Re: [tdf-discuss] LO 5 PDF export sign/timestamp

...but, at least it has helped to define the problem.
Now, you need to create a bug report
to catch the eye of a developer.
It does seem that it should be simpler.
At least setting passwords seems easy enough,
although, I haven't tried cracking one with qpdf or crack.


On Wed, Dec 2, 2015 at 12:28 AM, Fulano Diego Perez <
fulanoperez@cryptolab.net> wrote:

> FYI below and i would like to make a couple of proposals
>
> currently, this seems to work when exporting from writer:
>
> * non PDF A/1a
> * CA cert signed signature
> * timestamped with non http AUTH based timestamp server
>
> this produces a PDF:
>
> sha1 hashed
> document restrictions summary, not allowed:
>
>         changing the document
>         document assembly
>
> suggest these needs to be looked into in terms of:
>
> when signing/timestamping within Acrobat, and locking the document,
> causes the following restrictions _in addition_ to above:
>
>         commenting
>         filling of form fields
>         signing of form fields
>         creation of template pages
>
> once a PDF is signed, there should be an option to enable/disable future
> signing
>
> once it's timestamped, no further changes should be allowed, it should
> be 'locked' similarly to how Acrobat changes restrictions
>
> no idea what is/is not possible in terms of doing this outside of
> Acrobat but an sha256 hashed doc should be considered do-able (default
> in Acrobat with recent updates)
>
>
>
> -------- Forwarded Message --------
> Subject: RE: [tdf-discuss] LO 5 PDF export sign/timestamp
> Date: Tue, 1 Dec 2015 12:18:01 -0600
> From: DigiStamp Support <support@digistamp.com>
> Organisation: DigiStamp Inc.
> To: 'Fulano Diego Perez' <fulanoperez@cryptolab.net>
> CC: 'Richard' <richard.holt@gmail.com>
>
> We appreciate your forwarding the information below.
>
> Note, you have the option of making a TSA request to DigiStamp and
> skipping HTTP authentication and instead do authentication based on the
> client's IP Address.  This would allow you to test a DigiStamp timestamp
> without AUTH.
>
> To use IP address authentication:
> Configure your account here:
> https://www.digistamp.com/account/view/authentication
> Then send your request to address: https://www.digistamp.com/ipauth/tsa
>
> Or, using the DigiStamp test environment:
> https://supporttest.digistamp.com/account/view/authentication
> and:  http://supporttest.digistamp.com/ipauth/tsa
>
>
> -----Original Message-----
> From: Fulano Diego Perez [mailto:fulanoperez@cryptolab.net]
> Sent: Monday, November 30, 2015 23:51
> To: discuss@documentfoundation.org
> Cc: Richard <richard.holt@gmail.com>
> Subject: Re: [tdf-discuss] LO 5 PDF export sign/timestamp
>
> short update
>
> i can confirm that this fails when exporting to PDF A/1a format
>
> i tried FDF and PDF submit format
>
> however, the following worked:
>
> *the free TSA https://tsa.safecreative.org
>
> *sign per usual CA cert
>
>
> i then tried again to sign a non PDF A/1a with a timestamp server which
> requires AUTH
>
> that failed again, did not prompt for credentials, PDF generation failed
>
>
>
>
>
>
> Fulano Diego Perez:
> > Hi,
> >
> > try these 2
> >
> > https://www.comodo.com/home/email-security/free-email-certificate.php
> >
> > https://www.startssl.com/?app=1
> >
> > i use paid timestamp service
> >
> > digistamp.com
> >
> > would be good to hear your experiences
> >
> >
> >
> > Richard:
> > > Morning Diego,
> > > I'm running 5.1.0.0.alpha1 but have 5.0.3.2-2 on another.
> > > Point me to a link to create a certificate to sign with.
> > > I've never tried to apply a timestamp to pdf.
> > > Saludos.
> > >
> > > On Fri, Nov 27, 2015 at 1:45 AM, Fulano Diego Perez <
> > > fulanoperez@cryptolab.net> wrote:
> > >
> > > > Can anybody confirm the following work using:
> > > >
> > > > Writer Version: 1:5.0.3~rc2-1+b2
> > > > debian stretch amd64
> > > >
> > > > *timestamp an ODF document exported to pdf where a http(s) timestamp
> > > > server requires authentication?
> > > >
> > > > *ibid + sign the pdf with a commercial CA cert?
> > > >
> > > > *only sign a pdf with a commercial CA cert that does not produce a
> > > > pdf altered after signing?
> > > >
> > > > please confirm how you did it........
> > > >
> > > >
> > > >
> > > > > hello
> > > > >
> > > > > anybody had luck time stamping a PDF exported from libreoffice 5?
> > > > >
> > > > > i tried on debian/stretch 5.0.2-1 with no useful error output
> > > > >
> > > > > the export process doesn't prompt for TSA credentials
> > > > >
> > > > > then, signing just with a CA valid cert works, but opening the PDF
> > > > > in a windows acrobat or reader shows a modification warning after
> > > > > signing
> > > > >
> > > > > does not seem thorough yet in the new libreoffice
> > > >
> > > > --
> > > > To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org
> > > > Problems?
> > > > http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe
> > > > / Posting guidelines + more:
> > > > http://wiki.documentfoundation.org/Netiquette
> > > > List archive:
> > > > http://listarchives.documentfoundation.org/www/discuss/
> > > > All messages sent to this list will be publicly archived and cannot
> > > > be deleted
>
>
>
>
>
> --
> To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org
> Problems?
> http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
> Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
> List archive: http://listarchives.documentfoundation.org/www/discuss/
> All messages sent to this list will be publicly archived and cannot be
> deleted

-- 
To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted