It’s time for our second quarterly release of the iText Suite; yet as we promised last time, this release of the open-source iText Core PDF library and the add-ons which make up the iText Suite is a little bit different. And not just because this is the first release of the iText Suite under the Apryse banner!
Seven years after the first release of version 7 of the iText library, we’re proud to announce the release of iText Core version 8 – aka iText 8.
What's new?
Just as with the 2016 release of the iText library, iText version 8 has been rewritten and refined to meet the meet the needs of modern document processing. While version 7 was designed around the then upcoming PDF 2.0 specification, iText Core 8.0.0 introduces a number of new features and support for the latest cryptographic related extensions to PDF 2.0. In particular, support has been added for SHA-3 hash functions as specified in ISO/TS 32001, and from ISO/TS 32002 modern elliptical curves for digital signatures are also supported. While these extensions are very new, we believe that it's important for open-source projects such as iText to support and popularize such standards early - especially as we are involved with both the PDF Association and the ISO committees responsible for their publication.
On a related note, direct support for Bouncy Castle FIPS APIs has been added to iText Core, for compliance with the Federal Processing Standard (FIPS 140-2) – the benchmark for evaluating cryptographic products. While FIPS 140-2 is a U.S./Canadian Federal standard, it is widely adopted by both governmental and non-governmental sectors worldwide for practical security and realistic best practice.
Bouncy Castle FIPS implementation
For ease of use, we've introduced a new dependency for the sign module: bouncy-castle-connector. After loading the new bouncy-castle-connector module, developers can simply specify whether to load our standard bouncy-castle-adapter or the bouncy-castle-fips-adapter module, depending on their requirements. This is because the FIPS version of Bouncy Castle is more restrictive, and so may not have all the functionality in the vanilla version.
It is important to not add them both as a dependency since they are not compatible. Also, users must explicitly depend on either the standard bouncy-castle-adapter or the bouncy-castle-fips-adapter module. Otherwise the encryption/signing features will fail with an exception, however, this exception will give you a hint to add one of the bc-adapter dependencies.
In addition, Bouncy Castle FIPS has a FIPS approved mode which makes it possible to deliver one application that can be configured to work in FIPS mode or in regular mode. However, those users requiring FIPS compliance will likely only use the FIPS approved mode.
See the Bouncy Castle changes page for more details on using our FIPS implementation.
Other changes to the sign module
For digital signing, we’ve made significant improvements to the sign module in order to both support new features (such as the RSASSA-PSS padding scheme specified by ETSI as the preferred method for PAdES), and to make the process of digital signing easier. Huge thanks to MatthiasValvekens for submitting the pull requests for this, and the ISO/TS 32001 and ISO/TS 32002 extensions mentioned earlier!
Improved forms creation
Big improvements have also been made to the forms module. When creating forms, you can now benefit from a more logical layout-based approach which will greatly aid forms creation and maintenance.
What else is there?
We also have a really nice improvement for text extraction from PDFs containing non-identity CMaps (Character to Glyph Index Mapping Tables) (such as UniJIS-UCS2-H) that contain double mappings. This change enables reliable Unicode extraction regardless of the source encoding of the CMap in the document.
Special mention should be made to the new and improved layout module documentation which can be found in our GitHub repository.
Together with a bunch of API improvements and refinements and improved documentation, we believe iText Core version 8 represents a big leap over previous iText versions. Our aim was to create a great platform for future development, and to maintain iText's reputation as the most performant and most developer friendly Java library for PDF creation (including PDF/A and PDF/UA), digitally signing PDFs, and much more besides!
New features
RSASSA-PSS support
Add support for recently published ISO extensions to digital signing
Add support for FIPS 140-2 compliant Bouncy Castle module
Improvements
Improve Checkbox behavior on Adobe Acrobat for PDF/A documents
Support for TIF images with CCITT T.4 compression
Bugs
Text extraction with non-identity CMaps occasionally produces wrongly decoded output