SlideShare a Scribd company logo

Digital Signatures in PDF: how it's done

Download as PPTX, PDF
Bruno Lowagie
Bruno Lowagie

Information on how to create digital signatures in PDF.

Technology
1 of 52
© 2015, iText Group NV, iText Software Corp., iText Software BVBA© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital Signatures: how it’s done in PDF UGent (July 1, 2015)
© 2015, iText Group NV, iText Software Corp., iText Software BVBA© 2015, iText Group NV, iText Software Corp., iText Software BVBA Agenda • Why do we need digital signatures? • Basic concepts… • … applied to PDF • Architectures: server-side vs. client-side • Digital signatures and document workflow • Long term validation
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF3 Why do we need digital signatures? Integrity Authenticity Non-repudiation
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Integrity Digital signatures: how it's done in PDF4 I paid a forged invoice and lost 30K€ !
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Authenticity Digital signatures: how it's done in PDF5 Why am I, Emperor Constantine I, in this picture? I never transferred authority to the Pope!
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Non-repudiation Digital signatures: how it's done in PDF6 I didn’t do it!
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Three goals Integrity — we want assurance that the document hasn’t been changed somewhere in the workflow. Authenticity — we want assurance that the author of the document is who we think it is (and not somebody else). Non-repudiation — we want assurance that the author can’t deny his authorship. Digital signatures: how it's done in PDF7
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF8 Basic Concepts… Hashing algorithms Encryption algorithms Certificate Authorities Digital signatures
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1: Integrity check using hash Digital signatures: how it's done in PDF9 Document Generate Hash AF1B4C...D34E Secure Server / Website Retrieve Hash AF1B4C...D34E Compare!
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1: Hashing Hashing algorithm a cryptographic hash function to turn an arbitrary block of data into a fixed-size bit string. Available algorithms MD5: Ron Rivest (deprecated) SHA: SHA-1: NSA (phased out!) SHA-2: NSA / NIST SHA-3: Keccak (made in Belgium!) RIPEMD: KULeuven Digital signatures: how it's done in PDF10
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 2: Encryption Assymetric key algorithms Encryption Digital signing Digital signatures: how it's done in PDF11
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 2: Some name dropping Public Key Cryptography Standards PKCS#1: RSA Cryptography Standard (Rivest, Shamir, Adleman) PKCS#7: Cryptographic Message Standard (CMS) PKCS#11: Cryptographic Token Interface PKCS#12: Personal Information Exchange Syntax Standard PKCS#13: Elliptic Curve Cryptography Standard (ECDSA) Federal Information Processing Standards (FIPS) DSA: Digital Signature Algorithm (DSA) European Telecommunications Standards Institute (ETSI) CMS Advanced Electronic Signatures (CAdES) Digital signatures: how it's done in PDF12
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 3: Certificate Authorities Digital signatures: how it's done in PDF13
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 3: example Digital signatures: how it's done in PDF14 Self-signed: Signed by Adobe: Signed by GlobalSign: Signed by GlobalSign
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 3: example Digital signatures: how it's done in PDF15
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 3: the green check mark PKCS#12: Personal Information Exchange Syntax Standard public and private key are stored in a file PKCS#11: Cryptographic Token Interface public and private key are stored on a device In the context of PDF:  Certified Document Services (CDS): Adobe’s root certificate  Adobe Approved Trust List (AATL): Trusted root certificates (since Acrobat 9) Digital signatures: how it's done in PDF16
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1 + Concept 2 + Concept 3 Producer Provides data as-is: [A] Provides hash of data, encrypted using private key: [B] Provides public key Consumer Creates hash from data [A]: hash1 Decrypts hash [B] using public key: hash2 If (hash1 == hash2) document OK! Digital signatures: how it's done in PDF17
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Goals met? Integrity Hashes are identical Authenticity Identity is stored in public key provided by CA A time-stamp can be added Non-repudiation If hash can be decrypted with public key, the document was signed with the corresponding private key Digital signatures: how it's done in PDF18
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Differences between EU and US In the US, we make a distinction Electronic signatures don’t necessarily involve PKI Digital signatures when a PKI infrastructure is involved In Europe, we speak of electronic signatures As a synonym for digital signatures All laws and regulations take this wording There’s no sharp distinction between electronic and digital signatures (which leads to confusion) I always speak of digital signatures Digital signatures: how it's done in PDF19
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF20 … Applied to PDF ISO 32000-1 ETSI TS 102 778 (PAdES) ISO 32000-2
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Standards ISO ISO-32000-1 (2008) based on PDF 1.7 (2006) ISO-32000-2 will define PDF 2.0 (2016) ETSI: TS 102 778 (2009 - 2010) PAdES 1: Overview PAdES 2: Basic – CMS based (ISO-32000-1) PAdES 3: Enhanced – CAdES based (ISO-32000-2) PAdES 4: LTV – Long Term Validation PAdES 5: XAdES based (XML content) PAdES 6: Visual representation guidelines ETSI: TS 103 172 (2011 - 2013) PAdES Baseline Profile Digital signatures: how it's done in PDF21
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Signatures in PDF There are no bytes in the PDF that aren’t covered, other than the PDF signature itself. (*) The digital signature isn’t part of the ByteRange. The concept “to initial a document” doesn’t exist; you sign the complete document at once, not on a page per page basis. (*) Digital signatures: how it's done in PDF22
© 2015, iText Group NV, iText Software Corp., iText Software BVBA What’s inside a signature? Digital signatures: how it's done in PDF23 ISO-32000-2: At minimum the PKCS#7 object shall include the signer’s X.509 signing certificate. This certificate shall be used to verify the signature value in /Contents. Best practices (“should” also have): • Full certificate chain • Revocation information (CRL / OCSP) • Timestamp %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE • Signed Message Digest • Certificate chain • Revocation information • Timestamp
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF24 Architectures Server-side signing Client-side signing Deferred signing
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Server-side signing Digital signatures: how it's done in PDF25 <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest Application DeviceSERVER
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases server-side signing Company signature Invoices Contracts … Signing services in the Cloud Docusign Echosign … Security management responsibilities! Digital signatures: how it's done in PDF26
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Client-side signing Digital signatures: how it's done in PDF27 <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest ApplicationDevice CLIENT
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases client-side signing Desktop applications Adobe Acrobat Pro Adobe Reader (for Reader-enabled documents) Home-made, e.g. using iText In a web context The PDF software runs on the client, e.g. using Java Web Start Access to the token or smart card through MSCAPI PKCS#11 Custom smart card library Security User has smart card and PIN or USB token and passphrase Digital signatures: how it's done in PDF28 1 signature / second
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Deferred signing Digital signatures: how it's done in PDF29 Signed Message Digest AppDevice CLIENT <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Application SERVER
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases deferred signing Signing on an iPad/Tablet App on the device has a low footprint Easy to integrate into a document management system Example: eaZySign (Zetes) Disadvantage At most 1 signature / second You need to trust the server that the hash you receive is actually the hash of the document you want to sign. ISAE 3000 the standard for assurance over non-financial information. ISAE3000 is issued by the International Federation of Accountants (IFAC). The standard consists of guidelines for the ethical behavior, quality management and performance of an ISAE3000 engagement. Generally ISAE3000 is applied for audits of internal control, sustainability and compliance with laws and regulations. Digital signatures: how it's done in PDF30
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF31 Digital signatures and workflow Author signatures Recipient signatures Locking fields / documents
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Serial signatures 32 %PDF-1.x % Original document % Additional content 1 ... ... %%EOF DIGITAL SIGNATURE 1 ... %%EOF DIGITAL SIGNATURE 2 % Additional content 2 ... ... %%EOF DIGITAL SIGNATURE 3 Rev1 Rev2 Rev3 A PDF document can be signed more than once, but parallel signatures aren’t supported, only serial signatures: additional signatures sign all previous signatures.
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: types Certification (aka author) signature Only possible for the first revision Involves modification detection permissions: No changes allowed Form filling and signing allowed Form filling, signing and commenting allowed Approval (aka recipient) signature Workflow with subsequent signers New in PDF 2.0: modification detection permissions Digital signatures: how it's done in PDF33
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Other possible icons Signer’s identity is unknown Document has been altered or corrupted Digital signatures: how it's done in PDF34
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Certified by Alice Digital signatures: how it's done in PDF35
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Bob Digital signatures: how it's done in PDF36
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Bob’s signature invalidated by Chuck Digital signatures: how it's done in PDF37
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Carol Digital signatures: how it's done in PDF38
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Dave Digital signatures: how it's done in PDF39
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Signature and lock broken by Chuck Digital signatures: how it's done in PDF40
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF41 Long-term validation Revocation Timestamps LTV
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Certificates expire Digital signatures: how it's done in PDF42 Expiration date 2013 2014 2015
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Certificates get revoked Digital signatures: how it's done in PDF43 Expiration dateRevocation date 2013 2014 2015
© 2015, iText Group NV, iText Software Corp., iText Software BVBA CA: CRL and OCSP Digital signatures: how it's done in PDF44
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 3: example Digital signatures: how it's done in PDF45 Self-signed: Signed by Adobe: Signed by GlobalSign: Signed by GlobalSign
© 2015, iText Group NV, iText Software Corp., iText Software BVBA How to survive revocation / expiration? Digital signatures: how it's done in PDF46 Expiration dateRevocation date
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Timestamps Digital signatures: how it's done in PDF47
© 2015, iText Group NV, iText Software Corp., iText Software BVBA What to do when: There’s no CRL/OCSP/TS in the document? The certificate is about to expire in one of your documents? The hashing/encryption algorithm is about to be deprecated? Digital signatures: how it's done in PDF48
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Document Security Store (DSS) Digital signatures: how it's done in PDF49 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE • Signed Message Digest • Certificate %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DIGITAL SIGNATURE • Signed Message Digest • Certificate
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Document-level timestamp Digital signatures: how it's done in PDF50 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 ETSI.RFC3161 DIGITAL SIGNATURE • Signed Message Digest • Certificate DIGITAL SIGNATURE • Signed Message Digest • Certificate
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF51 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 DSS for TS1 DOCUMENT TIMESTAMP TS2 DIGITAL SIGNATURE • Signed Message Digest • Certificate DIGITAL SIGNATURE • Signed Message Digest • Certificate
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF52 Questions? itextpdf.com SG: sales.isa@itextpdf.com +65 31 58 39 47 BE: sales.isb@itextpdf.com +32 92 98 02 31 US: sales.isc@itextpdf.com +1 617 982 646

