       * NOTE: If the key algorithm doesn't match signature algorithm,
       * then the public key will be ignored.
      private static class KeyValueKeySelector extends KeySelector {
       public KeySelectorResult select(KeyInfo keyInfo,
                                          KeySelector.Purpose purpose,
                                          AlgorithmMethod method,
                                          XMLCryptoContext context)
              throws KeySelectorException {
              if (keyInfo == null) {
            throw new KeySelectorException("Null KeyInfo object!");
              SignatureMethod sm = (SignatureMethod) method;
              List list = keyInfo.getContent();
              for (int i = 0; i < list.size(); i++) {
            XMLStructure xmlStructure = (XMLStructure) list.get(i);
                   if (xmlStructure instanceof KeyValue) {
                      PublicKey pk = null;
                      try {
                          pk = ((KeyValue)xmlStructure).getPublicKey();
                      } catch (KeyException ke) {
                          throw new KeySelectorException(ke);
                      // make sure algorithm is compatible with method
                      if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
                          return new SimpleKeySelectorResult(pk);
              throw new KeySelectorException("No KeyValue element found!");
          //@@@FIXME: this should also work for key types other than DSA/RSA
       static boolean algEquals(String algURI, String algName) {
              if (algName.equalsIgnoreCase("DSA") &&
            algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1)) {
            return true;
              } else if (algName.equalsIgnoreCase("RSA") &&
                         algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1)) {
            return true;
              } else {
            return false;
      private static class SimpleKeySelectorResult implements KeySelectorResult {
       private PublicKey pk;
       SimpleKeySelectorResult(PublicKey pk) {
           this.pk = pk;
       public Key getKey() { return pk; }
  }PurchaseOrder.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <PurchaseOrder>
  <Item number="130046593231">
    <Description>Video Game</Description>
    <Price>10.29</Price>
  </Item>
  <Buyer id="8492340">
    <Name>My Name</Name>
    <Address>
     <Street>One Network Drive</Street>
     <Town>Burlington</Town>
     <State>MA</State>
     <Country>United States</Country>
     <PostalCode>01803</PostalCode>
    </Address>
  </Buyer>
  </PurchaseOrder>signedPurchaseOrder.xml with XAdES namespace:
  <?xml version="1.0" encoding="UTF-8" standalone="no"?><PurchaseOrder>
  <Item number="130046593231">
    <Description>Video Game</Description>
    <Price>10.29</Price>
  </Item>
  <Buyer id="8492340">
    <Name>My Name</Name>
    <Address>
     <Street>One Network Drive</Street>
     <Town>Burlington</Town>
     <State>MA</State>
     <Country>United States</Country>
     <PostalCode>01803</PostalCode>
    </Address>
  </Buyer>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Sig1"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>tVicGh6V+8cHbVYFIU91o5+L3OQ=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties" URI="#SignP"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>MAQ/vctdkyVHVzoQWnOnQdeBw8g=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>lSgzfZCRIlgrgr6YpNOdB3XWdF9P9TEiXfkNoqUpAru/I7IiyiFWJg==</ds:SignatureValue><ds:KeyInfo><ds:KeyValue><ds:DSAKeyValue><ds:P>/KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0ImbzRMqzVDZkVG9
  xD7nN1kuFw==</ds:P><ds:Q>li7dzDacuo67Jg7mtqEm2TRuOMU=</ds:Q><ds:G>Z4Rxsnqc9E7pGknFFH2xqaryRPBaQ01khpMdLRQnG541Awtx/XPaF5Bpsy4pNWMOHCBiNU0Nogps
  QW5QvnlMpA==</ds:G><ds:Y>p48gU203NGPcs9UxEQQQzQ19KBtDRGfEs3BDt0cbCRJHMh3EoySpeqOnuTeKLXuFr96nzAPq4BEU
  dNAc7XpDvQ==</ds:Y></ds:DSAKeyValue></ds:KeyValue></ds:KeyInfo><ds:Object Id="QualifyingInfos"><QualifyingProperties Target="Sig1" xmlns="http://uri.etsi.org/01903/v1.3.2#"><SignedProperties Id="SignP"/><UnsignedProperties/></QualifyingProperties></ds:Object></ds:Signature></PurchaseOrder>

  I believe the problem is that you are not explicitly adding the xades namespace
  attribute to the SignedProperties element before generating the signature. Thus,
  the namespace attribute is not visible when canonicalizing, but when you serialize the
  DOM tree to an output stream, (for reasons I'm not entirely sure why), the namespace
  attribute is visible and is added to the SignedProperties element, which breaks the
  signature.
  You must always explicitly add namespace attributes using the Element.setAttributeNS
  method. Try changing the following code from:
  Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
  to:
  Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
  SPElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", xadesNS);

• Once a form has been signed with a digital signature, why can't you insert a bookmark?

