I want to digitally sign a PDF file using a certificate stored on a USB-token, HSM, etc. How do I use the private key stored on the USB token using JAVA?
77.2k 9 9 gold badges 117 117 silver badges 176 176 bronze badges asked Jul 8, 2013 at 5:07 rajuthoutu rajuthoutu 188 2 2 gold badges 2 2 silver badges 12 12 bronze badgesTo the iText self-reference, I'll add
Steps involved in Adding Digital Signature to a PDF File:
(I) Create Template PDFDocument :
Create PDFDocument with template signature:
PDSignature pdSignature; pdSignature.setByteRange(new int[]); pdSignature.setContents(new byte[n*1024]); where n is an integer, ie multiple of kbs.
Note: Content Size should be greater than or equal to sum of length of Signature and Certificate File.
(II) Update the Template PDF Docuement :
(a) Update /ByteRange[a b c d]:
(i) a= Offset of % in "%PDF"(=0, by default)
(ii) b= Offset of < in "/Contents"
(iii) c= Offset of > in "/Contents"
(iv) d= Offset of F in "%%EOF" minus c from above
(b) update xref section:
update the cross-reference table(xref section), that specifies the position of the objects and
(c) Update startxref section:
update startxref, which is the offset of start of cross-reference table(xref).
(III) Generate Digital Signature of the Updated Template Document:
Generate of the Updated Template Document Excluding the Temporary Signed Data ("000. 000) of "/Contents"
(IV) Update Content<> Section:
Substitute First/Initial "0"s of Signed Data length in "/Contents" with Signed Data (Enveloped) of template PDFFile.
Use SignatureInterface of PDFBox :
(a) implement SignatureInterface to call sign() method (b) supply the input, output files, keystore, alias, pin (c) do save incrment
(or) use any java pdf library (like iText. )
(or) Implement the Steps I-IV in java yourself.