Recommended

B1-4 送信ドメイン認証・暗号化 DeepDive ~ DMARCから MTA-STS, DANEまで全部PASSさせるまでの道のり
B1-4 送信ドメイン認証・暗号化 DeepDive ~ DMARCから MTA-STS, DANEまで全部PASSさせるまでの道のりB1-4 送信ドメイン認証・暗号化 DeepDive ~ DMARCから MTA-STS, DANEまで全部PASSさせるまでの道のり
B1-4 送信ドメイン認証・暗号化 DeepDive ~ DMARCから MTA-STS, DANEまで全部PASSさせるまでの道のりJPAAWG (Japan Anti-Abuse Working Group)
 
SMTPのSTARTTLSにおけるTLSバージョンについて
SMTPのSTARTTLSにおけるTLSバージョンについてSMTPのSTARTTLSにおけるTLSバージョンについて
SMTPのSTARTTLSにおけるTLSバージョンについてSparx Systems Japan
 
3GPP LTE Detailed explanation 4 (X2 Handover)
3GPP LTE Detailed explanation 4 (X2 Handover)3GPP LTE Detailed explanation 4 (X2 Handover)
3GPP LTE Detailed explanation 4 (X2 Handover)Ryuichi Yasunaga
 
3GPP 5G SA Detailed explanation 1(Relationship between 5G Identifier and Virt...
3GPP 5G SA Detailed explanation 1(Relationship between 5G Identifier and Virt...3GPP 5G SA Detailed explanation 1(Relationship between 5G Identifier and Virt...
3GPP 5G SA Detailed explanation 1(Relationship between 5G Identifier and Virt...Ryuichi Yasunaga
 
IIJmio meeting 16 「通信速度」に影響を与える要素とは
IIJmio meeting 16 「通信速度」に影響を与える要素とはIIJmio meeting 16 「通信速度」に影響を与える要素とは
IIJmio meeting 16 「通信速度」に影響を与える要素とはtechlog (Internet Initiative Japan Inc.)
 
