TUTORIALS

Advanced jPDF Signer

As easy as 1, 2, 3...

Supporting legacy signature formats

When Digital Signatures were added to the PDF 1.2 format the only supported format was PKCS1. Later on, Adobe extended support for the industry standard PKCS7 format - which is now used by default with all Adobe tools.

To date, there are three different formats to encode a given signature inside a PDF. Each of these formats has an equivalent in the object com.crionics.jpdf.Preferences

Algo Name	jPDF API equivalent	PDF Filter generated
PKCS1	com.crionics.jpdf.Preferences.SIGN_LEGACY	x509.xxx
PKCS7	com.crionics.jpdf.Preferences.SIGN_COMPATIBLE	pkcs7.detached
PKCS7.sha1	com.crionics.jpdf.Preferences.SIGN_WINDOWS	pkcs7.sha1

jPDF Signer knows how to generate all of these formats. By default it uses the industry standard PKCS7 format ... but by changing a setting in the preferences, you can easily switch to a different type.

The example below shows how to force the engine to use a different format. The example is really simple: it creates a new document with a blank page and signs it.

PdfDocument doc = new PdfDocument();

// Instruct the signer to use PKCS1 Legacy signatures:
Preferences prefs = new Preferences();
prefs.setSignatureType(Preferences.SIGN_LEGACY);
doc.setWriterPreferences(prefs);

// Create a dummy page:
doc.getCreatorModule().createPage();

// Load the key store:
char[] pkcs12Password = "mypassword".toCharArray();
KeyStore ks = loadKeyStore(pkcs12Password);

// Get the private key:
String keyAlias = "rsaentry1";
PrivateKey key = (PrivateKey) ks.getKey(keyAlias, pkcs12Password);
Certificate[] certs = ks.getCertificateChain(keyAlias);

// Sign the document:
SignerModule sm = doc.getSignerModule();
SignatureField signature = sm.createSignature("mySignature", key, certs);

// Save the document:
doc.saveAs(resultFile);
doc.close();