5. iText White Paper
• Chapter 1:
– The concept of digital signatures
• Chapter 2:
– Digital signatures in the context of PDF
• Chapter 3:
– Best practices in signing
• Chapter 4:
– Architectures for digital signing
• Chapter 5:
– Verification and Long-Term Validation
www.itextpdf.com
6. Goals
• Integrity — we want assurance that the
document hasn’t been changed
somewhere in the workflow
• Authenticity — we want assurance that
the author of the document is who we
think it is (and not somebody else)
• Non-repudiation — we want assurance
that the author can’t deny his
authorship.
www.itextpdf.com
7. Concept 1: Message digest
• Hashing algorithm:
– a cryptographic hash function to turn an
arbitrary block of data into a fixed-size bit
string.
• Available algorithms:
– MD5: Ron Rivest
– SHA
• SHA-1: NSA
• SHA-2: NSA / NIST
• NEW: SHA-3 contest winner ―Keccak‖
– RIPEMD: KULeuven
www.itextpdf.com
9. Concept 1 + Concept 2
• Producer
– Provides data as-is
– Provides hash encrypted using private key
– Provides public key
• Consumer
– Creates hash from data: hash1
– Decrypts hash using public key: hash2
– If (hash1 == hash2) document OK!
www.itextpdf.com
10. Goals met?
• Integrity:
– hashes are identical
• Authenticity:
– identity found along with public key
• Non-repudiation:
– if hash can be decrypted with public key,
the document was signed with the
corresponding private key
www.itextpdf.com
11. iText White Paper
• Chapter 1:
– The concept of digital signatures
• Chapter 2:
– Digital signatures in the context of PDF
• Chapter 3:
– Best practices in signing
• Chapter 4:
– Architectures for digital signing
• Chapter 5:
– Verification and Long-Term Validation
www.itextpdf.com
12. PDF Syntax
• There are no bytes in
the PDF that aren’t
covered, other than
the PDF signature
itself.
• The digital signature
isn’t part of the
ByteRange.
• The concept ―to initial
a document‖ doesn’t
exist; you sign the
complete document at
once (not on a page
per page basis).
www.itextpdf.com
22. Certification Level
• Certification (aka author) signature—
only possible for the first revision;
involves modification detection and
prevention (MDP).
• Approval (aka recipient) signature—
workflow with subsequent signers.
• Usage Rights signature— involving
Adobe’s private key to Reader enable a
PDF (off-topic here).
www.itextpdf.com
27. Serial signatures
• A document can be
signed more than
once.
• Parallel signatures
aren’t supported.
• Additional signatures
sign all previous
signatures.
www.itextpdf.com
36. iText White Paper
• Chapter 1:
– The concept of digital signatures
• Chapter 2:
– Digital signatures in the context of PDF
• Chapter 3:
– Best practices in signing
• Chapter 4:
– Architectures for digital signing
• Chapter 5:
– Verification and Long-Term Validation
www.itextpdf.com
41. Certificate Revocation
• What if your certificate is compromised?
• CRL: Certificate Revocation List
• OCSP: Online Certificate Status Protocol
www.itextpdf.com
47. How to survive expiration?
Revocation date Expiration date
www.itextpdf.com
48. TSAClient tsa =
new TSAClientBouncyCastle(
tsaUrl, tsaUser, tsaPass);
49. iText White Paper
• Chapter 1:
– The concept of digital signatures
• Chapter 2:
– Digital signatures in the context of PDF
• Chapter 3:
– Best practices in signing
• Chapter 4:
– Architectures for digital signing
• Chapter 5:
– Verification and Long-Term Validation
www.itextpdf.com
54. iText White Paper
• Chapter 1:
– The concept of digital signatures
• Chapter 2:
– Digital signatures in the context of PDF
• Chapter 3:
– Best practices in signing
• Chapter 4:
– Architectures for digital signing
• Chapter 5:
– Verification and Long-Term Validation
www.itextpdf.com
55. Inspecting signed documents
• Manually
• Automated process
– Checking the integrity of a signed PDF
– Checking the certificate chain
– Retrieving information from the signature
– TODO: validate MDP settings
www.itextpdf.com
56. What to do when...
• There’s no CRL/OCSP/TS in the
document?
• The certificate is about to expire?
• The hashing / encryption algorithm is
about to be deprecated?
www.itextpdf.com
59. Validation of LTV
PAdES 4 section 4.3:
• The ―latest‖ document timestamp should be validated at
current time with validation data collected at current time.
• The ―inner‖ document timestamp should be validated at
previous document timestamp time with the validation
present (and timestamped for the successive enveloping
timestamps) in the previous DSS.
• The signature and the signature timestamp should be
validated at the latest innermost LTV document timestamp
time using the validation data stored in the DSS and
timestamped by the successive enveloping timestamps.
www.itextpdf.com
60. What's new in PDF 2.0
regarding Digital Signatures
Bruno Lowagie
CEO
iText Software Group
61. Conclusion
• ISO-32000-2 (PDF 2.0)
– Deprecation of old subfiltertypes
– Support for new subfiltertypes
– Support for CAdES signatures
– Support for ECDSA encryption
– MDP extended to approval signatures
– LTV: Long-term validation
www.itextpdf.com