Internetトラフィックエンジニアリングの現実
Internetトラフィックエンジニアリングの現実Internetトラフィックエンジニアリングの現実
Internetトラフィックエンジニアリングの現実J-Stream Inc.
 
IIJmio meeting 26 プライベートLTEとパブリックLTEの相互運用における問題とその解決
IIJmio meeting 26 プライベートLTEとパブリックLTEの相互運用における問題とその解決IIJmio meeting 26 プライベートLTEとパブリックLTEの相互運用における問題とその解決
IIJmio meeting 26 プライベートLTEとパブリックLTEの相互運用における問題とその解決techlog (Internet Initiative Japan Inc.)
 
ZigBee/IEEE802.15.4について調べてみた
ZigBee/IEEE802.15.4について調べてみたZigBee/IEEE802.15.4について調べてみた
ZigBee/IEEE802.15.4について調べてみたRyosuke Uematsu
 

Recommended

B1-4 送信ドメイン認証・暗号化 DeepDive ~ DMARCから MTA-STS, DANEまで全部PASSさせるまでの道のり
B1-4 送信ドメイン認証・暗号化 DeepDive ~ DMARCから MTA-STS, DANEまで全部PASSさせるまでの道のりB1-4 送信ドメイン認証・暗号化 DeepDive ~ DMARCから MTA-STS, DANEまで全部PASSさせるまでの道のり
B1-4 送信ドメイン認証・暗号化 DeepDive ~ DMARCから MTA-STS, DANEまで全部PASSさせるまでの道のりJPAAWG (Japan Anti-Abuse Working Group)
 
SMTPのSTARTTLSにおけるTLSバージョンについて
SMTPのSTARTTLSにおけるTLSバージョンについてSMTPのSTARTTLSにおけるTLSバージョンについて
SMTPのSTARTTLSにおけるTLSバージョンについてSparx Systems Japan
 
3GPP LTE Detailed explanation 4 (X2 Handover)
3GPP LTE Detailed explanation 4 (X2 Handover)3GPP LTE Detailed explanation 4 (X2 Handover)
3GPP LTE Detailed explanation 4 (X2 Handover)Ryuichi Yasunaga
 
3GPP 5G SA Detailed explanation 1(Relationship between 5G Identifier and Virt...
3GPP 5G SA Detailed explanation 1(Relationship between 5G Identifier and Virt...3GPP 5G SA Detailed explanation 1(Relationship between 5G Identifier and Virt...
3GPP 5G SA Detailed explanation 1(Relationship between 5G Identifier and Virt...Ryuichi Yasunaga
 
IIJmio meeting 16 「通信速度」に影響を与える要素とは
IIJmio meeting 16 「通信速度」に影響を与える要素とはIIJmio meeting 16 「通信速度」に影響を与える要素とは
IIJmio meeting 16 「通信速度」に影響を与える要素とはtechlog (Internet Initiative Japan Inc.)
 
Internetトラフィックエンジニアリングの現実
Internetトラフィックエンジニアリングの現実Internetトラフィックエンジニアリングの現実
Internetトラフィックエンジニアリングの現実J-Stream Inc.
 
IIJmio meeting 26 プライベートLTEとパブリックLTEの相互運用における問題とその解決
IIJmio meeting 26 プライベートLTEとパブリックLTEの相互運用における問題とその解決IIJmio meeting 26 プライベートLTEとパブリックLTEの相互運用における問題とその解決
IIJmio meeting 26 プライベートLTEとパブリックLTEの相互運用における問題とその解決techlog (Internet Initiative Japan Inc.)
 
ZigBee/IEEE802.15.4について調べてみた
ZigBee/IEEE802.15.4について調べてみたZigBee/IEEE802.15.4について調べてみた
ZigBee/IEEE802.15.4について調べてみたRyosuke Uematsu
 
B2-5 あなたの組織をなりすましから保護するための技術を紹介(TwoFive 桐原氏)
B2-5 あなたの組織をなりすましから保護するための技術を紹介(TwoFive 桐原氏)B2-5 あなたの組織をなりすましから保護するための技術を紹介(TwoFive 桐原氏)
B2-5 あなたの組織をなりすましから保護するための技術を紹介(TwoFive 桐原氏)JPAAWG (Japan Anti-Abuse Working Group)
 
IIJmio meeting 9 IIJのモバイル&バックボーンインフラ
IIJmio meeting 9 IIJのモバイル&バックボーンインフラIIJmio meeting 9 IIJのモバイル&バックボーンインフラ
IIJmio meeting 9 IIJのモバイル&バックボーンインフラtechlog (Internet Initiative Japan Inc.)
 
余ったPCをルータに変える、ソフトウェアルータ「SEIL/x86」
余ったPCをルータに変える、ソフトウェアルータ「SEIL/x86」余ったPCをルータに変える、ソフトウェアルータ「SEIL/x86」
余ったPCをルータに変える、ソフトウェアルータ「SEIL/x86」IIJ
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network) Netwax Lab
 
Vpn
VpnVpn
Vpnc_s_halabja
 
IX事業者とインターネットの未来
IX事業者とインターネットの未来IX事業者とインターネットの未来
IX事業者とインターネットの未来Yoshiki Ishida
 
Cours Internet - Téléchargement de fichiers
Cours Internet - Téléchargement de fichiersCours Internet - Téléchargement de fichiers
Cours Internet - Téléchargement de fichiersTunisie collège
 
IIJmio meeting 13 海外トラベルSIMはどうしていつものSIMと違うのか?
IIJmio meeting 13 海外トラベルSIMはどうしていつものSIMと違うのか?IIJmio meeting 13 海外トラベルSIMはどうしていつものSIMと違うのか?
IIJmio meeting 13 海外トラベルSIMはどうしていつものSIMと違うのか?techlog (Internet Initiative Japan Inc.)
 
