SlideShare a Scribd company logo

Digital Signatures: how it's done in PDF

These are the slides that were be presented at a GlobalSign customer event in Leuven on September 16, 2014. In my talk, I explained why digital signatures are important. I introduced the audience to the basic concepts used when signing documents and showed how these concepts are used in the context of PDF. Furthermore, I discussed different architectures to implement a digital signature solution, as well as how digital signatures can be used in a workflow and how we can create digital signatures for the long term.

1 of 50
Download to read offline
Digital Signatures 
How it’s done in PDF
iText, an open source PDF library 
Java 
C#
Shareholders: 
-Ingeborg Willaert (50%) 
-Bruno Lowagie (50%) 
iText Group NV 
°2008 Belgium 
IP, TM, Development 
Marketing 
iText Software BVBA 
°2011 Belgium 
Sales EMEA/Asia 
iText Software Corp. 
°2009 USA (CA/MA) 
Sales Americas/Oceania 
Board of Directors: 
-Peter Camps (chairman) 
-Ingeborg Willaert 
-Bruno Lowagie 
Advisory Board: 
-Andrew Binstock 
-Mark de Visser 
-Bernard Slede 
iTextGroup 
Benelux: 10th place 
Belgium: 3rd place
Agenda 
•Why do we need digital signatures? 
•Basic concepts… 
•… applied to PDF 
•Architectures: server-side vs. client-side 
•Digital signatures and document workflow 
•Long term validation
Introduction 
Why do we need digital signatures?
Integrity 
I paid a forged invoice 
and lost 30K€!

Recommended

More Related Content

What's hot

Context free grammars
Context free grammarsContext free grammars
Context free grammarsRonak Thakkar
 
closure properties of regular language.pptx
closure properties of regular language.pptxclosure properties of regular language.pptx
closure properties of regular language.pptxThirumoorthy64
 
Regular expression (compiler)
Regular expression (compiler)Regular expression (compiler)
Regular expression (compiler)Jagjit Wilku
 
Point to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPPoint to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPNetProtocol Xpert
 
Finite Automata: Deterministic And Non-deterministic Finite Automaton (DFA)
Finite Automata: Deterministic And Non-deterministic Finite Automaton (DFA)Finite Automata: Deterministic And Non-deterministic Finite Automaton (DFA)
Finite Automata: Deterministic And Non-deterministic Finite Automaton (DFA)Mohammad Ilyas Malik
 
Socket Programming In Python
Socket Programming In PythonSocket Programming In Python
Socket Programming In Pythondidip
 
20 common port numbers and their purposes
20 common port numbers and their purposes 20 common port numbers and their purposes
20 common port numbers and their purposes salamassh
 
Application layer
Application layerApplication layer
Application layerreshmadayma
 
NFA Non Deterministic Finite Automata by Mudasir khushik
NFA Non Deterministic Finite Automata by Mudasir khushikNFA Non Deterministic Finite Automata by Mudasir khushik
NFA Non Deterministic Finite Automata by Mudasir khushikMudsaraliKhushik
 
Regular expression to NFA (Nondeterministic Finite Automata)
Regular expression to NFA (Nondeterministic Finite Automata)Regular expression to NFA (Nondeterministic Finite Automata)
Regular expression to NFA (Nondeterministic Finite Automata)Niloy Biswas
 
Saml authentication bypass
Saml authentication bypassSaml authentication bypass
Saml authentication bypassTarachand Verma
 
Minimization of DFA
Minimization of DFAMinimization of DFA
Minimization of DFAkunj desai
 
Testing Rich Domain Models
Testing Rich Domain ModelsTesting Rich Domain Models
Testing Rich Domain ModelsChris Richardson
 
Email server configuration on cisco packet tracer
Email server configuration on cisco packet tracerEmail server configuration on cisco packet tracer
Email server configuration on cisco packet tracerprodhan999
 
Automata theory -- NFA and DFA construction
Automata theory -- NFA and DFA  constructionAutomata theory -- NFA and DFA  construction
Automata theory -- NFA and DFA constructionAkila Krishnamoorthy
 
CONTEXT FREE GRAMMAR
CONTEXT FREE GRAMMAR CONTEXT FREE GRAMMAR
CONTEXT FREE GRAMMAR Zahid Parvez
 

What's hot (20)

Context free grammars
Context free grammarsContext free grammars
Context free grammars
 
