Date: prev next · Thread: first prev next last
2015 Archives by date, by thread · List index


...but, at least it has helped to define the problem.
Now, you need to create a bug report
to catch the eye of a developer.
It does seem that it should be simpler.
At least setting passwords seems easy enough,
although, I haven't tried cracking one with qpdf or crack.


On Wed, Dec 2, 2015 at 12:28 AM, Fulano Diego Perez <
fulanoperez@cryptolab.net> wrote:

FYI below and i would like to make a couple of proposals

currently, this seems to work when exporting from writer:

* non PDF A/1a
* CA cert signed signature
* timestamped with non http AUTH based timestamp server

this produces a PDF:

sha1 hashed
document restrictions summary, not allowed:

        changing the document
        document assembly

suggest these needs to be looked into in terms of:

when signing/timestamping within Acrobat, and locking the document,
causes the following restrictions _in addition_ to above:

        commenting
        filling of form fields
        signing of form fields
        creation of template pages

once a PDF is signed, there should be an option to enable/disable future
signing

once it's timestamped, no further changes should be allowed, it should
be 'locked' similarly to how Acrobat changes restrictions

no idea what is/is not possible in terms of doing this outside of
Acrobat but an sha256 hashed doc should be considered do-able (default
in Acrobat with recent updates)



-------- Forwarded Message --------
Subject: RE: [tdf-discuss] LO 5 PDF export sign/timestamp
Date: Tue, 1 Dec 2015 12:18:01 -0600
From: DigiStamp Support <support@digistamp.com>
Organisation: DigiStamp Inc.
To: 'Fulano Diego Perez' <fulanoperez@cryptolab.net>
CC: 'Richard' <richard.holt@gmail.com>

We appreciate your forwarding the information below.

Note, you have the option of making a TSA request to DigiStamp and
skipping HTTP authentication and instead do authentication based on the
client's IP Address.  This would allow you to test a DigiStamp timestamp
without AUTH.

To use IP address authentication:
Configure your account here:
https://www.digistamp.com/account/view/authentication
Then send your request to address: https://www.digistamp.com/ipauth/tsa

Or, using the DigiStamp test environment:
https://supporttest.digistamp.com/account/view/authentication
and:  http://supporttest.digistamp.com/ipauth/tsa


-----Original Message-----
From: Fulano Diego Perez [mailto:fulanoperez@cryptolab.net]
Sent: Monday, November 30, 2015 23:51
To: discuss@documentfoundation.org
Cc: Richard <richard.holt@gmail.com>
Subject: Re: [tdf-discuss] LO 5 PDF export sign/timestamp

short update

i can confirm that this fails when exporting to PDF A/1a format

i tried FDF and PDF submit format

however, the following worked:

*the free TSA https://tsa.safecreative.org

*sign per usual CA cert


i then tried again to sign a non PDF A/1a with a timestamp server which
requires AUTH

that failed again, did not prompt for credentials, PDF generation failed






Fulano Diego Perez:
Hi,

try these 2

https://www.comodo.com/home/email-security/free-email-certificate.php

https://www.startssl.com/?app=1

i use paid timestamp service

digistamp.com

would be good to hear your experiences



Richard:
Morning Diego,
I'm running 5.1.0.0.alpha1 but have 5.0.3.2-2 on another.
Point me to a link to create a certificate to sign with.
I've never tried to apply a timestamp to pdf.
Saludos.

On Fri, Nov 27, 2015 at 1:45 AM, Fulano Diego Perez <
fulanoperez@cryptolab.net> wrote:


Can anybody confirm the following work using:

Writer Version: 1:5.0.3~rc2-1+b2
debian stretch amd64

*timestamp an ODF document exported to pdf where a http(s) timestamp
server requires authentication?

*ibid + sign the pdf with a commercial CA cert?

*only sign a pdf with a commercial CA cert that does not produce a
pdf altered after signing?

please confirm how you did it........






hello

anybody had luck time stamping a PDF exported from libreoffice 5?

i tried on debian/stretch 5.0.2-1 with no useful error output

the export process doesn't prompt for TSA credentials

then, signing just with a CA valid cert works, but opening the PDF
in a windows acrobat or reader shows a modification warning after
signing

does not seem thorough yet in the new libreoffice


--
To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org
Problems?
http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe
/ Posting guidelines + more:
http://wiki.documentfoundation.org/Netiquette
List archive:
http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot
be deleted








--
To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org
Problems?
http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be
deleted


-- 
To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.