What's new in PDF 2.0 regarding digital signatures

5,237 views

Published on

These are my slides for my talk about digital signatures in PDF at W-JAX München (November 7, 2012)

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,237
On SlideShare
0
From Embeds
0
Number of Embeds
1,735
Actions
Shares
0
Downloads
112
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

What's new in PDF 2.0 regarding digital signatures

  1. 1. Whats new in PDF 2.0regarding Digital SignaturesBruno LowagieiText Software Group
  2. 2. Digital Signatures are gaining importance!• Electronic invoices – Going paperless!• Contracts and Agreements – Workflow!• Notarized documents – Long-Term Validation!• Official documents – Assurance of authenticity! www.itextpdf.com
  3. 3. Standards: PAdES — ISO-32000-2 www.itextpdf.com
  4. 4. iText White Paper www.itextpdf.com
  5. 5. iText White Paper• Chapter 1: – The concept of digital signatures• Chapter 2: – Digital signatures in the context of PDF• Chapter 3: – Best practices in signing• Chapter 4: – Architectures for digital signing• Chapter 5: – Verification and Long-Term Validation www.itextpdf.com
  6. 6. Goals• Integrity — we want assurance that the document hasn’t been changed somewhere in the workflow• Authenticity — we want assurance that the author of the document is who we think it is (and not somebody else)• Non-repudiation — we want assurance that the author can’t deny his authorship. www.itextpdf.com
  7. 7. Concept 1: Message digest• Hashing algorithm: – a cryptographic hash function to turn an arbitrary block of data into a fixed-size bit string.• Available algorithms: – MD5: Ron Rivest – SHA • SHA-1: NSA • SHA-2: NSA / NIST • NEW: SHA-3 contest winner ―Keccak‖ – RIPEMD: KULeuven www.itextpdf.com
  8. 8. Concept 2: Encryption• Asymmetric key algorithms – Encryption – Digital signing www.itextpdf.com
  9. 9. Concept 1 + Concept 2• Producer – Provides data as-is – Provides hash encrypted using private key – Provides public key• Consumer – Creates hash from data: hash1 – Decrypts hash using public key: hash2 – If (hash1 == hash2) document OK! www.itextpdf.com
  10. 10. Goals met?• Integrity: – hashes are identical• Authenticity: – identity found along with public key• Non-repudiation: – if hash can be decrypted with public key, the document was signed with the corresponding private key www.itextpdf.com
  11. 11. iText White Paper• Chapter 1: – The concept of digital signatures• Chapter 2: – Digital signatures in the context of PDF• Chapter 3: – Best practices in signing• Chapter 4: – Architectures for digital signing• Chapter 5: – Verification and Long-Term Validation www.itextpdf.com
  12. 12. PDF Syntax• There are no bytes in the PDF that aren’t covered, other than the PDF signature itself.• The digital signature isn’t part of the ByteRange.• The concept ―to initial a document‖ doesn’t exist; you sign the complete document at once (not on a page per page basis). www.itextpdf.com
  13. 13. How to compose a signature? www.itextpdf.com
  14. 14. Old subfilters• adbe.x509.rsa_sha1 – Message Digest: SHA-1, SHA256, SHA384, SHA512, RIPEMD160 – Encryption: RSA – Uses PKCS#1: forbidden in PAdES• adbe.pkcs7.sha1 – Message Digest: SHA-1 – Encryption: RSA, DSA – Subfilter deprecated in ISO-32000-2 www.itextpdf.com
  15. 15. Detached signatures• adbe.pkcs7.detached• ETSI.CAdES.detached – SHA-1, SHA256, SHA384, SHA512, RIPEMD160 – RSA, DSA, ECDSA• Warning – SHA-1 is being phased out – Key length ≥ 2048-bit – Some combinations won’t work in old versions www.itextpdf.com
  16. 16. Private key & CertificatesBouncyCastleProvider provider = new BouncyCastleProvider();Security.addProvider(provider);KeyStore ks = KeyStore.getInstance("pkcs12", provider.getName());ks.load(new FileInputStream(path), pass);String alias = (String)ks.aliases().nextElement();PrivateKey pk = (PrivateKey) ks.getKey(alias, pass);Certificate[] chain = ks.getCertificateChain(alias); www.itextpdf.com
  17. 17. iText Reader & StamperPdfReader reader = new PdfReader(src);OutputStream os = new FileOutputStream(dest);PdfStamper stamper = PdfStamper.createSignature(reader, os, 0); www.itextpdf.com
  18. 18. Signature appearancePdfSignatureAppearance appearance = stamper.getSignatureAppearance();appearance.setReason(reason);appearance.setLocation(location);appearance.setVisibleSignature( new Rectangle(36, 748, 144, 780), 1, "sig");appearance.setCertificationLevel(certificationLevel); www.itextpdf.com
  19. 19. Creating the signatureExternalDigest digest = new BouncyCastleDigest();ExternalSignature pks = new PrivateKeySignature( pk, digestAlgorithm, provider);MakeSignature.signDetached( appearance, digest, pks, chain, null, null, null, 0, subfilter); CMS/CADES Chapter 3 www.itextpdf.com
  20. 20. Default appearance www.itextpdf.com
  21. 21. Custom appearance www.itextpdf.com
  22. 22. Certification Level• Certification (aka author) signature— only possible for the first revision; involves modification detection and prevention (MDP).• Approval (aka recipient) signature— workflow with subsequent signers.• Usage Rights signature— involving Adobe’s private key to Reader enable a PDF (off-topic here). www.itextpdf.com
