I have a website that allow users to sign any given uploaded file. The workflow is:
Additionaly, the database also contains users' public keys and certificates (as well as encrypted private keys for non-technical users so that the app can handle the whole signing signature process for them).
Now I want to adapt the workflow for specific support of PDF files, as PDF files have specific support for signing. I have been struggling for a few days with PDFBox and have succeeded in signing a PDF file separately but I do not know how to adapt to my usual workflow.
The usage of signature for PDFBox is currently:
ExternalSigningSupport externalSigning =
document.saveIncrementalForExternalSigning(output);
byte[] cmsSignature = sign(externalSigning.getContent());
externalSigning.setSignature(cmsSignature);
The signed PDF file is then streamed to output.
The computation of the digest and the signature, as well as incorporating the signature and certificates to the PDF file is made in one step in the "sign" method above, which means that I do not know how to implement my usual workflow of computing the digest (1), signing (2) and generating the signature file (3) in three steps. Moreover, I suppose that the InputStream given by externalSigning.getContent() does not contain the whole PDF file, which means that the digest and signature cannot be checked using my existing code?
To achieve this, you will have to store PDF after adding signature field since pdf hash also include signature field properties. If you are trying to add signature field again at step 3 to the original pdf, the stored signature is not the one which matches new hash. You need to check if and how PDFBox allows this!