S/MIME with Detached Signature
Can anyone provide an example of how to create a PKCS#7 S/MIME message with detached signature (content-type: application/pkcs7-signature)
Thanks
Indeed Barney-15E. On receiving a signed (not encrypted) email I knew I had the correct certificate but still could not reply using encryption. Then I discovered that Mail would select the correct (latest) certificate to sign email but the address book picked a different (earlier, although not expired) certificate to match the email address of the recipient.
After removing the 2 incorrect certificates from the keychain the address book picked the correct certificate to show and Mail would be able to send encrypted messages once again. I reproduced this behavior on two different Macs (using same keys though).
My advice would be to look for discrepancies in the certificate shown by the address book.
Similar Messages
-
Hi,
Im trying to verify the PKCS& detached signature.. Verification is working fine. But if i try to alter or delete certian characters in my signature file its still saying verification success can anybody have a look at this code and help me to sort out this issue. Is there any other way with which i can verify the signature.
Here is the code:
import java.security.Security;
import java.io.*;
import org.bouncycastle.jce.PKCS7SignedData;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.util.Arrays;
import java.util.*;
import java.text.SimpleDateFormat;
import java.util.Iterator;
import java.util.List;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.io.FileInputStream;
import javax.security.auth.x500.X500Principal;
import java.lang.*;
import java.io.PrintWriter;
import java.security.cert.*;
import java.util.Vector;
import java.lang.*;
import java.io.IOException;
import java.util.Collection;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
class VerifyP7s {
public static void main(String args[]) {
if (args.length < 2)
usage();
//Plug the Provider into the JCA/JCE
Security.addProvider(new BouncyCastleProvider());
FileInputStream freader = null;
//------ Get the content data from file -------------
File f = new File(args[1]) ;
int sizecontent = ((int) f.length());
byte[] bytes = new byte[sizecontent];
try {
freader = new FileInputStream(f);
System.out.print("\nContent Bytes: " + freader.read(bytes, 0, sizecontent));
freader.close();
catch(IOException ioe) {
System.out.println(ioe.toString());
return;
//------ Get the pkcs #7 data from file -------
File p7s = new File(args[0]) ;
int size = ((int) p7s.length());
byte[] bytessig = new byte[size];
try {
freader = new FileInputStream(p7s);
System.out.println(" PKCS#7 bytes: " + freader.read(bytessig, 0, size));
freader.close();
catch(IOException ioe) {
System.out.println(ioe.toString());
return;
// --- Use Bouncy Castle provider to attempt verification of p7s ---
if(isBase64Encoded(bytessig)){
System.out.println("Signature file is BASE64 encoded") ;
try{
sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder() ;
byte[] bdecoded = dec.decodeBuffer(new String(bytessig));
if (isVerified(bdecoded, bytes))
System.out.println("Verified pkcs#7 data: \"" + args[0] + "\" as BASE64-encoded DER file\n" +
"against content file \"" + args[1] + "\"") ;
else
System.out.println("Failed to verify " + args[0] + " as valid pkcs#7 detached signature.");
catch(Exception exc) {
System.out.println("Failed to verify " + args[0] + " as valid pkcs#7 detached signature.");
return;
else { //if NOT base64 encoded
if (isVerified(bytessig, bytes))
System.out.println("Verified pkcs#7 data: \"" + args[0] + "\" as binary DER file\n" +
"against content file \"" + args[1] + "\"") ;
else
System.out.println("Failed to verify " + args[0] + " as valid pkcs#7 detached signature.");
private static byte[] toUnicode(byte[] bytes) {
byte[] ucbytes = new byte[2*bytes.length];
for (int j = 0; j< bytes.length; j++) {
ucbytes[2*j] = bytes[j];
ucbytes[2*j+1] = 0x00; //null byte for UNICODE encoding
return ucbytes;
private static final boolean isVerified(byte[] sig, byte[] content) {
try{
PKCS7SignedData pkcs7 = new PKCS7SignedData(sig);
pkcs7.update(content, 0, content.length); // Update checksum
boolean verified = pkcs7.verify(); // Does it add up?
