469,964 Members | 1,670 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,964 developers. It's quick & easy.

Digitally sign PDF files

Hi all

I'm developing an application with some reports and we're looking for
advice. This reports should be openoffice.org .odf files, pdf files,
and perhaps microsoft word files (.doc, .docx?) and must be digitally
signed. Is out there some kind of libraries to ease this tasks?

* Access to the local user certificate store, and read PEM or PKCS12
certificate files.
* Read, parse and validate user certificates
* Sign documents: as a binary stream, within an specific document
(pdf, odt, doc)

I've been googling and found very few documentation about this --
except some examples using jython and ironpython.

Thanks
Aug 11 '08 #1
4 8354
Hi,
I'm developing an application with some reports and we're looking for
advice. This reports should be openoffice.org .odf files, pdf files,
and perhaps microsoft word files (.doc, .docx?) and must be digitally
signed. Is out there some kind of libraries to ease this tasks?
For signing you can use OpenSSL or the more complete M2crypto modules.
But this is only the crypto part of the task.
* Access to the local user certificate store, and read PEM or PKCS12
certificate files.
If the certificate store is just a file, both packages can to this. If
the store is some otehr format or maybe the Windows registry, some
additional functions are required, but should be easy to implement.
* Read, parse and validate user certificates
This can be easily done with both.
* Sign documents: as a binary stream, within an specific document
(pdf, odt, doc)
This is the hardest part of the task, since the signature has to be
embedded into the document.
--
Schönen Gruß - Regards
Hartmut Goebel

Goebel Consult
Spezialist für IT-Sicherheit in komplexen Umgebungen
http://www.goebel-consult.de
Aug 11 '08 #2
On 11 ago, 22:29, Hartmut Goebel <h.goe...@goebel-consult.dewrote:
I'm developing an application with some reports and we're looking for
advice. This reports should be openoffice.org .odf files, pdf files,
and perhaps microsoft word files (.doc, .docx?) and must be digitally
signed. Is out there some kind of libraries to ease this tasks?

For signing you can use OpenSSL or the more complete M2crypto modules.
But this is only the crypto part of the task.
M2Crypto? I didn't know of it... surely I must check it.

It's a very delicate component (security and reliability is a must)
and don't know how openssl works in windows environments.
** Access to the local user certificate store, and read PEM or PKCS12
*certificate files.

If the certificate store is just a file, both packages can to this. If
the store is some otehr format or maybe the Windows registry, some
additional functions are required, but should be easy to implement.
Certificates can be both: PKCS12 (.p12) files and under the windows
certificate store.

The best option could be some kind of thin wrapper around windows
CryotoAPI, so access to hardware tokens and smartcard readers should
be easy because under Linux everything seems tied to Mozilla NSS
libraries.
* Sign documents: as a binary stream, within an specific document
(pdf, odt, doc)

This is the hardest part of the task, since the signature has to be
embedded into the document.
OpenOffice.org uses XML DSIG (libxmlsec, libxml2) as stated here[1]
but I can't find more than this[2] implementation/wrapper of libxmlsec

PDF signing... I can't find something like iText for Python... I've
finded examples like this[3] based on Jython... perhaps I should look
at jython because java 1.6 has full access to Windows CryptoAPI and
full XML-DSIG support[4]

IronPython could also be an interesting option for obvious reasons and
there's and iText port for .NET

Thanks

[1] http://marketing.openoffice.org/oooc...signatures.pdf
[2] http://xmlsig.sourceforge.net/build.html
[3] http://kelpi.com/script/00cd7c
[4] http://java.sun.com/javase/6/docs/te...Signature.html
Aug 11 '08 #3
haxier schrieb:
M2Crypto? I didn't know of it... surely I must check it.

It's a very delicate component (security and reliability is a must)
and don't know how openssl works in windows environments.
M2crypto is available for windows, too. So I would not expect any
problems here.
The best option could be some kind of thin wrapper around windows
CryotoAPI, so access to hardware tokens and smartcard readers should
I'm not a windows guy, so I can't help here.
be easy because under Linux everything seems tied to Mozilla NSS
libraries.
Some is using NSS, some is OpenSSL. I personally use M2crypto, since the
licence fits me better.
OpenOffice.org uses XML DSIG (libxmlsec, libxml2) as stated here[1]
but I can't find more than this[2] implementation/wrapper of libxmlsec
I've not found a usefull specification, too. Digital Signing seams to
become part of ODF 1.2, but I've not found a clear statement on which
files have to be signed nor how.
PDF signing... I can't find something like iText for Python... I've
iText is overkill far what you need. You only want to sign, not generate
PDF files.

--
Schönen Gruß - Regards
Hartmut Goebel

Goebel Consult
Spezialist für IT-Sicherheit in komplexen Umgebungen
http://www.goebel-consult.de
Aug 15 '08 #4
On Mon, 2008-08-11 at 14:13 -0700, haxier wrote:
On 11 ago, 22:29, Hartmut Goebel <h.goe...@goebel-consult.dewrote:
I'm developing an application with some reports and we're looking for
advice. This reports should be openoffice.org .odf files, pdf files,
and perhaps microsoft word files (.doc, .docx?) and must be digitally
signed. Is out there some kind of libraries to ease this tasks?
For signing you can use OpenSSL or the more complete M2crypto modules.
But this is only the crypto part of the task.

M2Crypto? I didn't know of it... surely I must check it.

It's a very delicate component (security and reliability is a must)
and don't know how openssl works in windows environments.
* Access to the local user certificate store, and read PEM or PKCS12
certificate files.
If the certificate store is just a file, both packages can to this. If
the store is some otehr format or maybe the Windows registry, some
additional functions are required, but should be easy to implement.

Certificates can be both: PKCS12 (.p12) files and under the windows
certificate store.

The best option could be some kind of thin wrapper around windows
CryotoAPI, so access to hardware tokens and smartcard readers should
be easy because under Linux everything seems tied to Mozilla NSS
libraries.
* Sign documents: as a binary stream, within an specific document
(pdf, odt, doc)
This is the hardest part of the task, since the signature has to be
embedded into the document.

OpenOffice.org uses XML DSIG (libxmlsec, libxml2) as stated here[1]
but I can't find more than this[2] implementation/wrapper of libxmlsec

PDF signing... I can't find something like iText for Python... I've
finded examples like this[3] based on Jython... perhaps I should look
at jython because java 1.6 has full access to Windows CryptoAPI and
full XML-DSIG support[4]

IronPython could also be an interesting option for obvious reasons and
there's and iText port for .NET

Thanks

[1] http://marketing.openoffice.org/oooc...signatures.pdf
[2] http://xmlsig.sourceforge.net/build.html
[3] http://kelpi.com/script/00cd7c
[4] http://java.sun.com/javase/6/docs/te...Signature.html
--
http://mail.python.org/mailman/listinfo/python-list
A note on libxmlsec, there are also these python bindings available:
http://pyxmlsec.labs.libre-entrepris...ction=examples

--
John Krukoff <jk******@ltgc.com>
Land Title Guarantee Company

Aug 15 '08 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Aaron | last post: by
1 post views Thread by Peter Wyss | last post: by
7 posts views Thread by kingski | last post: by
reply views Thread by =?Utf-8?B?RGllZ28gTWFyY2V0?= | last post: by
1 post views Thread by grey | last post: by
2 posts views Thread by Terry Chapman | last post: by
1 post views Thread by =?Utf-8?B?RW1lcmljIFRoaWJhdWQ=?= | last post: by
1 post views Thread by rainxy | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.