Regular Grammar
Regular GrammarRegular Grammar
Regular Grammar
 
closure properties of regular language.pptx
closure properties of regular language.pptxclosure properties of regular language.pptx
closure properties of regular language.pptx
 
Regular expression (compiler)
Regular expression (compiler)Regular expression (compiler)
Regular expression (compiler)
 
Point to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPPoint to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAP
 
Subnetting class C
Subnetting class CSubnetting class C
Subnetting class C
 
Finite Automata: Deterministic And Non-deterministic Finite Automaton (DFA)
Finite Automata: Deterministic And Non-deterministic Finite Automaton (DFA)Finite Automata: Deterministic And Non-deterministic Finite Automaton (DFA)
Finite Automata: Deterministic And Non-deterministic Finite Automaton (DFA)
 
Socket Programming In Python
Socket Programming In PythonSocket Programming In Python
Socket Programming In Python
 
20 common port numbers and their purposes
20 common port numbers and their purposes 20 common port numbers and their purposes
20 common port numbers and their purposes
 
Application layer
Application layerApplication layer
Application layer
 
NFA Non Deterministic Finite Automata by Mudasir khushik
NFA Non Deterministic Finite Automata by Mudasir khushikNFA Non Deterministic Finite Automata by Mudasir khushik
NFA Non Deterministic Finite Automata by Mudasir khushik
 
Chapter10
Chapter10Chapter10
Chapter10
 
TOC 3 | Different Operations on DFA
TOC 3 | Different Operations on DFATOC 3 | Different Operations on DFA
TOC 3 | Different Operations on DFA
 
Regular expression to NFA (Nondeterministic Finite Automata)
Regular expression to NFA (Nondeterministic Finite Automata)Regular expression to NFA (Nondeterministic Finite Automata)
Regular expression to NFA (Nondeterministic Finite Automata)
 
Saml authentication bypass
Saml authentication bypassSaml authentication bypass
Saml authentication bypass
 
Minimization of DFA
Minimization of DFAMinimization of DFA
Minimization of DFA
 
Testing Rich Domain Models
Testing Rich Domain ModelsTesting Rich Domain Models
Testing Rich Domain Models
 
Email server configuration on cisco packet tracer
Email server configuration on cisco packet tracerEmail server configuration on cisco packet tracer
Email server configuration on cisco packet tracer
 
Automata theory -- NFA and DFA construction
Automata theory -- NFA and DFA  constructionAutomata theory -- NFA and DFA  construction
Automata theory -- NFA and DFA construction
 
CONTEXT FREE GRAMMAR
CONTEXT FREE GRAMMAR CONTEXT FREE GRAMMAR
CONTEXT FREE GRAMMAR
 

Viewers also liked

Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 
PDF made easy with iText 7
PDF made easy with iText 7PDF made easy with iText 7
PDF made easy with iText 7iText Group nv
 
PAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadPAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadiText Group nv
 
The importance of standards
The importance of standardsThe importance of standards
The importance of standardsiText Group nv
 
iText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Group nv
 
Intellectual property and licensing
Intellectual property and licensingIntellectual property and licensing
Intellectual property and licensingiText Group nv
 
FIT Seminar Singapore presentation
FIT Seminar Singapore presentationFIT Seminar Singapore presentation
FIT Seminar Singapore presentationiText Group nv
 
Monetizing open-source projects
Monetizing open-source projectsMonetizing open-source projects
Monetizing open-source projectsiText Group nv
 
Tech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitTech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitiText Group nv
 
Présentation de mon PFE
Présentation de mon PFEPrésentation de mon PFE
Présentation de mon PFENadir Haouari
 
présentation soutenance PFE.ppt
présentation soutenance PFE.pptprésentation soutenance PFE.ppt
présentation soutenance PFE.pptMohamed Ben Bouzid
 

Viewers also liked (13)

Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
 
PDF made easy with iText 7
PDF made easy with iText 7PDF made easy with iText 7
PDF made easy with iText 7
 
PAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadPAdES signatures in iText and the road ahead
PAdES signatures in iText and the road ahead
 
The importance of standards
The importance of standardsThe importance of standards
The importance of standards
 
iText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Summit 2014: Keynote talk
iText Summit 2014: Keynote talk
 
Intellectual property and licensing
Intellectual property and licensingIntellectual property and licensing
Intellectual property and licensing
 
Oops, I broke my API
Oops, I broke my APIOops, I broke my API
Oops, I broke my API
 
FIT Seminar Singapore presentation
FIT Seminar Singapore presentationFIT Seminar Singapore presentation
FIT Seminar Singapore presentation
 