if(!verified) { //see if original data was UNICODE byte encoding
//System.out.println("Original byte content not verified.\nTrying UNICODE encoding ...");
pkcs7 = new PKCS7SignedData(sig);
pkcs7.update(toUnicode(content), 0, 2*content.length);
verified = pkcs7.verify();
if(verified){
System.out.println("\nUNICODE-encoding of signed content was verified.");
return true;
else
//System.out.println("\nCould NOT verify signed detached content");
return false;
else
System.out.println("ANSI-encoding of signed content was verified.");
return true ;
catch(java.security.cert.CRLException crle) {
//System.out.println("crl " + crle.toString());
return false;
catch(java.security.SignatureException sigex) {
//System.out.println("sigexcept " + sigex.toString());
return false;
catch(Exception secex) {
//System.out.println("other exception " + secex.toString());
return false;
private static final boolean isBase64Encoded(byte[] data) {
Arrays.sort(Base64Map);
for (int i=0; i<data.length; i++){
//System.out.println("data[" + i + "] " + (char)data) ;
if( Arrays.binarySearch(Base64Map, (char)data)<0
&& !Character.isWhitespace((char)data) )
return false;
return true;
public String printX509Cert(X509Certificate cert){
try{
String discrt = cert.getPublicKey().toString();
return discrt;
catch(Exception exception)
System.err.println("Exception is: "+exception.getMessage());
String ex = exception.getMessage();
return ex;
private static char[] Base64Map =
{ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
'w', 'x', 'y', 'z', '0', '1', '2', '3',
'4', '5', '6', '7', '8', '9', '+', '/', '='
private static void usage() {
System.out.println("Usage:\n java VerifyP7s <pkcs #7 signature file> <contentfile> ") ;
System.exit(1);
Here is my signature file:
MIIEoAYJKoZIhvcNAQcCoIIEkTCCBI0CAQExDjAMBggqhkiG9w0CBQUAMAsGCSqGSIb3DQEHAaCC
A3kwggN1MIICXaADAgECAhBjffJNbUvAx4VWV4qkdNLGMA0GCSqGSIb3DQEBBAUAMDExETAPBgNV
BAoTCFNJRlkgTHRkMRwwGgYDVQQDExNTSUZZIEx0ZCBQcml2YXRlIENBMB4XDTA0MDcyNjAwMDAw
MFoXDTA1MDcyNjIzNTk1OVowgZwxETAPBgNVBAoUCFNJRlkgTHRkMSIwIAYDVQQLFBlIdW1hbiBS
ZXNvdXJjZSBEZXBhcnRtZW50MRswGQYDVQQLFBJFbXBsb3llZUlEIC0gU0YwNjcxGzAZBgNVBAMT
ElN1ZGVlcCBLdW1hciBQLiBLLjEpMCcGCSqGSIb3DQEJARYac3VkZWVwa3VtYXJAc2FmZXNjcnlw
dC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANGOpSIhZEDQ5Z6cxLMpZssi5WWdD0h7
kFWkbXPQk842HqCBFPcClUUWWeT/LJ10VCC9Ff0KrI5lviGl9umnVW+LeCYiI/ksnea/p7tKfOgN
NO+UBoJ4PE5XnUEq03CFWdHhGNfukNqWZiMC+bUX8e6+blFU/6ipUtHmIkIrlNZBAgMBAAGjgaAw
gZ0wCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEQYJYIZIAYb4QgEBBAQDAgeAMF0GA1UdHwRWMFQw
UqBQoE6GTGh0dHA6Ly9vbnNpdGVjcmwuc2FmZXNjcnlwdC5jb20vU0lGWUx0ZEh1bWFuUmVzb3Vy
Y2VEZXBhcnRtZW50L0xhdGVzdENSTC5jcmwwEQYKYIZIAYb4RQEGCQQDAQH/MA0GCSqGSIb3DQEB
BAUAA4IBAQBpFEGmTHOSfA/SkeC/bvZE3sYpBU0+RG8iSm+DTbP5tiCyWT+L0AidTWDk0ZuXz7yA
eF9NR0OZyxp3/v+OQYn3Q0a1awe+JKnDCD+zayehcPbvD+q79WYHO5Ibm5UA2VnGoBbV3CDhj1qC
lCyqllEKVWk11iB6wu24PzB31uARxkar3cynFNX4P6nxy6vb83W/Wnt8eOMQHI2SiVvJtjU5SwL6
ILrkZfrm7NLcCQY2w7w4/WeFgeb2Ko8hYHSRyvJWwBUyv2ExDGnv0eqHJn6HC+4IE8wzirWre0jY
Y0529u3MfIL0F7lrkuwYnpVa3zE/b2HwCaMrN+TuY/oNkf2YMYHtMIHqAgEBMEUwMTERMA8GA1UE
ChMIU0lGWSBMdGQxHDAaBgNVBAMTE1NJRlkgTHRkIFByaXZhdGUgQ0ECEGN98k1tS8DHhVZXiqR0
0sYwDAYIKoZIhvcNAgUFADANBgkqhkiG9w0BAQEFAASBgDUpkV5Zpi781vTmtydAdOVJ7cecnQ9v