あなたのところに専用線が届くまで
あなたのところに専用線が届くまであなたのところに専用線が届くまで
あなたのところに専用線が届くまでTomohiro Sakamoto(Onodera)
 
Switch security
Switch securitySwitch security
Switch securitynullowaspmumbai
 
絶対に止まらないバックボーン
絶対に止まらないバックボーン絶対に止まらないバックボーン
絶対に止まらないバックボーンIIJ
 
How to configure dhcp on a cisco asa 5505
How to configure dhcp on a cisco asa 5505How to configure dhcp on a cisco asa 5505
How to configure dhcp on a cisco asa 5505IT Tech
 
DNS移転失敗体験談
DNS移転失敗体験談DNS移転失敗体験談
DNS移転失敗体験談oheso tori
 
B2-3 スマホに対するフィッシングメールへの対策について (NTTドコモ 正見氏)
B2-3 スマホに対するフィッシングメールへの対策について (NTTドコモ 正見氏)B2-3 スマホに対するフィッシングメールへの対策について (NTTドコモ 正見氏)
B2-3 スマホに対するフィッシングメールへの対策について (NTTドコモ 正見氏)JPAAWG (Japan Anti-Abuse Working Group)
 
ISPの向こう側、どうなってますか
ISPの向こう側、どうなってますかISPの向こう側、どうなってますか
ISPの向こう側、どうなってますかAkira Nakagawa
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
IoT GatewayとNode-REDの美味しい関係 - OpenBlocks IoTへのNode-REDの実装 -
IoT GatewayとNode-REDの美味しい関係 - OpenBlocks IoTへのNode-REDの実装 -IoT GatewayとNode-REDの美味しい関係 - OpenBlocks IoTへのNode-REDの実装 -
IoT GatewayとNode-REDの美味しい関係 - OpenBlocks IoTへのNode-REDの実装 -nodered_ug_jp
 
大規模DCのネットワークデザイン
大規模DCのネットワークデザイン大規模DCのネットワークデザイン
大規模DCのネットワークデザインMasayuki Kobayashi
 
Email security
Email securityEmail security
Email securitySultanErbo
 
A2-5 DMARC レポート送信 milter 紹介と最近の傾向
A2-5 DMARC レポート送信 milter 紹介と最近の傾向A2-5 DMARC レポート送信 milter 紹介と最近の傾向
A2-5 DMARC レポート送信 milter 紹介と最近の傾向JPAAWG (Japan Anti-Abuse Working Group)
 
Four failures and one hit
Four failures and one hitFour failures and one hit
Four failures and one hitBruno Lowagie
 
A Hippopotamus for Christmas
A Hippopotamus for ChristmasA Hippopotamus for Christmas
A Hippopotamus for ChristmasBruno Lowagie
 

More Related Content

What's hot

B2-5 あなたの組織をなりすましから保護するための技術を紹介(TwoFive 桐原氏)
B2-5 あなたの組織をなりすましから保護するための技術を紹介(TwoFive 桐原氏)B2-5 あなたの組織をなりすましから保護するための技術を紹介(TwoFive 桐原氏)
B2-5 あなたの組織をなりすましから保護するための技術を紹介(TwoFive 桐原氏)JPAAWG (Japan Anti-Abuse Working Group)
 
余ったPCをルータに変える、ソフトウェアルータ「SEIL/x86」
余ったPCをルータに変える、ソフトウェアルータ「SEIL/x86」余ったPCをルータに変える、ソフトウェアルータ「SEIL/x86」
余ったPCをルータに変える、ソフトウェアルータ「SEIL/x86」IIJ
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network) Netwax Lab
 
IX事業者とインターネットの未来
IX事業者とインターネットの未来IX事業者とインターネットの未来
IX事業者とインターネットの未来Yoshiki Ishida
 
Cours Internet - Téléchargement de fichiers
Cours Internet - Téléchargement de fichiersCours Internet - Téléchargement de fichiers
Cours Internet - Téléchargement de fichiersTunisie collège
 
IIJmio meeting 13 海外トラベルSIMはどうしていつものSIMと違うのか?
IIJmio meeting 13 海外トラベルSIMはどうしていつものSIMと違うのか?IIJmio meeting 13 海外トラベルSIMはどうしていつものSIMと違うのか?
IIJmio meeting 13 海外トラベルSIMはどうしていつものSIMと違うのか?techlog (Internet Initiative Japan Inc.)
 
絶対に止まらないバックボーン
絶対に止まらないバックボーン絶対に止まらないバックボーン
絶対に止まらないバックボーンIIJ
 
How to configure dhcp on a cisco asa 5505
How to configure dhcp on a cisco asa 5505How to configure dhcp on a cisco asa 5505
How to configure dhcp on a cisco asa 5505IT Tech
 
DNS移転失敗体験談
DNS移転失敗体験談DNS移転失敗体験談
DNS移転失敗体験談oheso tori
 
B2-3 スマホに対するフィッシングメールへの対策について (NTTドコモ 正見氏)
B2-3 スマホに対するフィッシングメールへの対策について (NTTドコモ 正見氏)B2-3 スマホに対するフィッシングメールへの対策について (NTTドコモ 正見氏)
B2-3 スマホに対するフィッシングメールへの対策について (NTTドコモ 正見氏)JPAAWG (Japan Anti-Abuse Working Group)
 
ISPの向こう側、どうなってますか
ISPの向こう側、どうなってますかISPの向こう側、どうなってますか
ISPの向こう側、どうなってますかAkira Nakagawa
 
IoT GatewayとNode-REDの美味しい関係 - OpenBlocks IoTへのNode-REDの実装 -
IoT GatewayとNode-REDの美味しい関係 - OpenBlocks IoTへのNode-REDの実装 -IoT GatewayとNode-REDの美味しい関係 - OpenBlocks IoTへのNode-REDの実装 -
IoT GatewayとNode-REDの美味しい関係 - OpenBlocks IoTへのNode-REDの実装 -nodered_ug_jp
 
大規模DCのネットワークデザイン
大規模DCのネットワークデザイン大規模DCのネットワークデザイン
大規模DCのネットワークデザインMasayuki Kobayashi
 
Email security
Email securityEmail security
Email securitySultanErbo
 

What's hot (20)

B2-5 あなたの組織をなりすましから保護するための技術を紹介(TwoFive 桐原氏)
B2-5 あなたの組織をなりすましから保護するための技術を紹介(TwoFive 桐原氏)B2-5 あなたの組織をなりすましから保護するための技術を紹介(TwoFive 桐原氏)
B2-5 あなたの組織をなりすましから保護するための技術を紹介(TwoFive 桐原氏)
 
IIJmio meeting 9 IIJのモバイル&バックボーンインフラ
IIJmio meeting 9 IIJのモバイル&バックボーンインフラIIJmio meeting 9 IIJのモバイル&バックボーンインフラ
IIJmio meeting 9 IIJのモバイル&バックボーンインフラ
 