Monetizing open-source projects
Monetizing open-source projectsMonetizing open-source projects
Monetizing open-source projects
 
ZUGFeRD: an overview
ZUGFeRD: an overviewZUGFeRD: an overview
ZUGFeRD: an overview
 
Tech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitTech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hit
 
Présentation de mon PFE
Présentation de mon PFEPrésentation de mon PFE
Présentation de mon PFE
 
présentation soutenance PFE.ppt
présentation soutenance PFE.pptprésentation soutenance PFE.ppt
présentation soutenance PFE.ppt
 

Similar to Digital Signatures: how it's done in PDF

What's new in PDF 2.0 regarding digital signatures
What's new in PDF 2.0 regarding digital signaturesWhat's new in PDF 2.0 regarding digital signatures
What's new in PDF 2.0 regarding digital signaturesBruno Lowagie
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyiText Group nv
 
Digital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustDigital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustZeev Shetach
 
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Nordic APIs
 
ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFiText Group nv
 
Utilizing PKI to Reduce Risk & Cost
Utilizing PKI to Reduce Risk & CostUtilizing PKI to Reduce Risk & Cost
Utilizing PKI to Reduce Risk & CostChin Wan Lim
 
Securing .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsSecuring .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsNETUserGroupBern
 
The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)Channy Yun
 
Adobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES SecurityAdobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES Securityguest2a5a03
 
Thawte Code Signing Certificate Feature and Benefits
Thawte Code Signing Certificate Feature and BenefitsThawte Code Signing Certificate Feature and Benefits
Thawte Code Signing Certificate Feature and BenefitsCodeSigningStore
 
Implementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated EnvironmentImplementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated EnvironmentPerficient, Inc.
 
#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLSOlle E Johansson
 
Kerberos survival guide
Kerberos survival guideKerberos survival guide
Kerberos survival guideJ.D. Wade
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECCarlos Martinez Cagnazzo
 
Network security-primer-9544
Network security-primer-9544Network security-primer-9544
Network security-primer-9544Hfz Mushtaq
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET CoreNETUserGroupBern
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
 

Similar to Digital Signatures: how it's done in PDF (20)

What's new in PDF 2.0 regarding digital signatures
What's new in PDF 2.0 regarding digital signaturesWhat's new in PDF 2.0 regarding digital signatures
What's new in PDF 2.0 regarding digital signatures
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case Study
 
Digital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustDigital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrust
 
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
 
ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDF
 
Utilizing PKI to Reduce Risk & Cost
Utilizing PKI to Reduce Risk & CostUtilizing PKI to Reduce Risk & Cost
Utilizing PKI to Reduce Risk & Cost
 
Securing .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsSecuring .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applications
 
The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)
 
SHA_and_DS.pdf
SHA_and_DS.pdfSHA_and_DS.pdf
SHA_and_DS.pdf
 
Adobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES SecurityAdobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES Security
 
Thawte Code Signing Certificate Feature and Benefits
Thawte Code Signing Certificate Feature and BenefitsThawte Code Signing Certificate Feature and Benefits
Thawte Code Signing Certificate Feature and Benefits
 
Implementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated EnvironmentImplementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated Environment
 
#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS
 
Kerberos survival guide
Kerberos survival guideKerberos survival guide
Kerberos survival guide
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSEC
 
Network security-primer-9544
Network security-primer-9544Network security-primer-9544
Network security-primer-9544
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
 

More from iText Group nv

The effects of the GDPR
The effects of the GDPRThe effects of the GDPR
The effects of the GDPRiText Group nv
 
Build your own_photobooth
Build your own_photoboothBuild your own_photobooth
Build your own_photoboothiText Group nv
 
Start-ups: the tortoise and the hare
Start-ups: the tortoise and the hareStart-ups: the tortoise and the hare
Start-ups: the tortoise and the hareiText Group nv
 
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegalIANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegaliText Group nv
 
PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!iText Group nv
 
iText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Group nv
 
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Group nv
 
The XML Forms Architecture
The XML Forms ArchitectureThe XML Forms Architecture
The XML Forms ArchitectureiText Group nv
 
Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!iText Group nv
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsiText Group nv
 
Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...iText Group nv
 

More from iText Group nv (11)

The effects of the GDPR
The effects of the GDPRThe effects of the GDPR
The effects of the GDPR
 
Build your own_photobooth
Build your own_photoboothBuild your own_photobooth
Build your own_photobooth
 
Start-ups: the tortoise and the hare
Start-ups: the tortoise and the hareStart-ups: the tortoise and the hare
Start-ups: the tortoise and the hare
 
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegalIANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and Legal
 
PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!
 
iText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycle
 
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
 
The XML Forms Architecture
The XML Forms ArchitectureThe XML Forms Architecture
The XML Forms Architecture
 
Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFs
 
Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...
 