8fdTZwMgz56Q3ZI0pj6+60e8lIafO3mo596eCF2mBsZm2wEO1PhnXPKAQFXWIseDp0GVdmwTp1tH
M2e9fC2bOppNhBKkpZAr26PE6/BIDittE1rM8nJOa+9lzJcDCBBpJM3MdlHjY+8v
My Content file is:
<table width=100%><TR align=center><TH COLSPAN=3>Transfer Funds Request</TH></TR><TR><TD ALIGN=RIGHT><FONT COLOR="#0000FF" SIZE=-1 FACE="Courier">TRANSFER FROM</FONT></TD><TD>..........</TD><TD><FONT SIZE=-1 FACE="Courier"><B>Money Market</B></FONT></TD></TR><TR><TD ALIGN=RIGHT><FONT COLOR="#0000FF" SIZE=-1 FACE="Courier">TRANSFER TO</FONT></TD><TD>..........</TD><TD><FONT SIZE=-1 FACE="Courier"><B>Cash</B></FONT></TD></TR><TR><TD ALIGN=RIGHT><FONT COLOR="#0000FF" SIZE=-1 FACE="Courier">AMOUNT</FONT></TD><TD>..........</TD><TD><FONT SIZE=-1 FACE="Courier"><B>/ \ & \n</B></FONT></TD></TR></table><BR>I am authorizing the transfer of the above funds <B>by digitally signing </B> this request.
Thanx in advance.Your PKCS#7 signature file is dumped by DUMPASN1 as follows:
The verifying code only checks the public key against the data.
If you change some byte of the PKCS#7 data that can "blow up" the ASN.1 structures, you cannot get the public key, so the data would not be verified OK.
But if you change some other byte in the PKCS#7 signature data, it could change some things that are not important to ASN.1 Parsing, like changing 'Human Resource Department' to 'Departamentos de Recursos' that is a string with the same length. So as you don't changed the Public key bytes it's all OK.
If you are concerned about PKCS#7 signature file modification, you can try verifying the signer certificates inside - an additional step, but not difficult to do.
0 30 1184: SEQUENCE {
4 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
15 A0 1169: [0] {
19 30 1165: SEQUENCE {
23 02 1: INTEGER 1
26 31 14: SET {
28 30 12: SEQUENCE {
30 06 8: OBJECT IDENTIFIER md5 (1 2 840 113549 2 5)
40 05 0: NULL
42 30 11: SEQUENCE {
44 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
55 A0 889: [0] {
59 30 885: SEQUENCE {
63 30 605: SEQUENCE {
67 A0 3: [0] {
69 02 1: INTEGER 2
72 02 16: INTEGER
: 63 7D F2 4D 6D 4B C0 C7 85 56 57 8A A4 74 D2 C6
90 30 13: SEQUENCE {
92 06 9: OBJECT IDENTIFIER
: md5withRSAEncryption (1 2 840 113549 1 1 4)
103 05 0: NULL
105 30 49: SEQUENCE {
107 31 17: SET {
109 30 15: SEQUENCE {
111 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
116 13 8: PrintableString 'SIFY Ltd'
126 31 28: SET {
128 30 26: SEQUENCE {
130 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
135 13 19: PrintableString 'SIFY Ltd Private CA'
156 30 30: SEQUENCE {
158 17 13: UTCTime 26/07/2004 00:00:00 GMT
173 17 13: UTCTime 26/07/2005 23:59:59 GMT
188 30 156: SEQUENCE {
191 31 17: SET {
193 30 15: SEQUENCE {
195 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
200 14 8: TeletexString 'SIFY Ltd'
210 31 34: SET {
212 30 32: SEQUENCE {
214 06 3: OBJECT IDENTIFIER
: organizationalUnitName (2 5 4 11)
219 14 25: TeletexString 'Human Resource Department'
246 31 27: SET {
248 30 25: SEQUENCE {
250 06 3: OBJECT IDENTIFIER
: organizationalUnitName (2 5 4 11)
255 14 18: TeletexString 'EmployeeID - SF067'
275 31 27: SET {
277 30 25: SEQUENCE {
279 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
284 13 18: PrintableString 'Sudeep Kumar P. K.'
