Advanced jPDF Signer

Supporting legacy signature formats

When Digital Signatures were added to the PDF 1.2 format the only supported format was PKCS1. Later on, Adobe extended support for the industry standard PKCS7 format - which is now used by default with all Adobe tools.

To date, there are three different formats to encode a given signature inside a PDF. Each of these formats has an equivalent in the object com.crionics.jpdf.Preferences

• Algorithm Name: PKCS1
• jPDF API equivalent: com.crionics.jpdf.Preferences.SIGN_LEGACY
• PDF Filter generated: x509.xxx (depends on the key format rsa or dsa)

• Algorithm Name: PKCS7
• jPDF API equivalent: com.crionics.jpdf.Preferences.SIGN_COMPATIBLE
• PDF Filter generated: pkcs7.detached

• Algorithm Name: PKCS7.sha1
• jPDF API equivalent: com.crionics.jpdf.Preferences.SIGN_WINDOWS
• PDF Filter generated: pkcs7.sha1

jPDF Signer knows how to generate all of these formats. By default it uses the industry standard PKCS7 format ... but by changing a setting in the preferences, you can easily switch to a different type.

The example below shows how to force the engine to use a different format. The example is really simple: it creates a new document with a blank page and signs it.

PdfDocument doc = new PdfDocument();

// Instruct the signer to use PKCS1 Legacy signatures:
Preferences prefs = new Preferences(); 
prefs.setSignatureType(Preferences.SIGN_LEGACY);

doc.setWriterPreferences(prefs); 

// Create a dummy page:
doc.getCreatorModule().createPage(); 

// Load the key store:
char[] pkcs12Password = "mypassword".toCharArray();
KeyStore ks = loadKeyStore(pkcs12Password);

// Get the private key:
String keyAlias = "rsaentry1";
PrivateKey key = (PrivateKey)
ks.getKey(keyAlias, pkcs12Password);

Certificate[] certs = ks.getCertificateChain(keyAlias); 

// Sign the document:
SignerModule sm = doc.getSignerModule();
SignatureField signature =
sm.createSignature("mySignature", key, certs);

// Save the document:
doc.saveAs(resultFile);
doc.close();