Digital Signature PKCS7 with IText 2.1.7 — Part 1

Sometimes we don’t have the power or the opportunity to change dependencies or the technologies in our projects. Forcing us to use what we have available.

Recently I had to use in a project the itext version 2.1.7 (this version is from 2009!!) to digitally sign pdf documents. So, the battle began…

My main requirements were:

• IText 2.1.7;
• Hash Signature, not the entire document;
• External Signature: We should pass the hash generated from the original document to an external service, and this service respond with the signed hash (not an pdf container signed).

I decide to divide this article into three parts, so it doesn’t get too boring.

In this first part, we will demonstrate how to sign the hash obtained from the pdf document with IText 2.1.7 and how it is considered valid.

In the second part, we will separate the process to sign from the main flow.

And in the third part, we will show how to customize the appearance of the visible signature box.

Before we start

We need a pkcs12 certificate to sign the document, so we must generate one for the tests. In our case, we simply use the KeyStore Explorer…