304 31 41: SET {
306 30 39: SEQUENCE {
308 06 9: OBJECT IDENTIFIER
: emailAddress (1 2 840 113549 1 9 1)
319 16 26: IA5String '[email protected]'
347 30 159: SEQUENCE {
350 30 13: SEQUENCE {
352 06 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
363 05 0: NULL
365 03 141: BIT STRING, encapsulates {
369 30 137: SEQUENCE {
372 02 129: INTEGER
: 00 D1 8E A5 22 21 64 40 D0 E5 9E 9C C4 B3 29 66
: CB 22 E5 65 9D 0F 48 7B 90 55 A4 6D 73 D0 93 CE
: 36 1E A0 81 14 F7 02 95 45 16 59 E4 FF 2C 9D 74
: 54 20 BD 15 FD 0A AC 8E 65 BE 21 A5 F6 E9 A7 55
: 6F 8B 78 26 22 23 F9 2C 9D E6 BF A7 BB 4A 7C E8
: 0D 34 EF 94 06 82 78 3C 4E 57 9D 41 2A D3 70 85
: 59 D1 E1 18 D7 EE 90 DA 96 66 23 02 F9 B5 17 F1
: EE BE 6E 51 54 FF A8 A9 52 D1 E6 22 42 2B 94 D6
: [ Another 1 bytes skipped ]
504 02 3: INTEGER 65537
509 A3 160: [3] {
512 30 157: SEQUENCE {
515 30 9: SEQUENCE {
517 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
522 04 2: OCTET STRING, encapsulates {
524 30 0: SEQUENCE {}
526 30 11: SEQUENCE {
528 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
533 04 4: OCTET STRING, encapsulates {
535 03 2: BIT STRING 5 unused bits
: '101'B
539 30 17: SEQUENCE {
541 06 9: OBJECT IDENTIFIER
: netscape-cert-type (2 16 840 1 113730 1 1)
552 04 4: OCTET STRING, encapsulates {
554 03 2: BIT STRING 7 unused bits
: '1'B (bit 0)
558 30 93: SEQUENCE {
560 06 3: OBJECT IDENTIFIER
: cRLDistributionPoints (2 5 29 31)
565 04 86: OCTET STRING, encapsulates {
567 30 84: SEQUENCE {
569 30 82: SEQUENCE {
571 A0 80: [0] {
573 A0 78: [0] {
575 86 76: [6]
: 'http://onsitecrl.safescrypt.com/SIFYLtdHumanReso'
: 'urceDepartment/LatestCRL.crl'
653 30 17: SEQUENCE {
655 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 6 9'
667 04 3: OCTET STRING, encapsulates {
669 01 1: BOOLEAN TRUE
672 30 13: SEQUENCE {
674 06 9: OBJECT IDENTIFIER
: md5withRSAEncryption (1 2 840 113549 1 1 4)
685 05 0: NULL
687 03 257: BIT STRING
: 69 14 41 A6 4C 73 92 7C 0F D2 91 E0 BF 6E F6 44
: DE C6 29 05 4D 3E 44 6F 22 4A 6F 83 4D B3 F9 B6
: 20 B2 59 3F 8B D0 08 9D 4D 60 E4 D1 9B 97 CF BC
: 80 78 5F 4D 47 43 99 CB 1A 77 FE FF 8E 41 89 F7
: 43 46 B5 6B 07 BE 24 A9 C3 08 3F B3 6B 27 A1 70
: F6 EF 0F EA BB F5 66 07 3B 92 1B 9B 95 00 D9 59
: C6 A0 16 D5 DC 20 E1 8F 5A 82 94 2C AA 96 51 0A
: 55 69 35 D6 20 7A C2 ED B8 3F 30 77 D6 E0 11 C6
: [ Another 128 bytes skipped ]
948 31 237: SET {
951 30 234: SEQUENCE {
954 02 1: INTEGER 1
957 30 69: SEQUENCE {
959 30 49: SEQUENCE {
961 31 17: SET {
963 30 15: SEQUENCE {
965 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
970 13 8: PrintableString 'SIFY Ltd'
980 31 28: SET {
982 30 26: SEQUENCE {
984 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
989 13 19: PrintableString 'SIFY Ltd Private CA'
1010 02 16: INTEGER
: 63 7D F2 4D 6D 4B C0 C7 85 56 57 8A A4 74 D2 C6
1028 30 12: SEQUENCE {
1030 06 8: OBJECT IDENTIFIER md5 (1 2 840 113549 2 5)
1040 05 0: NULL
1042 30 13: SEQUENCE {
1044 06 9: OBJECT IDENTIFIER
: rsaEncryption (1 2 840 113549 1 1 1)
1055 05 0: NULL
1057 04 128: OCTET STRING
: 35 29 91 5E 59 A6 2E FC D6 F4 E6 B7 27 40 74 E5
: 49 ED C7 9C 9D 0F 6F F1 F7 53 67 03 20 CF 9E 90
: DD 92 34 A6 3E BE EB 47 BC 94 86 9F 3B 79 A8 E7
: DE 9E 08 5D A6 06 C6 66 DB 01 0E D4 F8 67 5C F2
: 80 40 55 D6 22 C7 83 A7 41 95 76 6C 13 A7 5B 47