余ったPCをルータに変える、ソフトウェアルータ「SEIL/x86」
余ったPCをルータに変える、ソフトウェアルータ「SEIL/x86」余ったPCをルータに変える、ソフトウェアルータ「SEIL/x86」
余ったPCをルータに変える、ソフトウェアルータ「SEIL/x86」
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
 
Vpn
VpnVpn
Vpn
 
IX事業者とインターネットの未来
IX事業者とインターネットの未来IX事業者とインターネットの未来
IX事業者とインターネットの未来
 
Cours Internet - Téléchargement de fichiers
Cours Internet - Téléchargement de fichiersCours Internet - Téléchargement de fichiers
Cours Internet - Téléchargement de fichiers
 
IIJmio meeting 13 海外トラベルSIMはどうしていつものSIMと違うのか?
IIJmio meeting 13 海外トラベルSIMはどうしていつものSIMと違うのか?IIJmio meeting 13 海外トラベルSIMはどうしていつものSIMと違うのか?
IIJmio meeting 13 海外トラベルSIMはどうしていつものSIMと違うのか?
 
あなたのところに専用線が届くまで
あなたのところに専用線が届くまであなたのところに専用線が届くまで
あなたのところに専用線が届くまで
 
Switch security
Switch securitySwitch security
Switch security
 
絶対に止まらないバックボーン
絶対に止まらないバックボーン絶対に止まらないバックボーン
絶対に止まらないバックボーン
 
How to configure dhcp on a cisco asa 5505
How to configure dhcp on a cisco asa 5505How to configure dhcp on a cisco asa 5505
How to configure dhcp on a cisco asa 5505
 
DNS移転失敗体験談
DNS移転失敗体験談DNS移転失敗体験談
DNS移転失敗体験談
 
B2-3 スマホに対するフィッシングメールへの対策について (NTTドコモ 正見氏)
B2-3 スマホに対するフィッシングメールへの対策について (NTTドコモ 正見氏)B2-3 スマホに対するフィッシングメールへの対策について (NTTドコモ 正見氏)
B2-3 スマホに対するフィッシングメールへの対策について (NTTドコモ 正見氏)
 
ISPの向こう側、どうなってますか
ISPの向こう側、どうなってますかISPの向こう側、どうなってますか
ISPの向こう側、どうなってますか
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
 
IoT GatewayとNode-REDの美味しい関係 - OpenBlocks IoTへのNode-REDの実装 -
IoT GatewayとNode-REDの美味しい関係 - OpenBlocks IoTへのNode-REDの実装 -IoT GatewayとNode-REDの美味しい関係 - OpenBlocks IoTへのNode-REDの実装 -
IoT GatewayとNode-REDの美味しい関係 - OpenBlocks IoTへのNode-REDの実装 -
 
大規模DCのネットワークデザイン
大規模DCのネットワークデザイン大規模DCのネットワークデザイン
大規模DCのネットワークデザイン
 
Email security
Email securityEmail security
Email security
 
A2-5 DMARC レポート送信 milter 紹介と最近の傾向
A2-5 DMARC レポート送信 milter 紹介と最近の傾向A2-5 DMARC レポート送信 milter 紹介と最近の傾向
A2-5 DMARC レポート送信 milter 紹介と最近の傾向
 

Viewers also liked

Four failures and one hit
Four failures and one hitFour failures and one hit
Four failures and one hitBruno Lowagie
 
A Hippopotamus for Christmas
A Hippopotamus for ChristmasA Hippopotamus for Christmas
A Hippopotamus for ChristmasBruno Lowagie
 
Startup Legal and IP
Startup Legal and IPStartup Legal and IP
Startup Legal and IPBruno Lowagie
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 
Doing business in the US: Yes, You Can!
Doing business in the US: Yes, You Can!Doing business in the US: Yes, You Can!
Doing business in the US: Yes, You Can!Bruno Lowagie
 

Viewers also liked (6)

Four failures and one hit
Four failures and one hitFour failures and one hit
Four failures and one hit
 
A Hippopotamus for Christmas
A Hippopotamus for ChristmasA Hippopotamus for Christmas
A Hippopotamus for Christmas
 
ZUGFeRD: an overview
ZUGFeRD: an overviewZUGFeRD: an overview
ZUGFeRD: an overview
 
Startup Legal and IP
Startup Legal and IPStartup Legal and IP
Startup Legal and IP
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
 
Doing business in the US: Yes, You Can!
Doing business in the US: Yes, You Can!Doing business in the US: Yes, You Can!
Doing business in the US: Yes, You Can!
 

Similar to Digital Signatures in PDF: how it's done

ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFiText Group nv
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyiText Group nv
 
IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)Dania Rashid
 
[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise apps[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise appsOWASP EEE
 
Digital leadership event ipt und swisscom 28.10.2015
Digital leadership event ipt und swisscom 28.10.2015Digital leadership event ipt und swisscom 28.10.2015
Digital leadership event ipt und swisscom 28.10.2015Noemi Haag
 
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegalIANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegaliText Group nv
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO Alliance
 
Xybermotive introduction (en) 092014
Xybermotive introduction (en) 092014Xybermotive introduction (en) 092014
Xybermotive introduction (en) 092014Hans-Chr. Brockmann
 
V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]Robert Grawet
 
Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Innova Advanced Consulting
 
Sinadura Cebit 2012
Sinadura Cebit 2012Sinadura Cebit 2012
Sinadura Cebit 2012zylk net
 

Similar to Digital Signatures in PDF: how it's done (20)

ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDF
 
Document Processing Made Better - Hadi Harb, Apryse
Document Processing Made Better - Hadi Harb, ApryseDocument Processing Made Better - Hadi Harb, Apryse
Document Processing Made Better - Hadi Harb, Apryse
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
 
ECM & Digital Signature
ECM & Digital SignatureECM & Digital Signature
ECM & Digital Signature
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case Study
 
IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)
 
[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise apps[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise apps
 
Owasp digi ms_v1_
Owasp digi ms_v1_Owasp digi ms_v1_
Owasp digi ms_v1_
 
Digital leadership event ipt und swisscom 28.10.2015
Digital leadership event ipt und swisscom 28.10.2015Digital leadership event ipt und swisscom 28.10.2015
Digital leadership event ipt und swisscom 28.10.2015
 
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegalIANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and Legal
 
BeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|IntroductionBeingSign blockchain-based online signing system|Introduction
BeingSign blockchain-based online signing system|Introduction
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
 
GBM Digital Hub
GBM Digital HubGBM Digital Hub
GBM Digital Hub
 
Xybermotive introduction (en) 092014
Xybermotive introduction (en) 092014Xybermotive introduction (en) 092014
Xybermotive introduction (en) 092014
 
Cloud signature chatbot
Cloud signature chatbotCloud signature chatbot
Cloud signature chatbot
 
V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]
 
Cloud signature chatbot
Cloud signature chatbotCloud signature chatbot
Cloud signature chatbot
 
Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...
 