  23. 23. Author signature www.itextpdf.com
  24. 24. Approval signature www.itextpdf.com
  25. 25. Approval signature: broken www.itextpdf.com
  26. 26. Approval signature: update www.itextpdf.com
  27. 27. Serial signatures• A document can be signed more than once.• Parallel signatures aren’t supported.• Additional signatures sign all previous signatures. www.itextpdf.com
  28. 28. Workflow: Certified by Alice www.itextpdf.com
  29. 29. Read & Approved by Bob www.itextpdf.com
  30. 30. Signed by Bob www.itextpdf.com
  31. 31. Chuck and the MDP settings www.itextpdf.com
  32. 32. Read & Approved by Carol www.itextpdf.com
  33. 33. Signed by Carol www.itextpdf.com
  34. 34. Filled out and signed by Dave www.itextpdf.com
  35. 35. Chuck and the MDP settings www.itextpdf.com
  36. 36. iText White Paper• Chapter 1: – The concept of digital signatures• Chapter 2: – Digital signatures in the context of PDF• Chapter 3: – Best practices in signing• Chapter 4: – Architectures for digital signing• Chapter 5: – Verification and Long-Term Validation www.itextpdf.com
  37. 37. Certificate Authorities www.itextpdf.com
  38. 38. Self-signed certificate www.itextpdf.com
  39. 39. Certificate Authority www.itextpdf.com
  40. 40. CDS / AATL www.itextpdf.com
  41. 41. Certificate Revocation• What if your certificate is compromised?• CRL: Certificate Revocation List• OCSP: Online Certificate Status Protocol www.itextpdf.com
  42. 42. List<CrlClient> crlList =new ArrayList<CrlClient>();• CrlClientOnline• CrlClientOffline
  43. 43. OcspClient ocspClient =new OcspClientBouncyCastle();
  44. 44. CRL versus OSCP• File Size: – OCSP: small, predictable size – CRL: depends on the CA• Performance: – CRL: can be cached – OCSP: online connection• Legal requirements www.itextpdf.com
  45. 45. Certificates expire 2012 2013 2014 Expiration date www.itextpdf.com
  46. 46. Certificates get revoked Revocation date Expiration date www.itextpdf.com
  47. 47. How to survive expiration? Revocation date Expiration date www.itextpdf.com
  48. 48. TSAClient tsa = new TSAClientBouncyCastle( tsaUrl, tsaUser, tsaPass);
  49. 49. iText White Paper• Chapter 1: – The concept of digital signatures• Chapter 2: – Digital signatures in the context of PDF• Chapter 3: – Best practices in signing• Chapter 4: – Architectures for digital signing• Chapter 5: – Verification and Long-Term Validation www.itextpdf.com
  50. 50. Client + software certificate www.itextpdf.com
  51. 51. Client + key on hardware www.itextpdf.com
  52. 52. Server + software certificate www.itextpdf.com
  53. 53. Server + key on hardware www.itextpdf.com
  54. 54. iText White Paper• Chapter 1: – The concept of digital signatures• Chapter 2: – Digital signatures in the context of PDF• Chapter 3: – Best practices in signing• Chapter 4: – Architectures for digital signing• Chapter 5: – Verification and Long-Term Validation www.itextpdf.com
  55. 55. Inspecting signed documents• Manually• Automated process – Checking the integrity of a signed PDF – Checking the certificate chain – Retrieving information from the signature – TODO: validate MDP settings www.itextpdf.com
  56. 56. What to do when...• There’s no CRL/OCSP/TS in the document?• The certificate is about to expire?• The hashing / encryption algorithm is about to be deprecated? www.itextpdf.com
  57. 57. Long-Term Validation (LTV) www.itextpdf.com
  58. 58. Long-Term Validation (LTV) www.itextpdf.com
  59. 59. Validation of LTVPAdES 4 section 4.3:• The ―latest‖ document timestamp should be validated at current time with validation data collected at current time.• The ―inner‖ document timestamp should be validated at previous document timestamp time with the validation present (and timestamped for the successive enveloping timestamps) in the previous DSS.• The signature and the signature timestamp should be validated at the latest innermost LTV document timestamp time using the validation data stored in the DSS and timestamped by the successive enveloping timestamps. www.itextpdf.com
  60. 60. Whats new in PDF 2.0regarding Digital SignaturesBruno LowagieCEOiText Software Group
  61. 61. Conclusion• ISO-32000-2 (PDF 2.0) – Deprecation of old subfiltertypes – Support for new subfiltertypes – Support for CAdES signatures – Support for ECDSA encryption – MDP extended to approval signatures – LTV: Long-term validation www.itextpdf.com
  62. 62. Conclusion• PAdES – PAdES 1: summary of PAdES – PAdES 2: CMS (ISO-32000-1) – PAdES 3: CAdES (ISO-32000-2) – PAdES 4: LTV (ISO-32000-2) – PAdES 5: not discussed (iText Roadmap 2013) – PAdES 6: signature appearance www.itextpdf.com
  63. 63. Conclusion• Technology – Software certificates (PKCS#12) – HSM (PKCS#11) – USB token (PKCS#11, MSCAPI) – Smart card (PKCS#11, MSCAPI, smartcardio, ...) www.itextpdf.com
  64. 64. Thank you!http://itextpdf.com/book/digitalsignatures www.itextpdf.com

×