Recently uploaded

The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolProduct School
 
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24Umar Saif
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaISPMAIndia
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanDatabarracks
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stackSummit
 
LF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIELF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIEDanBrown980551
 
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, GoogleISPMAIndia
 
"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys Vasyliev"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys VasylievFwdays
 
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31shyamraj55
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Product School
 
Roundtable_-_API_Research__Testing_Tools.pdf
Roundtable_-_API_Research__Testing_Tools.pdfRoundtable_-_API_Research__Testing_Tools.pdf
Roundtable_-_API_Research__Testing_Tools.pdfMostafa Higazy
 
Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?MENGSAYLOEM1
 
Empowering Net-Zero: Digital Insights and Funding Opportunities for Industria...
Empowering Net-Zero: Digital Insights and Funding Opportunities for Industria...Empowering Net-Zero: Digital Insights and Funding Opportunities for Industria...
Empowering Net-Zero: Digital Insights and Funding Opportunities for Industria...IES VE
 
How AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxHow AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxInfosec
 
"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura RochniakFwdays
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxNeo4j
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfSafe Software
 
Revolutionizing The Banking Industry: The Monzo Way by CPO, Monzo
Revolutionizing The Banking Industry: The Monzo Way by CPO, MonzoRevolutionizing The Banking Industry: The Monzo Way by CPO, Monzo
Revolutionizing The Banking Industry: The Monzo Way by CPO, MonzoProduct School
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr TsapFwdays
 
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...DianaGray10
 

Recently uploaded (20)

The Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product SchoolThe Future of Product, by Founder & CEO, Product School
The Future of Product, by Founder & CEO, Product School
 
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
Progress Report: Ministry of IT under Dr. Umar Saif Aug 23-Feb'24
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response Plan
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stack
 
LF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIELF Energy Webinar: Introduction to TROLIE
LF Energy Webinar: Introduction to TROLIE
 
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
"The Transformative Power of AI and Open Challenges" by Dr. Manish Gupta, Google
 
"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys Vasyliev"AIRe - AI Reliability Engineering", Denys Vasyliev
"AIRe - AI Reliability Engineering", Denys Vasyliev
 
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
Unleash the Solace Pub Sub connector | Banaglore MuleSoft Meetup #31
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
 
Roundtable_-_API_Research__Testing_Tools.pdf
Roundtable_-_API_Research__Testing_Tools.pdfRoundtable_-_API_Research__Testing_Tools.pdf
Roundtable_-_API_Research__Testing_Tools.pdf
 
Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?Are Human-generated Demonstrations Necessary for In-context Learning?
Are Human-generated Demonstrations Necessary for In-context Learning?
 
Empowering Net-Zero: Digital Insights and Funding Opportunities for Industria...
Empowering Net-Zero: Digital Insights and Funding Opportunities for Industria...Empowering Net-Zero: Digital Insights and Funding Opportunities for Industria...
Empowering Net-Zero: Digital Insights and Funding Opportunities for Industria...
 
How AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxHow AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptx
 
"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak"Testing of Helm Charts or There and Back Again", Yura Rochniak
"Testing of Helm Charts or There and Back Again", Yura Rochniak
 
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptxThe Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
The Art of the Possible with Graph by Dr Jim Webber Neo4j.pptx
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
 
Revolutionizing The Banking Industry: The Monzo Way by CPO, Monzo
Revolutionizing The Banking Industry: The Monzo Way by CPO, MonzoRevolutionizing The Banking Industry: The Monzo Way by CPO, Monzo
Revolutionizing The Banking Industry: The Monzo Way by CPO, Monzo
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
 
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...Building Bridges:  Merging RPA Processes, UiPath Apps, and Data Service to bu...
Building Bridges: Merging RPA Processes, UiPath Apps, and Data Service to bu...
 