: 33 67 BD 7C 2D 9B 3A 9A 4D 84 12 A4 A5 90 2B DB
: A3 C4 EB F0 48 0E 2B 6D 13 5A CC F2 72 4E 6B EF
: 65 CC 97 03 08 10 69 24 CD CC 76 51 E3 63 EF 2F
: } -
AP Payment approvals with Digital Signature
Hi,
Below is the requirement for workflow in AP. Any guidance is greatly appreciated.
In the current Accounts Payable setup,SAP Check Print Form has CEOu2019s signature.
Checks get printed with CEO signature in one batch sorted by lowest to highest check amount. The accounting clerk pulls out all checks worth more than $50,000 and requests AP head to verify and stamp her signature on each of those checks.
The client wants a workflow in place which requires the checks which are greater than 50k to be routed to the inbox of AP Head for approval. Once AP head approves them, AP clerk should be able to print all checks together and checks above $50,000 should print with two signatures (CEO and AP Head). But the rest of the checks will be printed only with CEO's signature.
Note: There is no requirement to have communication with the bank.
Thank youHi,
This is not a standard WF.
Please search in the forums here for getting guidance. FSCM forum is certainly not the place to find answers.
Regards
Heinrich -
Loading Invoice XML IDoc with digital signature via XI into R/3
Hi,
I received an Invoice XML IDoc with digital signature via Mail (for test purposes) and want to load it via XI into an R/3 systeme.
My idea is to load the Invoice XML IDoc file via the File Sender Adapter into XI and send it to the R/3 system via the IDoc Inbound adapter.
Due to the digital signature the file looks like this:
0 S *H÷
D0 @ 1 0 + 0 ' *H÷
0 0 û etc.
When I load the file like this with the File Sender Adapter, an error message occurs in the XI Monitoring as the XML Parser cannot read the file due to the digital signatur (as expected).
Has anybody an idea how I can configure the File Sender Adapter Communication Channel to be able to load only the XML IDoc and ignore the digital Signature strings?
Thanks in advance for your support.
AlexBTW
do use the second way you need:
Security Settings for the Sender Mail Adapter
http://help.sap.com/saphelp_nw04/helpdata/en/27/c0524257a1b56be10000000a155106/content.htm
and
Key Storage Service
http://help.sap.com/saphelp_webas630/helpdata/DE/e9/a1dd44d2c83c43afb5ec8a4292f3e0/content.htm
apart from adapter module config
Regards,
michal -
Printing issue with Electronic Signatures
In the footer of my document, i place document properties and also use the captioning feature for tables and figures. I have saved it in native 2010 format not in a compatability mode.
When I print my document (paper or PDF) these fields print properly.
After I electronically sign the document and look at the document on the screen, the fields and caption numbers (Table 1-1: Intended Audience) appear correctly. When I print to PDF or paper, the numbers disappear (Table 1-: Intended Audience) and they
also disappear from the screen.
When I close the document and reopen it, the fields are correct. It only changes after the document prints.
Using Microsoft Office Professional Plus 2010 Version 14.0.6023.1000 (32-bit).
(--merging--)
The original document was a 2007 document opened/stored in the 2010 format.