Digital signatur
Digital signaturDigital signatur
Digital signatur
 
Sinadura Cebit 2012
Sinadura Cebit 2012Sinadura Cebit 2012
Sinadura Cebit 2012
 

More from Bruno Lowagie

The Dark Magic of Start-Up Valuation
The Dark Magic of Start-Up ValuationThe Dark Magic of Start-Up Valuation
The Dark Magic of Start-Up ValuationBruno Lowagie
 
Open Source Survival: A Story from the Trenches
Open Source Survival: A Story from the TrenchesOpen Source Survival: A Story from the Trenches
Open Source Survival: A Story from the TrenchesBruno Lowagie
 
Entreprenerd: presenting the book
Entreprenerd: presenting the bookEntreprenerd: presenting the book
Entreprenerd: presenting the bookBruno Lowagie
 
The Secret of your Success
The Secret of your SuccessThe Secret of your Success
The Secret of your SuccessBruno Lowagie
 
Blockchain: use cases for the future
Blockchain: use cases for the futureBlockchain: use cases for the future
Blockchain: use cases for the futureBruno Lowagie
 
Blockchain Fundamentals
Blockchain FundamentalsBlockchain Fundamentals
Blockchain FundamentalsBruno Lowagie
 
How can large open source projects be monetized?
How can large open source projects be monetized?How can large open source projects be monetized?
How can large open source projects be monetized?Bruno Lowagie
 
Open source: an introduction to IP and Legal
Open source: an introduction to IP and LegalOpen source: an introduction to IP and Legal
Open source: an introduction to IP and LegalBruno Lowagie
 
How can large open source projects be monetized?
How can large open source projects be monetized?How can large open source projects be monetized?
How can large open source projects be monetized?Bruno Lowagie
 
Waarom iText de Leeuw van de Export 2016 moet winnen
Waarom iText de Leeuw van de Export 2016 moet winnenWaarom iText de Leeuw van de Export 2016 moet winnen
Waarom iText de Leeuw van de Export 2016 moet winnenBruno Lowagie
 
Belgium and the US: a mutual introduction
Belgium and the US: a mutual introductionBelgium and the US: a mutual introduction
Belgium and the US: a mutual introductionBruno Lowagie
 
Startup Weekend Ghent
Startup Weekend GhentStartup Weekend Ghent
Startup Weekend GhentBruno Lowagie
 
Community Leadership Summit - Calistoga March 2013
Community Leadership Summit - Calistoga March 2013Community Leadership Summit - Calistoga March 2013
Community Leadership Summit - Calistoga March 2013Bruno Lowagie
 
Bizcamp #8: The Founder's Dilemmas, Control vs. Wealth decisions
Bizcamp #8: The Founder's Dilemmas, Control vs. Wealth decisionsBizcamp #8: The Founder's Dilemmas, Control vs. Wealth decisions
Bizcamp #8: The Founder's Dilemmas, Control vs. Wealth decisionsBruno Lowagie
 
Kruispunt Brugsepoortstraat
Kruispunt BrugsepoortstraatKruispunt Brugsepoortstraat
Kruispunt BrugsepoortstraatBruno Lowagie
 
What's new in PDF 2.0 regarding digital signatures
What's new in PDF 2.0 regarding digital signaturesWhat's new in PDF 2.0 regarding digital signatures
What's new in PDF 2.0 regarding digital signaturesBruno Lowagie
 
GentM #9: Business Angels
GentM #9: Business AngelsGentM #9: Business Angels
GentM #9: Business AngelsBruno Lowagie
 
Zenika - iText in Action
Zenika - iText in ActionZenika - iText in Action
Zenika - iText in ActionBruno Lowagie
 
PDF Digital signatures
PDF Digital signaturesPDF Digital signatures
PDF Digital signaturesBruno Lowagie
 

More from Bruno Lowagie (20)

The Dark Magic of Start-Up Valuation
The Dark Magic of Start-Up ValuationThe Dark Magic of Start-Up Valuation
The Dark Magic of Start-Up Valuation
 
Open Source Survival: A Story from the Trenches
Open Source Survival: A Story from the TrenchesOpen Source Survival: A Story from the Trenches
Open Source Survival: A Story from the Trenches
 
Entreprenerd: presenting the book
Entreprenerd: presenting the bookEntreprenerd: presenting the book
Entreprenerd: presenting the book
 
The Secret of your Success
The Secret of your SuccessThe Secret of your Success
The Secret of your Success
 
Blockchain: use cases for the future
Blockchain: use cases for the futureBlockchain: use cases for the future
Blockchain: use cases for the future
 
Blockchain Fundamentals
Blockchain FundamentalsBlockchain Fundamentals
Blockchain Fundamentals
 
How can large open source projects be monetized?
How can large open source projects be monetized?How can large open source projects be monetized?
How can large open source projects be monetized?
 
Open source: an introduction to IP and Legal
Open source: an introduction to IP and LegalOpen source: an introduction to IP and Legal
Open source: an introduction to IP and Legal
 
How can large open source projects be monetized?
How can large open source projects be monetized?How can large open source projects be monetized?
How can large open source projects be monetized?
 
