[GSoC2012] Introduction / Signed PDF export

Gmail gokcen.eraslan at gmail.com
Thu May 10 07:09:56 PDT 2012


My name is Gökçen Eraslan, I'm a FLOSS developer and Computer Science
M.S. student in Bogazici University of Turkey. Previously I worked for
TUBITAK (The Scientific and Technological Research Council of Turkey,
equivalent of NSF in Turkey) for 4 years. I was the developer and
release manager of the Pardus Linux distribution project[1] which is a
government funded project aiming to develop a mature Linux distribution
along with technological innovations (a brand new package manager,
installer, configuration system etc.) as well as encouraging free
software development in Turkey in order to avoid the massive sums needed
for the license fees of proprietary operating systems. But lately Pardus
project is somehow suspended (details here[2]) and most of the core
developers left Pardus.

Anyway, my GSoC proposal is to add digital signing to PDF export
feature. This is an idea from the ideas page[3]. Although I've fixed an
easyhack[4], I'm not experienced in LibreOffice codebase but since
document signing (not PDF signing) is supported by LibreOffice right
now, (I hope) listing and choosing certificates (provided from the
certificate database of Mozilla applications) will be easy using the
existing classes.

Right now, I'm reading PDF reference documents[5] published by Adobe.
Next planned step is to be familiar with PKCS#1, PKCS#7 and PKCS#12
standards and to learn code pointers to PDF export code.

I also have some question about the implementation details:

* The signing method: What kind of signature handler we may use?
ByteRange method is sufficient and for the SubFilter value of the
signature dictionary, adbe.x509.rsa.sha is OK, right? In this case, Cert
entry of the Signature dictionary will contain X.509 certificate chain
and Contents key wil contain the byte range digest.

* Is the MDP (modification detection and prevention) required? This is
used for object signatures, right? But the byte-range based document
signatures is more suitable. I think I must also investigate the status
of the digital signature verification in Linux PDF readers and maybe
poppler, so the users must be able to verify the signed PDF files :)

* Which PDF version should be preferred? As far as I can see, SHA256
digestion is introduced in PDF 1.6, so the decision of digest method may
effect the minimum PDF version to be used, right?

That's all for now.


[1] http://www.pardus.org.tr/en
[2] http://developer.pardus.org.tr/people/ozan/blog/?p=144
[4] https://bugs.freedesktop.org/show_bug.cgi?id=46538

Gökçen Eraslan

More information about the LibreOffice mailing list