Reproduced with new 2010 document simply by creating two properties:
Template Version - Test - Value 1.0
Template Date - Date - Value 1/25/2012
And doing the following:
Using the default Normal template with calibri as the font
Added a heading level 1 to the document
Added a 2x2 table with Insert Caption including the chapter number based on heading 1 below the table
Added the template version and template date as two lines on the page
Inserted a signature line
Created a footer with the template version, page number aligned center (via tab), template date alighted right (via tab)
Printed without signing and all data was present (Table 0-1: Test)
Signed the document and printed. The following was missing:
The template date in the footer.
The table label was Table 0-: Test
The template date was present in the middle of the documentHi,
Is this problem only affect Word program with Electronic Signatures?
Please try to test Printing with different printer drivers.
If the Word printing problem occurs only when you print documents with a certain font or a certain type of graphics image, try to print to another printer.
If no other printer is available, contact the manufacturer to find out whether there is an updated version of the driver or a different driver that works with your printer model.
You may also follow other methods in this KB article troubleshoot print issue in word:
http://support.microsoft.com/kb/826845
Best regards.
William Zhou
TechNet Community Support -
Problems with Digital Signatures
I have a pdf with multiple signature fields. When somebody signs it in 9.x everything is fine, but when somebody signs it in a version earlier than 9.0 it does not work. The signature fields do not even show up. Somebody signed the pdf in 8.x and sent it back to me. I opened in 9.x, and I could not see the signature fields. Is there a compability issue between these versions. The pdf contains javascript and is a dynamic pdf if that matters. Thanks in advance.
It works on my computer when I dropped the target version to 7.x. However, I don't know if it will work on a true 8.0 version of Acrobat. I have sent it to a person who has Version 8.x, and I will let you know how it works. When you change that target version does that mean it will be compatible with the version or later you set it to?
-
Workflow process with multiple signatures
Hi,
I have a form with 3 signatures. Initially, user will fill the form, sign it & submit it. Then it reaches manager with additional fields (comments & signature field). He will enter comments and sign it. Then it goes to HR and he signs it and the final form would go to employee with all the three signatures.
I tried implementing it this way.
1. User submits it as PDF.
2. Export XDP data from inputPDF in process using exportData service.
3. Use setValue service to change some flags. (this enables Manager fields to show on form)
4. Merge inputPDF with XDP using importData service.
5. Reader extend inputPDF document.
6. Inject FormBridge.
7. Assign Task (selected use a Document Variable)
Am I missing something in this process. I'm looking for a sample process who implemented this. This must be a generic requirement and I'm not finding it in any samples.
I want to upload my lca so that you can check where it went wrong. Please show me the pointers for uploading attachments in forums.
Any help is highly appreciated.
Thanks,
KrisHi Steve,
Sorry about that.
Problem - nothing is hapenning when I click submit button on workspace.
Without switching to XDP, how can we update the flags of xml? Because I have to make the manager fields visible based on flags when form goes to next level.
I tried this process and the signature is coming well on the form.
I'm looking for the missing piece. (I have process fields and form bridge on the form).
Kindly advise if there is a better practice in implementing these kind of scenarios.
Thanks,
Kris -
How to deal with digital signatures when converting messages?
Hi there,
this it not (yet) about the actual implementation. It's more of a logical problem that I'm facing.
There are two partners A and B. A is sending an EDIFACT document which is digitally signed to B.
B has a XI instance that is converting all incoming messages into IDocs, in this particular case INVOIC. This IDoc is received by the R/3 system.
All invoices must be archived due to an eventual tax inspection.
In order to fulfill the security requirements all archived data must be digitally signed.
So far so good.
I guess I'm not allowed to sign my invoices with my own private key due to the fact that i could alter the containing data and sign it again.
It's obvious that I cant apply the digital signature from the EDIFACT message to my IDoc because the data has changed and therefore the signature is invalid.
The only solution to this problem, that I can imagine, is to archive EDIFACT alongside IDoc.
Have you experienced a similar problem or do you have any other idea in order to solve this issue?
I hope my problem is well defined.
Any comment is appreciated.
Thanks in advance
Bastian StratmannHi Bastian,
it is not possible to separate the signature from the document signed.
The system A generates and EDIFACT message -> A has the responsibility on this message and so A sign it.
