Search code examples
javapdfdigital-signaturetrusted-timestamp

Digitally Sign and timestamp a PDF in java

I would like to attach a digital signature to a PDF file in Java and then timestamp this file with a trusted timestamp authority.

How do I do this?

Solution

  • Export your digital certificate with private key to a pfx file.

    Using iText with BouncyCastle:

    Document document = new Document();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
PdfWriter.getInstance(document, baos);
document.open();
document.add(new Paragraph("Hello World!"));
document.close();


    PdfReader reader = new PdfReader(baos.toByteArray());
    OutputStream os = new FileOutputStream("c:\\temp\\sign\\test.pdf");
    PdfStamper stamper = PdfStamper.createSignature(reader, os, '\0');

    // Creating the appearance
    PdfSignatureAppearance appearance = stamper.getSignatureAppearance();
    appearance.setReason("REASON");
    appearance.setLocation("LOCATION");

    appearance.setVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig");

    Security.addProvider(new BouncyCastleProvider());

    FileInputStream fis = new FileInputStream("c:\\ssl\\test.pfx");
    String password = "myPassword";

    KeyStore ks = KeyStore.getInstance("pkcs12");
    ks.load(fis, password.toCharArray());
    String alias = ks.aliases().nextElement();

    PrivateKey pk = (PrivateKey) ks.getKey(alias, password.toCharArray());
    X509Certificate cert = (X509Certificate) ks.getCertificate(alias);

    TSAClient tsc = new TSAClientBouncyCastle("http://timestampserverURL/");
    ExternalDigest digest = new BouncyCastleDigest();
    ExternalSignature signature = new PrivateKeySignature(pk, "SHA-1", "BC");
    MakeSignature.signDetached(appearance, digest, signature, new Certificate[] { cert }, null, null, tsc, 0,
            CryptoStandard.CMS);

    Maven Dependencies:

    <dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk15on</artifactId>
    <version>1.49</version>
</dependency>

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcmail-jdk15on</artifactId>
    <version>1.49</version>
</dependency>
<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bctsp-jdk15on</artifactId>
    <version>1.46</version>
</dependency>


<dependency>
    <groupId>com.itextpdf</groupId>
    <artifactId>itextpdf</artifactId>
    <version>5.4.2</version>
</dependency>