[GSoC2012] Introduction / Signed PDF export
Thorsten Behrens
thb at documentfoundation.org
Wed May 16 14:36:55 PDT 2012
Hi Gökçen,
let me chime in here - so barring any technical issues, or further
insight, I'd love to have this result in something that can be used
under European e-government regulations.
Something to look into for guidance clearly is PortableSigner, which
is maintained by the Austrian government AFAIK - with that:
> * The signing method: What kind of signature handler we may use?
> ByteRange method is sufficient and for the SubFilter value of the
> signature dictionary, adbe.x509.rsa.sha is OK, right? In this case, Cert
> entry of the Signature dictionary will contain X.509 certificate chain
> and Contents key wil contain the byte range digest.
>
Yeah, filter something like PPKLite, subfilter adbe.pkcs7.sha1 or
adbe.pkcs7.detached - ByteRange makes total sense, and so does
X.509 certs - I'd be content if you can use PKCS#12 ones e.g. :)
> * Is the MDP (modification detection and prevention) required? This is
> used for object signatures, right? But the byte-range based document
> signatures is more suitable. I think I must also investigate the status
> of the digital signature verification in Linux PDF readers and maybe
> poppler, so the users must be able to verify the signed PDF files :)
>
Right, not much insight into that - but I would suggest that,
everything else being equal, do what signature laws require.
> * Which PDF version should be preferred? As far as I can see, SHA256
> digestion is introduced in PDF 1.6, so the decision of digest method may
> effect the minimum PDF version to be used, right?
>
1.5 should hopefully be enough.
Random links:
http://portablesigner.sourceforge.net/
http://en.wikipedia.org/wiki/EGovernment_in_Europe
https://www.bsi.bund.de/cae/servlet/contentblob/487196/publicationFile/31102/esig_pdf.pdf
HTH,
-- Thorsten
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/libreoffice/attachments/20120516/562988a4/attachment.pgp>
More information about the LibreOffice
mailing list