Digital Signatures: how it's done in PDF

  • 1. Digital Signatures How it’s done in PDF
  • 2. iText, an open source PDF library Java C#
  • 3. Shareholders: -Ingeborg Willaert (50%) -Bruno Lowagie (50%) iText Group NV °2008 Belgium IP, TM, Development Marketing iText Software BVBA °2011 Belgium Sales EMEA/Asia iText Software Corp. °2009 USA (CA/MA) Sales Americas/Oceania Board of Directors: -Peter Camps (chairman) -Ingeborg Willaert -Bruno Lowagie Advisory Board: -Andrew Binstock -Mark de Visser -Bernard Slede iTextGroup Benelux: 10th place Belgium: 3rd place
  • 4. Agenda •Why do we need digital signatures? •Basic concepts… •… applied to PDF •Architectures: server-side vs. client-side •Digital signatures and document workflow •Long term validation
  • 5. Introduction Why do we need digital signatures?
  • 6. Integrity I paid a forged invoice and lost 30K€!
  • 7. Authenticity Why am I, Emperor Constantine I, in this picture? I never transferred authority to the Pope!
  • 9. Three goals •Integrity —we want assurance that the document hasn’t been changed somewhere in the workflow •Authenticity —we want assurance that the author of the document is who we think it is (and not somebody else) •Non-repudiation —we want assurance that the author can’t deny his authorship.
  • 10. Part 1 Basic concepts…
  • 11. Concept 1: Hashing •Hashing algorithm: •a cryptographic hash function to turn an arbitrary block of data into a fixed-size bit string. •Available algorithms: •MD5: Ron Rivest •SHA: •SHA-1: NSA (Being phased out!) •SHA-2: NSA / NIST •NEW: SHA-3 contest winner “Keccak” •RIPEMD: KULeuven
  • 12. Concept 1: Integrity check using hash Document Generate Hash AF1B4C...D34E Secure Server / Website Retrieve Hash AF1B4C...D34E Compare!
  • 13. Concept 2: encryption •Assymetric key algorithms •Encryption •Digital signing
  • 14. Some name dropping •Public Key Cryptography Standards •PKCS#1: RSA Cryptography Standard (Rivest, Shamir, Adleman) •PKCS#7: Cryptographic Message Standard (CMS) •PKCS#11: Cryptographic Token Interface •PKCS#12: PersonalInformation Exchange SyntaxStandard •PKCS#13: Elliptic Curve Cryptography Standard (ECDSA) •Federal Information Processing Standards (FIPS) •DSA: Digital Signature Algorithm (DSA) •European Telecommunications Standards Institute (ETSI) •CMS Advanced Electronic Signatures (CAdES)
  • 15. Concept 1 + Concept 2 •Producer •Provides data as-is •Provides hash encrypted using private key •Provides public key •Consumer •Creates hash from data: hash1 •Decrypts hash using public key: hash2 •If (hash1== hash2) document OK!
  • 16. Goals met? •Integrity: •hashes are identical •Authenticity: •identity found along with public key •Non-repudiation: •if hash can be decrypted with public key, the document was signed with the corresponding private key
  • 17. Differences between EU and US •In the US, we make a distinction: •Electronic signatures don’t necessarily involve PKI •Digital signatures when a PKI infrastructure is involved •In Europe, we speak of electronic signatures •As a synonymfor digital signatures •All laws and regulations take this wording •There’s no sharp distinction between electronic and digital signatures (which leads to confusion) •I always speak of digital signatures
  • 18. Part 2 … applied to PDF
  • 19. Standards •ISO •ISO-32000-1 (2008) based on PDF 1.7 (2006) •ISO-32000-2 will define PDF 2.0 (2016) •ETSI: TS 102 778 (2009 -2010) •PAdES1: Overview •PAdES2: Basic –CMS based (ISO-32000-1) •PAdES3: Enhanced –CAdESbased (ISO-32000-2) •PAdES4: LTV –Long Term Validation •PAdES5: XAdESbased (XML content) •PAdES6: Visual representation guidelines •ETSI: TS 103 172 (2011 -2013) •PAdESBaseline Profile
  • 20. Signatures in PDF •There are no bytes in the PDF that aren’t covered, other than the PDF signature itself. (*) •The digital signature isn’t part of the ByteRange. •The concept “to initial a document” doesn’t exist; you sign the complete document at once, not on a page per page basis. (*)
  • 21. Some PDF terminology •Signature field: •Visualisation (onewidget annotation) •Extra info about signature (Lock, SV) •/V refers to the signature dictionary •Signing: •Creating an /APfor the widget annotation •Creating a signature dictionary for /V
  • 22. What’s inside the signature? %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE •Signed Message Digest •Certificatechain •Revocation information •Timestamp ISO-32000-2: At minimum the PKCS#7 object shall include the signer’s X.509 signing certificate. This certificate shall be used to verify the signature value in /Contents. Best practices (“should” also have): •Full certificate chain •Revocation information (CRL / OCSP) •Timestamp
