[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [tdf-discuss] LO 5 PDF export sign/timestamp


FYI below and i would like to make a couple of proposals

currently, this seems to work when exporting from writer:

* non PDF A/1a
* CA cert signed signature
* timestamped with non http AUTH based timestamp server

this produces a PDF:

sha1 hashed
document restrictions summary, not allowed:

changing the document
document assembly

suggest these needs to be looked into in terms of:

when signing/timestamping within Acrobat, and locking the document,
causes the following restrictions _in addition_ to above:

commenting
filling of form fields
signing of form fields
creation of template pages

once a PDF is signed, there should be an option to enable/disable future
signing

once it's timestamped, no further changes should be allowed, it should
be 'locked' similarly to how Acrobat changes restrictions

no idea what is/is not possible in terms of doing this outside of
Acrobat but an sha256 hashed doc should be considered do-able (default
in Acrobat with recent updates)



-------- Forwarded Message --------
Subject: RE: [tdf-discuss] LO 5 PDF export sign/timestamp
Date: Tue, 1 Dec 2015 12:18:01 -0600
From: DigiStamp Support <support@digistamp.com>
Organisation: DigiStamp Inc.
To: 'Fulano Diego Perez' <fulanoperez@cryptolab.net>
CC: 'Richard' <richard.holt@gmail.com>

We appreciate your forwarding the information below.

Note, you have the option of making a TSA request to DigiStamp and
skipping HTTP authentication and instead do authentication based on the
client's IP Address. This would allow you to test a DigiStamp timestamp
without AUTH.

To use IP address authentication:
Configure your account here:
https://www.digistamp.com/account/view/authentication
Then send your request to address: https://www.digistamp.com/ipauth/tsa

Or, using the DigiStamp test environment:
https://supporttest.digistamp.com/account/view/authentication
and: http://supporttest.digistamp.com/ipauth/tsa


-----Original Message-----
From: Fulano Diego Perez [mailto:fulanoperez@cryptolab.net]
Sent: Monday, November 30, 2015 23:51
To: discuss@documentfoundation.org
Cc: Richard <richard.holt@gmail.com>
Subject: Re: [tdf-discuss] LO 5 PDF export sign/timestamp

short update

i can confirm that this fails when exporting to PDF A/1a format

i tried FDF and PDF submit format

however, the following worked:

*the free TSA https://tsa.safecreative.org

*sign per usual CA cert


i then tried again to sign a non PDF A/1a with a timestamp server which
requires AUTH

that failed again, did not prompt for credentials, PDF generation failed






Fulano Diego Perez:
> Hi,
>
> try these 2
>
> https://www.comodo.com/home/email-security/free-email-certificate.php
>
> https://www.startssl.com/?app=1
>
> i use paid timestamp service
>
> digistamp.com
>
> would be good to hear your experiences
>
>
>
> Richard:
>> Morning Diego,
>> I'm running 5.1.0.0.alpha1 but have 5.0.3.2-2 on another.
>> Point me to a link to create a certificate to sign with.
>> I've never tried to apply a timestamp to pdf.
>> Saludos.
>>
>> On Fri, Nov 27, 2015 at 1:45 AM, Fulano Diego Perez <
>> fulanoperez@cryptolab.net> wrote:
>>
>>>
>>> Can anybody confirm the following work using:
>>>
>>> Writer Version: 1:5.0.3~rc2-1+b2
>>> debian stretch amd64
>>>
>>> *timestamp an ODF document exported to pdf where a http(s) timestamp
>>> server requires authentication?
>>>
>>> *ibid + sign the pdf with a commercial CA cert?
>>>
>>> *only sign a pdf with a commercial CA cert that does not produce a
>>> pdf altered after signing?
>>>
>>> please confirm how you did it........
>>>
>>>
>>>
>>>>
>>>>
>>>>
>>>> hello
>>>>
>>>> anybody had luck time stamping a PDF exported from libreoffice 5?
>>>>
>>>> i tried on debian/stretch 5.0.2-1 with no useful error output
>>>>
>>>> the export process doesn't prompt for TSA credentials
>>>>
>>>> then, signing just with a CA valid cert works, but opening the PDF
>>>> in a windows acrobat or reader shows a modification warning after
>>>> signing
>>>>
>>>> does not seem thorough yet in the new libreoffice
>>>>
>>>
>>> --
>>> To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org
>>> Problems?
>>> http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe
>>> / Posting guidelines + more:
>>> http://wiki.documentfoundation.org/Netiquette
>>> List archive:
>>> http://listarchives.documentfoundation.org/www/discuss/
>>> All messages sent to this list will be publicly archived and cannot
>>> be deleted
>>>
>>
>





--
To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted

Follow-Ups:
Re: [tdf-discuss] LO 5 PDF export sign/timestampRichard <richard.holt@gmail.com>
Re: [tdf-discuss] LO 5 PDF export sign/timestampRichard <richard.holt@gmail.com>
Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.