Waarom iText de Leeuw van de Export 2016 moet winnen
Waarom iText de Leeuw van de Export 2016 moet winnenWaarom iText de Leeuw van de Export 2016 moet winnen
Waarom iText de Leeuw van de Export 2016 moet winnen
 
Belgium and the US: a mutual introduction
Belgium and the US: a mutual introductionBelgium and the US: a mutual introduction
Belgium and the US: a mutual introduction
 
Startup Weekend Ghent
Startup Weekend GhentStartup Weekend Ghent
Startup Weekend Ghent
 
Community Leadership Summit - Calistoga March 2013
Community Leadership Summit - Calistoga March 2013Community Leadership Summit - Calistoga March 2013
Community Leadership Summit - Calistoga March 2013
 
Bizcamp #8: The Founder's Dilemmas, Control vs. Wealth decisions
Bizcamp #8: The Founder's Dilemmas, Control vs. Wealth decisionsBizcamp #8: The Founder's Dilemmas, Control vs. Wealth decisions
Bizcamp #8: The Founder's Dilemmas, Control vs. Wealth decisions
 
Kruispunt Brugsepoortstraat
Kruispunt BrugsepoortstraatKruispunt Brugsepoortstraat
Kruispunt Brugsepoortstraat
 
What's new in PDF 2.0 regarding digital signatures
What's new in PDF 2.0 regarding digital signaturesWhat's new in PDF 2.0 regarding digital signatures
What's new in PDF 2.0 regarding digital signatures
 
GentM #9: Business Angels
GentM #9: Business AngelsGentM #9: Business Angels
GentM #9: Business Angels
 
De lijn
De lijnDe lijn
De lijn
 
Zenika - iText in Action
Zenika - iText in ActionZenika - iText in Action
Zenika - iText in Action
 
PDF Digital signatures
PDF Digital signaturesPDF Digital signatures
PDF Digital signatures
 

Recently uploaded

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Recently uploaded (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Digital Signatures in PDF: how it's done