  • 23. Part 3 Architectures: Server-side vs. client-side signing
  • 24. Server-side signing <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest Application Device SERVER
  • 25. Use cases server-side signing •Company signature •Invoices •Contracts •… •Signing services in the Cloud •Docusign •Echosign •… •Security management responsibilities!
  • 26. Client-side signing <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest Application Device CLIENT
  • 27. Use cases client-side signing •Desktop applications •Adobe Acrobat Pro •Adobe Reader (only for Reader-enabled documents) •Home made, e.g. using iText •In a web context •The PDF software runs on the client, e.g. using Java Web Start •Access to the token or smart card through •MSCAPI •PKCS#11 •Custom smart card library •Security •User has smart card and PIN or USB token and passphrase
  • 28. Deferred signing Signed Message Digest App Device CLIENT <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Application SERVER
  • 29. Use cases deferred signing •Signing on an iPad / Tablet •App on the device has low footprint •Easy to link to integrate into a document management system •Disadvantage •You need to trust the server that the hash you receive is actually the hash of the document you want to sign •Common Criteria •a framework in which computer system users can specifytheir security functionaland assurancerequirements (SFRs and SARs respectively) through the use of Protection Profiles (PPs), vendors can then implementand/or make claims about the security attributes of their products, and testing laboratories can evaluatethe products to determine if they actually meet the claims.
  • 30. Part 4 Digital signatures and document workflow
  • 31. Digital signatures: types •Certification (aka author) signature •only possible for the first revision (*) •involves modification detection permissions: •No changes allowed •Form filling and signing allowed •Form filling, signing and commenting allowed •Approval (aka recipient) signature •workflow with subsequent signers •New in PDF 2.0: modification detection permissions •Usage Rights signature •involving Adobe’s private key to Reader enable a PDF
  • 32. Other possible icons •Signer’s identity is unknown •Document has been altered or corrupted
  • 33. Serial signatures %PDF-1.x %Originaldocument % Additional content 1 ... ... %%EOF DIGITAL SIGNATURE 1 ... %%EOF DIGITAL SIGNATURE 2 % Additional content 2 ... ... %%EOF DIGITAL SIGNATURE 3 Rev1 Rev2 Rev3 A PDF document can be signed more than once, but parallel signatures aren’t supported, only serial signatures: additional signatures sign all previous signatures.
  • 38. Read, approved and signed by Carol
  • 39. Read, approved, and signed by Dave
  • 40. Signature and lock broken by Chuck
  • 41. Part 5 Long-term validation
  • 42. Certificates expire Expiration date 2012 2013 2014
  • 43. Certificates get revoked Expiration date Revocation date 2012 2013 2014
  • 44. How to survive revocation / expiration? 2012 2013 2014 Expiration date Revocation date
  • 46. What to do when: •There’s no CRL/OCSP/TS in the document? •The certificate is about to expire in one of your documents? •The hashing / encryption algorithm is about to be deprecated?
  • 47. Document Security Store %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE •Signed Message Digest •Certificate %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DIGITAL SIGNATURE •Signed Message Digest •Certificate
  • 48. Document-level timestamp %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 ETSI.RFC3161 DIGITAL SIGNATURE •Signed Message Digest •Certificate DIGITAL SIGNATURE •Signed Message Digest •Certificate
  • 49. Repeat as soon as needed %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 DSS for TS1 DOCUMENT TIMESTAMP TS2 DIGITAL SIGNATURE •Signed Message Digest •Certificate DIGITAL SIGNATURE •Signed Message Digest •Certificate
  • 50. Q & A EMEAKerkstraat 1089050 GentbruggeBELGIUME: sales.isb@itextpdf.com T: +32 92 98 02 31F: +32 92 70 33 75 Americas, Oceania1 Broadway, 14th floorCambridge, MA 02142USA E: sales.isc@itextpdf.comT: +1 617 982 2646 F: +1 617 982 2647 iText HQAdolf Baeyensstraat 1219040 Sint-AmandsbergBELGIUM Asia71 Ayer Rajah Crescent #05-04139951SINGAPOREE: sales.isa@itextpdf,com T: tel: +65 31 58 39 47 http://itextpdf.com