  We are using Adobe 9 on Windows XP, I'm not sure what the forms are created in.
  I understand why you wouldn't allow a form to be changed once it's been signed digitally (because the person is attesting to the contents as they are when the person signed the form). I don't understand why we can't add bookmarks to pages in the form? The bookmark technically is a change but not a substantive change to the form. Is there a way to add links to places in the form after a digital signature has been created?

  Hi Christic3,
  This is a bit geeky, but here goes. Think of the PDF file in two layers (there are really more, but we'll keep it at two for simplicity). The bottom layer is the PDF content such as fonts, structure tags, and pages. The top layer is form data and comments (aka annotations). When you sign the PDF you sign everything (both layers), but the only allowable changes to the file are additions to the top layer. You can add form data and comments, but you cannot modify anything in the bottom layer without breaking existing signatures. In fact, you can't change (by change I mean modify or delete) anything on the top layer either, but you can add new (unsigned) items.
  Bookmarks are part of the underlying PDF structure. Because they are as integral to the underlying structure as anything else, the ability to modify the bookmarks is locked after signing, otherwise it would be too easy to break the signature.
  Steve

• Digital Signatures for PM orders

  Hi!
  Requirement: I am supposed to implement the usage of Digital Signatures in PM orders. The requirement is such that every time a PM Order is created, a couple of users must sign it off using digital signatures with the user's logon password. Similar operations must be done when the order is to be changed etc.
  So, to achieve this, I followed the SAP AG Digital Signature Rel 6.2 Implementation Guide Ver3.0 . In a sample report as illustrated in the guide I used the objects cl_ds_runtime if_ds_runtime and if_ds_sign etc.
  I followed all the steps listed there and right now through my report I am able to get a popup where the user has to enter his password and if he does not ti throws an error message. So far so good.
  Now, my assumption is this: I will have to write a similar code and call the DS tool (these classes etc.)  and make the user digitally sign the order through an enhancement. Am I correct in my understanding? Also Is there any other simpler way to achieve this? Currently the break point is not getting triggered in the only exit that seems to be available for this transaction.
  Also, I created a set of signatures using ELSIG00 and Authorization Groups using ELSIG01. How do I assign these to the USERS? Otherwise the creation of these authorization groups and assigning of the individual signatures etc. would be rather pointless.
  Any help would be greatly appreciated. I am kind of under a tight deadline and have gone through a lot of docs.
  Needless to say points will be awarded for helpful answers.
  Thanks a lot.
  Regards,
  Ramkumar.
  Message was edited by:
          Ramkumar Venkatasubramanian

  I am not sure as how would get it. Please try in this way and we use it.
  The signatures are scanned and are uploaded in SAP as a image file and are called back into the program as an image based on the required conditions.
  I mean similar as the logo works.
  Shreekant

• Applying Digital signature for SFTP protocal

  Hi,
  There is an requirement in the project that transfer of digital signatured document from client FTP site to the Bank FTP site. I have implemented the solution for tansfer of any document from client FTP site to bank FTP site. However not have any clue on how to apply digital signature before transferring using SFTP protocal.
  I have gone through b2b guide and found that We can apply digital signature and message encryption for only AS1/2, ebMS-1.0/2.0 and RosettaNet-01.10/V02.00 Protocols. Security tab is enabled when we select the above protocols only.
  Please shed some light on how to provide the solution for this requirement.
  Regards,
  Anjana

  Hi Anuj,
  Thanks for responding.
  I have implemeted simple java program which creates file with some data-> created jar file. Confgured the Transport callout by by assoicating the callout name under SFTP channel->channel attributes etc..
  I tried to test it, java program was able to generate the file succssfully but on reports section in b2b, message is errored out wih the error of Error Code B2B-50079
  Error Description Machine Info: (odcdevsoa01.ohdc.com) Transport error: Transport callout error.
  public class fileCallOut implements Callout {
  public void execute(CalloutContext calloutContext, List input,
  List output) throws CalloutDomainException,
  CalloutSystemException {
  FileOutputStream fos = null;
  File outFile = new File("/u01/tempFileLoc/callout.txt");
  CalloutMessage cmIn = (CalloutMessage)input.get(0);
  try {
  String str = "But soft! what code in yonder program breaks?";
  fos = new FileOutputStream(outFile);
  Writer out = new OutputStreamWriter(fos);
  out.write(str);
  out.close();
  } catch (Exception e) {}
  Since it is simple java program, Can you please help me in identifying the issue where went wrong here.
  Regards,
  Anjana

