0

I have PDF document signed by esig/dss https://github.com/esig/dss library. I can see that singature in Acrobat Reader. When I want to verify it with iText and BouncyCastle I got exception:

2.16.840.1.101.3.4.2.1withRSA Signature not available

I work on Fedora with Oracle JDK 1.8.0_112 with unlimited cryptography, iText-2.0.8.jar and BouncyCastle bcprov-jdk16-139.jar.

When I chcecked Message Digest available in my environment using response from: Complete list of MessageDigest available in the JDK

I got:

Alias: "OID.2.16.840.1.101.3.4.2.1" -> "SHA-256"

So it is available in my JDK.

Sho why 2.16.840.1.101.3.4.2.1withRSA Signature not available?

Community
  • 1
  • 1
Michał Niklas
  • 53,067
  • 18
  • 70
  • 114
  • Please share a sample file. – mkl Dec 23 '16 at 14:07
  • That been said, I just recognised that you mentioned *"iText-2.0.8.jar"* and *"bcprov-jdk16-139.jar"*. Those versions are ancient, there are numerous signature related standards changed or even newly introduced since then. Esig/dss, on the other hand, is current and targeted especially at the new standards. Thus, update,update,update! I'll make that an answer. – mkl Dec 23 '16 at 15:17

1 Answers1

0

You mention that you use "iText-2.0.8.jar" and "bcprov-jdk16-139.jar".

Those versions are ancient, itext 2.0.8 in particular has been released early 2008. The PAdES specifications had first been published in 2009, and they introduced numerous changes and additions into pdf signing. Esig/dss essentially had been introduced as a first implementation of these changes and additions.

Thus, you definitely should consider updating to support current standards.

mkl
  • 90,588
  • 15
  • 125
  • 265