XI manipulate the message received from A, that means XI generates a new message. -> XI has the responsibility on it, so if you want a signature this should be generated by XI.
As the IDoc was generated by XI it cannot be signed by A (neither technically nor logically) because A has no responsibility on it.
XI <b>is</b> altering the message so XI is responsible for it.
In this case you have to store both the EDIFACT message and the IDOC and maybe sign this new document (EDIFACT+IDOC) with XI signature .
Kind Regards,
Sergio -
Problems with digital signatures (adobe reader)
I am a Government contractor that develops documents for my customer. We are in the process of ascertaining the viability of digital signatures. I have developed a signature form with Adobe Pro 9.0.
I have several issues. When someone digitally signs the document with their Common Acess Card (CAC), the warning appears "At least one signature has problems. Please fill out the form. If you are the form author, choose distribute form in the forms menu to send it to your recipients."
I tried using several options using the distribute section, and I am unable to make this part work. I truly need assistance with doing this correctly. I require that the signatures to be processed in sequence (#1, #2, #3, and then the approval signature). I did not comprehend that option in the distribute form section.
However, the recipients that use Adobe Acrobat Pro are able to sign the document when submitted to them (however, the prviously stated warning appears). If they use Adobe Reader, they are not able to sign the document.
Please help.
Is there anyone that can assist with the signature feature of Adobe Pro?
I would appreciate any suggestion/guidance.
One area that I don't understand is the feature where i 0send the form out for signature.What is your operating system?
If Windows, you have something in your registry that is pointing to drive K:
See if anything in here helps: http://helpx.adobe.com/creative-suite/kb/error-1327-invalid-drive-drive.html -
I am currently using classic asp and I need to fill out an existing pdf with data from the database. The form also contains two signatures. I just need to fill in the form, save it so I can email it to the the customer. I tried using the fdf toolkit - but my form has text fields that can be 20 characters or 4000. The multiline function in adobe forms isn't working correctly and it cuts it off when you print.
I could create the form in livecycle, and generate the data in xml, but I am so new to adobe, I don't know how to programatically load the file and save it to the server.
I have another program I've tried where I can generate fdf code I think it's fpdf (the php version that was changed to asp) - but I need to know how to generate a digital signature.
I've tried pdftk - I tried to merge the data with the signature - but ended up with permission issues.
I have been working on this problem for several weeks and could really use some help.Bill,
I'm trying to create a dynamic document using data from the database to generate the pdf, the pdf also needs to containg two signatures for signing. I've looked at every way possible to do this. Currently, my greatest success has come from using the fdf toolkit, but the sizing of the fields (could be 20 chars, could be 4000 chars) leaves me with a very ugly form.
The form I am using already contains the two signature blocks - but I am at a loss on how to populate a pdf form that resides on the webserver with data from the database.
Bill, can you help? -
PDF File with Digital Signature
I am opening a "PDF File with Digital Signature" using Adobe Acrobat Pro 9.
File gets opened.
Then i choose "Preflight: option for "Report PDF Syntax issues".
The following message is displayed:
"An error occured while parsing a contents stream. Unable to analyze the PDF file."
So whats the solution for this error?Hi,
I have uploaded the file on the specified link:
http://www.filefactory.com/file/b3g5h37/n/abc.pdf -
Having problems combining PDF files with electronic signatures...
I have Adobe Pro XI and I've been trying to combine numerous PDF files. They are each 2 pages and contain electronic signatures. When I attempt to combine them it appears to be working and then suddenly Adobe just closes with no error message or anything??
Think about it: You sign a document and then someone adds some pages to it
and pretends you signed those as well. You wouldn't what that to happen,
would you? Well, with digital signatures it can be prevented.
On Mon, Dec 8, 2014 at 10:39 PM, breeberry09 <[email protected]> -
Form with multiple signatures, each with sigDate, only one date fills
I have a form with two signature fields, Sig1 and Sig2. Each sig field has an associated date field Sig1Date and Sig2Date.
I have a Topaz signature pad, so the form users physically sign the document.
When the first signature is entered (in either Sig1 or Sig2), the associated date field autofills as expected.
When the second signature is entered the associiated date remains blank.
I have other forms from vendors with up to six signature fields, each with dates, where each date fills as the signatures are entered... what am I doing wrong?