• Java XML Digital Signature API, how to sign different files

  Hello,
  I need to sign several files: binary and/or xml (in some cases just part of xml), and to implement digitla signatures in xAdes standard. So I'm looking to use Java XML Digital signature API, but can't find any examples, that would cover issues I encountered:
  How to sign binary file?
  Just to sign some simple "aaa.png" file and have it's signature in XML. How in right way to create referece?
  (should it be something like: Reference ref = fac.newReference("aaa.png", fac.newDigestMethod(DigestMethod.SHA1, null), null, null, null); )
  And how to pass file for signing? what to add/change to this code:
  Document doc = dbf.newDocumentBuilder().parse(new FileInputStream("aaa.png"));
  DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
  (I have only found some information about needing to "dereference" or so - but no examples, how to make things work.)
  How to sing several different files?
  As I wrote before, several files needs to be signed, but in all examples, it's only one Document object (and only one file), how/where to add more files and if API will be capable to deal with such thing?
  In one of examples what I have to achive was such code:
  <Reference URI="aaa.png" xmlns="http://www.w3.org/2000/09/xmldsig#">
  <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
  <DigestValue>8rl/xzjAnE4yQQ2LTBvFTU2JH+c=</DigestValue>
  </Reference>
  If I do write code like: "fac.newReference("aaa.png", <...> );
  I'll get an error during signing: signature.sign(dsc);
  *"java.net.MalformedURLException: no protocol: aaa.png"*
  How to avoid this?
  Also, from exmaple (what to reach) above:
  <Reference URI="aaa.png" xmlns="http://www.w3.org/2000/09/xmldsig#">
  There is additional attribute "xmlns=<...>" - the question is if it is possible to add it by XMLSignatureFactory.newReference ?
  Java API adds a lot of prefixes "ds:" , like:
  <...>
  <ds:Reference URI="file:/D:/try5/SignableMetadata0.xml">
  <ds:Transforms>
  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
  </ds:Transforms>
  <...>
  Is it possible to avoid them?
  Any help on any of these questions would be very appreciated

  Hi,
  I would like to sign a specific part of a xml message [Only the contents under the <Buyer> tag]. I have also pasted the code which i used to do this. I am getting an output xml after the xml is signed, but when I validate the xml , the xml is valid even after I change the xml contents. Could you pls tell me what I am doing wrong here. I want to know whether the xpath implementation which I have done is correct.
  <?xml version="1.0" encoding="UTF-8"?>
  <PurchaseOrder>
  <Item number="130046593231">
  <Description>Video Game</Description>
  <Price>10.29</Price>
  </Item>
  *<Buyer id="8492340">*
  *<Name>My Name</Name>*
  *<Address>*
  *<Street>One Network Drive</Street>*
  *<Town>Burlington</Town>*
  *<State>MA</State>*
  *<Country>United States</Country>*
  *<PostalCode>01803</PostalCode>*
  *</Address>*
  *</Buyer>*</PurchaseOrder>
  // The code which i have used to perform the xpath transformation.
            XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
       XPathFilterParameterSpec xpathFilter = new XPathFilterParameterSpec("PurchaseOrder/Buyer");
            javax.xml.crypto.dsig.Reference ref = fac.newReference
            ("", fac.newDigestMethod(DigestMethod.SHA1, null),
            Collections.singletonList
            (fac.newTransform
            (Transform.XPATH, xpathFilter)),
            null, null);
            SignedInfo si = fac.newSignedInfo
            (fac.newCanonicalizationMethod
            (CanonicalizationMethod.INCLUSIVE,
            (C14NMethodParameterSpec) null),
            fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
  Collections.singletonList(ref));
  // Load the KeyStore and get the signing key and certificate.
       KeyStore ks = KeyStore.getInstance("JKS");
       char[] password = "changeme".toCharArray();
       ks.load(new FileInputStream("c:\\KeyStore"), password);
       KeyStore.PrivateKeyEntry keyEntry =
       (KeyStore.PrivateKeyEntry) ks.getEntry
       ("EISKeys", new KeyStore.PasswordProtection(password));
       X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
       // System.out.println("X509Certificate:"+cert);
       // Create the KeyInfo containing the X509Data.
       KeyInfoFactory kif = fac.getKeyInfoFactory();
       List x509Content = new ArrayList();
       x509Content.add(cert.getSubjectX500Principal().getName());
       x509Content.add(cert);
       X509Data xd = kif.newX509Data(x509Content);
       KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
       // Instantiate the document to be signed.
       DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
       dbf.setNamespaceAware(true);
       Document doc = dbf.newDocumentBuilder().parse
       (new FileInputStream("C:\\Life2012\\DigSign\\ACORD_Request.xml"));
       NodeList rootChildList = doc.getDocumentElement().getChildNodes();
       Node bodyNode = null;
       for(int i=0;i<rootChildList.getLength();i++){
            if("Buyer".equalsIgnoreCase(rootChildList.item(i).getLocalName())){
                 bodyNode = rootChildList.item(i);
                 System.out.println("Body Node is obtained"+bodyNode);
                 break;
       // Create a DOMSignContext and specify the RSA PrivateKey and
       // location of the resulting XMLSignature's parent element.
       //DOMSignContext dsc = new DOMSignContext
       // (keyEntry.getPrivateKey(), doc.getDocumentElement());
            // Sign only the body node
       DOMSignContext dsc = new DOMSignContext
       (keyEntry.getPrivateKey(), bodyNode);
       // Create the XMLSignature, but don't sign it yet.
       XMLSignature signature = fac.newXMLSignature(si, ki);
       // Marshal, generate, and sign the enveloped signature.
       signature.sign(dsc);

