I implemented the PADES-BES signature with iText, but this signature does not follow completely the standard ETSI TS 102778-3. I do not understand what is missing in the code (below) signature to be "standard ETSI".
Here is my code (C#.NET):
int contentsSize = 8192;
FileStream streamsigned = new FileStream(filetosign, FileMode.Create, FileAccess.Write);
PdfReader reader = new PdfReader(filetosign);
PdfStamper stp = PdfStamper.CreateSignature(reader, streamsigned, '\0', null, true);
sap = stp.SignatureAppearance;
dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ETSI_CADES_DETACHED);
sap.CryptoDictionary = dic;
System.Collections.Generic.Dictionary<PdfName, int> exc = new System.Collections.Generic.Dictionary<PdfName, int>();
exc.Add(PdfName.CONTENTS, contentSize * 2 + 2);
sap.PreClose(exc);
Stream data = sap.GetRangeStream();
System.Security.Cryptography.SHA256Managed sha = new System.Security.Cryptography.SHA256Managed();
byte[] hashToSign = sha.ComputeHash(data);
//here sign hash with an external device
byte[] hashSigned = signservice.pkcs7signhash(hashToSign, ...);
byte[] paddedSig = new byte[contentsSize];
System.Array.Copy(hashSigned, 0, paddedSig, 0, hashSigned.Length);
PdfDictionary pdfDictionary = new PdfDictionary();
pdfDictionary.Put(PdfName.CONTENTS, new PdfString(paddedSig).SetHexWriting(true));
sap.Close(pdfDictionary);