Thank you.The problem must be in the way the form is constructed. There must be a JavaScript associated with your signature fields that autofill the date, and perhaps it is working on Sig1 but not on Sig2. If you sign the second signature field first, does its date field get populated? Do you know that other people are able to sign both fields in the same PDF and have both dates populated? I am sceptic about that. IMO this is more a question to the author of the PDF that you are signing.
-
Acrobat X... Used to be able to Certify with Visible signature, and still be able to search all text. Now some areas (text resembling tables) are no longer searchable. How can I fix this?
[discussion moved to Creating, Editing & Exporting PDFs forum]
-
How to create Web Service Client from wsdl with digital signature?
Please, help me to create Web Service Client from wsdl with digital signature. I know create Web Service client from wsdl file and I know how to add digital signature to XML with jwsdp, but I don't know how to do it together.
Thanks.I'm handling security wit JAX-WS handler. So I insert "manually" ws-security tag and I encrypt (and sign) message parts.
On client side, all works fine, but on server side I obtain:
---Server Inbound SOAP message---|#]
Decrypting message and rebuilding Valuees... |#]
Starting decrypt|#]
. dectypted.!
--found following string: <ns1:addiziona><num1>80</num1><num2>22222</num2></ns1:addiziona>|#]
...MESSAGE Restored.|#]
<?xml version="1.0" ?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ns1="http://calculator.me.org/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><soapenv:Body><ns1:addiziona><num1>80</num1><num2>22222</num2></ns1:addiziona></soapenv:Body></soapenv:Envelope>|#]
Error in decoding SOAP Message
Error in decoding SOAP Message
at com.sun.xml.ws.encoding.soap.server.SOAPXMLDecoder.toInternalMessage(SOAPXMLDecoder.java:89)
at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.toMessageInfo(SOAPMessageDispatcher.java:187)
at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher$SoapInvoker.invoke(SOAPMessageDispatcher.java:571)
at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.receive(SOAPMessageDispatcher.java:145)
at com.sun.xml.ws.server.Tie.handle(Tie.java:88)
at com.sun.enterprise.webservice.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:160)
at com.sun.enterprise.webservice.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:89)
at com.sun.enterprise.webservice.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:178)
at com.sun.enterprise.webservice.EjbWebServiceServlet.service(EjbWebServiceServlet.java:109)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at com.sun.enterprise.web.AdHocContextValve.invoke(AdHocContextValve.java:100)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:71)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
at com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:231)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:667)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:574)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:844)
at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287)
at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75)
Caused by: javax.xml.ws.soap.SOAPFaultException: Cannot find the dispatch method
at com.sun.xml.ws.encoding.soap.SOAPDecoder.raiseFault(SOAPDecoder.java:674)
at com.sun.xml.ws.encoding.soap.server.SOAPXMLDecoder.decodeDispatchMethod(SOAPXMLDecoder.java:152)
at com.sun.xml.ws.encoding.soap.SOAPDecoder.decodeBodyContent(SOAPDecoder.java:337)
at com.sun.xml.ws.encoding.soap.SOAPDecoder.decodeBody(SOAPDecoder.java:327)
at com.sun.xml.ws.encoding.soap.SOAPDecoder.decodeEnvelope(SOAPDecoder.java:250)
at com.sun.xml.ws.encoding.soap.server.SOAPXMLDecoder.toInternalMessage(SOAPXMLDecoder.java:81)
... 29 more
|#]
--->handleFault O_o<---|#]If you have any idea for solving my problem, then I can post my simple example :(
Bye!
Maybe you are looking for
-
Delete the Service entry sheet open item
Dear All, How to delete the open srevice entry sheet and how to get the open value of the open service entry sheet . Please give step by step along with the where the values will save . TAHNKS AND REG
-
I am getting a notice stating that my Iphoto Disk space is low
I am getting a notice stating that my Iphoto Disk space is low,what do I do.
-
Help with internet loading really slow
can anyone help me please my phone is a n95 8 gb and the net is so slow loading if it does at all sometimes even on my home broadband connection its slow any idears on how to speed it up please
-
Compile problem using TOMCAT 5.0 and Apache ANT
I got some sample from book. i just follow the step, place it the class file. it work. it run. show all the detail. but when i wan to compile it from java file, error came out type Exception report message description The server encountered an intern
-
I have just purchased a pay monthly subscription to Photoshop CS6, I had a bit of difficulty downloading it and then when I finally managed it I got a message saying that I had started a 30 day trial. Should I expect my membership not to work after 3