  • 1. © 2015, iText Group NV, iText Software Corp., iText Software BVBA© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital Signatures: how it’s done in PDF UGent (July 1, 2015)
  • 2. © 2015, iText Group NV, iText Software Corp., iText Software BVBA© 2015, iText Group NV, iText Software Corp., iText Software BVBA Agenda • Why do we need digital signatures? • Basic concepts… • … applied to PDF • Architectures: server-side vs. client-side • Digital signatures and document workflow • Long term validation
  • 3. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF3 Why do we need digital signatures? Integrity Authenticity Non-repudiation
  • 4. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Integrity Digital signatures: how it's done in PDF4 I paid a forged invoice and lost 30K€ !
  • 5. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Authenticity Digital signatures: how it's done in PDF5 Why am I, Emperor Constantine I, in this picture? I never transferred authority to the Pope!
  • 6. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Non-repudiation Digital signatures: how it's done in PDF6 I didn’t do it!
  • 7. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Three goals Integrity — we want assurance that the document hasn’t been changed somewhere in the workflow. Authenticity — we want assurance that the author of the document is who we think it is (and not somebody else). Non-repudiation — we want assurance that the author can’t deny his authorship. Digital signatures: how it's done in PDF7
  • 8. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF8 Basic Concepts… Hashing algorithms Encryption algorithms Certificate Authorities Digital signatures
  • 9. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1: Integrity check using hash Digital signatures: how it's done in PDF9 Document Generate Hash AF1B4C...D34E Secure Server / Website Retrieve Hash AF1B4C...D34E Compare!
  • 10. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1: Hashing Hashing algorithm a cryptographic hash function to turn an arbitrary block of data into a fixed-size bit string. Available algorithms MD5: Ron Rivest (deprecated) SHA: SHA-1: NSA (phased out!) SHA-2: NSA / NIST SHA-3: Keccak (made in Belgium!) RIPEMD: KULeuven Digital signatures: how it's done in PDF10
  • 11. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 2: Encryption Assymetric key algorithms Encryption Digital signing Digital signatures: how it's done in PDF11
  • 12. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 2: Some name dropping Public Key Cryptography Standards PKCS#1: RSA Cryptography Standard (Rivest, Shamir, Adleman) PKCS#7: Cryptographic Message Standard (CMS) PKCS#11: Cryptographic Token Interface PKCS#12: Personal Information Exchange Syntax Standard PKCS#13: Elliptic Curve Cryptography Standard (ECDSA) Federal Information Processing Standards (FIPS) DSA: Digital Signature Algorithm (DSA) European Telecommunications Standards Institute (ETSI) CMS Advanced Electronic Signatures (CAdES) Digital signatures: how it's done in PDF12
  • 13. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 3: Certificate Authorities Digital signatures: how it's done in PDF13
  • 14. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 3: example Digital signatures: how it's done in PDF14 Self-signed: Signed by Adobe: Signed by GlobalSign: Signed by GlobalSign
  • 15. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 3: example Digital signatures: how it's done in PDF15
  • 16. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 3: the green check mark PKCS#12: Personal Information Exchange Syntax Standard public and private key are stored in a file PKCS#11: Cryptographic Token Interface public and private key are stored on a device In the context of PDF:  Certified Document Services (CDS): Adobe’s root certificate  Adobe Approved Trust List (AATL): Trusted root certificates (since Acrobat 9) Digital signatures: how it's done in PDF16
  • 17. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1 + Concept 2 + Concept 3 Producer Provides data as-is: [A] Provides hash of data, encrypted using private key: [B] Provides public key Consumer Creates hash from data [A]: hash1 Decrypts hash [B] using public key: hash2 If (hash1 == hash2) document OK! Digital signatures: how it's done in PDF17
  • 18. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Goals met? Integrity Hashes are identical Authenticity Identity is stored in public key provided by CA A time-stamp can be added Non-repudiation If hash can be decrypted with public key, the document was signed with the corresponding private key Digital signatures: how it's done in PDF18
  • 19. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Differences between EU and US In the US, we make a distinction Electronic signatures don’t necessarily involve PKI Digital signatures when a PKI infrastructure is involved In Europe, we speak of electronic signatures As a synonym for digital signatures All laws and regulations take this wording There’s no sharp distinction between electronic and digital signatures (which leads to confusion) I always speak of digital signatures Digital signatures: how it's done in PDF19
  • 20. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF20 … Applied to PDF ISO 32000-1 ETSI TS 102 778 (PAdES) ISO 32000-2
  • 21. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Standards ISO ISO-32000-1 (2008) based on PDF 1.7 (2006) ISO-32000-2 will define PDF 2.0 (2016) ETSI: TS 102 778 (2009 - 2010) PAdES 1: Overview PAdES 2: Basic – CMS based (ISO-32000-1) PAdES 3: Enhanced – CAdES based (ISO-32000-2) PAdES 4: LTV – Long Term Validation PAdES 5: XAdES based (XML content) PAdES 6: Visual representation guidelines ETSI: TS 103 172 (2011 - 2013) PAdES Baseline Profile Digital signatures: how it's done in PDF21
  • 22. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Signatures in PDF There are no bytes in the PDF that aren’t covered, other than the PDF signature itself. (*) The digital signature isn’t part of the ByteRange. The concept “to initial a document” doesn’t exist; you sign the complete document at once, not on a page per page basis. (*) Digital signatures: how it's done in PDF22
  • 23. © 2015, iText Group NV, iText Software Corp., iText Software BVBA What’s inside a signature? Digital signatures: how it's done in PDF23 ISO-32000-2: At minimum the PKCS#7 object shall include the signer’s X.509 signing certificate. This certificate shall be used to verify the signature value in /Contents. Best practices (“should” also have): • Full certificate chain • Revocation information (CRL / OCSP) • Timestamp %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE • Signed Message Digest • Certificate chain • Revocation information • Timestamp
  • 24. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF24 Architectures Server-side signing Client-side signing Deferred signing
  • 25. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Server-side signing Digital signatures: how it's done in PDF25 <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest Application DeviceSERVER
  • 26. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases server-side signing Company signature Invoices Contracts … Signing services in the Cloud Docusign Echosign … Security management responsibilities! Digital signatures: how it's done in PDF26
  • 27. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Client-side signing Digital signatures: how it's done in PDF27 <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest ApplicationDevice CLIENT
  • 28. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases client-side signing Desktop applications Adobe Acrobat Pro Adobe Reader (for Reader-enabled documents) Home-made, e.g. using iText In a web context The PDF software runs on the client, e.g. using Java Web Start Access to the token or smart card through MSCAPI PKCS#11 Custom smart card library Security User has smart card and PIN or USB token and passphrase Digital signatures: how it's done in PDF28 1 signature / second
  • 29. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Deferred signing Digital signatures: how it's done in PDF29 Signed Message Digest AppDevice CLIENT <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Application SERVER
  • 30. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases deferred signing Signing on an iPad/Tablet App on the device has a low footprint Easy to integrate into a document management system Example: eaZySign (Zetes) Disadvantage At most 1 signature / second You need to trust the server that the hash you receive is actually the hash of the document you want to sign. ISAE 3000 the standard for assurance over non-financial information. ISAE3000 is issued by the International Federation of Accountants (IFAC). The standard consists of guidelines for the ethical behavior, quality management and performance of an ISAE3000 engagement. Generally ISAE3000 is applied for audits of internal control, sustainability and compliance with laws and regulations. Digital signatures: how it's done in PDF30
  • 31. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF31 Digital signatures and workflow Author signatures Recipient signatures Locking fields / documents
  • 32. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Serial signatures 32 %PDF-1.x % Original document % Additional content 1 ... ... %%EOF DIGITAL SIGNATURE 1 ... %%EOF DIGITAL SIGNATURE 2 % Additional content 2 ... ... %%EOF DIGITAL SIGNATURE 3 Rev1 Rev2 Rev3 A PDF document can be signed more than once, but parallel signatures aren’t supported, only serial signatures: additional signatures sign all previous signatures.
  • 33. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: types Certification (aka author) signature Only possible for the first revision Involves modification detection permissions: No changes allowed Form filling and signing allowed Form filling, signing and commenting allowed Approval (aka recipient) signature Workflow with subsequent signers New in PDF 2.0: modification detection permissions Digital signatures: how it's done in PDF33
  • 34. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Other possible icons Signer’s identity is unknown Document has been altered or corrupted Digital signatures: how it's done in PDF34
  • 35. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Certified by Alice Digital signatures: how it's done in PDF35
  • 36. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Bob Digital signatures: how it's done in PDF36
  • 37. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Bob’s signature invalidated by Chuck Digital signatures: how it's done in PDF37
  • 38. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Carol Digital signatures: how it's done in PDF38
  • 39. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Dave Digital signatures: how it's done in PDF39
  • 40. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Signature and lock broken by Chuck Digital signatures: how it's done in PDF40
  • 41. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF41 Long-term validation Revocation Timestamps LTV
  • 42. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Certificates expire Digital signatures: how it's done in PDF42 Expiration date 2013 2014 2015
  • 43. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Certificates get revoked Digital signatures: how it's done in PDF43 Expiration dateRevocation date 2013 2014 2015
  • 44. © 2015, iText Group NV, iText Software Corp., iText Software BVBA CA: CRL and OCSP Digital signatures: how it's done in PDF44
  • 45. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 3: example Digital signatures: how it's done in PDF45 Self-signed: Signed by Adobe: Signed by GlobalSign: Signed by GlobalSign
  • 46. © 2015, iText Group NV, iText Software Corp., iText Software BVBA How to survive revocation / expiration? Digital signatures: how it's done in PDF46 Expiration dateRevocation date
  • 47. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Timestamps Digital signatures: how it's done in PDF47
  • 48. © 2015, iText Group NV, iText Software Corp., iText Software BVBA What to do when: There’s no CRL/OCSP/TS in the document? The certificate is about to expire in one of your documents? The hashing/encryption algorithm is about to be deprecated? Digital signatures: how it's done in PDF48
  • 49. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Document Security Store (DSS) Digital signatures: how it's done in PDF49 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE • Signed Message Digest • Certificate %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DIGITAL SIGNATURE • Signed Message Digest • Certificate
  • 50. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Document-level timestamp Digital signatures: how it's done in PDF50 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 ETSI.RFC3161 DIGITAL SIGNATURE • Signed Message Digest • Certificate DIGITAL SIGNATURE • Signed Message Digest • Certificate
  • 51. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF51 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 DSS for TS1 DOCUMENT TIMESTAMP TS2 DIGITAL SIGNATURE • Signed Message Digest • Certificate DIGITAL SIGNATURE • Signed Message Digest • Certificate
  • 52. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: how it's done in PDF52 Questions? itextpdf.com SG: sales.isa@itextpdf.com +65 31 58 39 47 BE: sales.isb@itextpdf.com +32 92 98 02 31 US: sales.isc@itextpdf.com +1 617 982 646