• How do I add a digital signature to Word 2011?

  I am at a loss at to adding a digital signature to Word 2011 docs on my macbook pro, any ideas???

  Formscentral does not support forms with digital signature workflows. I suggest you see if our Echosign product meets your needs.

• Issue in Java concurrent program for Digital Signature Stamping

  Hi All,
  Im calling a Java concurrent program which does digital signature stamping on the PDF report generated.Program able to able to read the PDF file as input and also digital signature stored as file in the application but
  ends in error in create signature method , need help in this regard.
  Error:
  Parameter 0 is Request id of with out Digital signature file
  Parameter 1 is employee id of approver
  Parameter:0:99203256
  Parameter:1:1414603
  $$$$ start query fileinfo with callable statment
  programName>>>>>>>>BTPOPORPXML
  $$$$ Without digital Signature file Name $$$
  $/inst_top/finprod/apps/FINPROD_CPNQERPAAPZP10/logs/appl/conc/out/BTPOPORPXML_99203256_1.PDF
  PFX File Reading Start
  PFX File Reading Ends
  PFX File size is: 6460 Byte size is: 6460
  Elements present
  java.lang.NullPointerException
  at
  com.lowagie.text.pdf.PdfSignatureAppearance.getAppearance
  (Unknown Source)
  at
  com.lowagie.text.pdf.PdfSignatureAppearance.preClose
  (Unknown Source)
  at
  com.lowagie.text.pdf.PdfSignatureAppearance.preClose
  (Unknown Source)
  at com.lowagie.text.pdf.PdfStamper.close(Unknown
  Source)
  at
  btvl.oracle.apps.po.digsig.BTVLDigSign.runProgram
  (BTVLDigSign.java:151)
  at oracle.apps.fnd.cp.request.Run.main
  (Run.java:157)
  Edited by: 999033 on May 16, 2013 7:20 PM

  Hi Charls,
  I have successfully implemented at our end in 11i. Pl.try at your end.
  v_request_id := FND_REQUEST.SUBMIT_REQUEST (passed your arguments... );
  COMMIT;
  IF NVL( v_request_id , 0 ) = 0 THEN
  DBMS_OUTPUT.PUT_LINE( 'Item Assignment to Organization Program Not Submitted');
  p_status := 'FAILURE' ;
  p_err_msg := 'ERROR RAISED AFTER SUBMITTING THE IMPORT ITEM ORG.ASSIGNMENT CONCURRENT REQUEST ... ' ;          
  ELSE
  v_finished := FND_CONCURRENT.WAIT_FOR_REQUEST
  request_id => v_request_id,
  interval => 0,
  max_wait => 0,
  phase => v_phase,
  status => v_status,
  dev_phase => v_request_phase,
  dev_status => v_request_status,
  message => v_message
  LOOP
  EXIT WHEN ( UPPER(v_request_phase) = 'COMPLETE' OR v_phase = 'C');
  END LOOP;
  HTH                    
  Sanjay