SlideShare a Scribd company logo

Digital Signatures Explained

Download as PPTX, PDF
iText Group nv
iText Group nv

This document summarizes how digital signatures are implemented in PDF documents. It discusses the need for integrity, authenticity and non-repudiation that digital signatures provide. It covers basic concepts like hashing, encryption and digital signatures. It then explains how these concepts are applied specifically to PDF, following standards like ISO 32000 and PAdES. It discusses server-side signing, client-side signing and deferred signing architectures. It also covers how digital signatures can be used in document workflows and long-term validation strategies like revocation, timestamps and document security stores.

Technology
1 of 46
© 2015, iText Group NV, iText Software Corp., iText Software BVBA© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital Signatures: How It’s Done in PDF Zetes eaZySign event (Kasteel van Ruisbroek: April 2, 2015)
© 2015, iText Group NV, iText Software Corp., iText Software BVBA© 2015, iText Group NV, iText Software Corp., iText Software BVBA Agenda • Why do we need digital signatures? • Basic concepts… • … applied to PDF • Architectures: server-side vs. client-side • Digital signatures and document workflow • Long term validation
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF3 Why do we need digital signatures? Integrity Authenticity Non-repudiation
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Integrity Digital signatures: How It's Done in PDF4 I paid a forged invoice and lost 30K€ !
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Authenticity Digital signatures: How It's Done in PDF5 Why am I, Emperor Constantine I, in this picture? I never transferred authority to the Pope!
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Non-repudiation Digital signatures: How It's Done in PDF6 I didn’t do it!
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Three goals Integrity — we want assurance that the document hasn’t been changed somewhere in the workflow. Authenticity — we want assurance that the author of the document is who we think it is (and not somebody else). Non-repudiation — we want assurance that the author can’t deny his authorship. Digital signatures: How It's Done in PDF7
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF8 Basic Concepts… Hashing algorithms Encryption algorithms Digital signatures
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1: Hashing Hashing algorithm a cryptographic hash function to turn an arbitrary block of data into a fixed-size bit string. Available algorithms MD5: Ron Rivest (deprecated) SHA: SHA-1: NSA (phased out!) SHA-2: NSA / NIST SHA-3: Keccak (made in Belgium!) RIPEMD: KULeuven Digital signatures: How It's Done in PDF9
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1: Integrity check using hash Digital signatures: How It's Done in PDF10 Document Generate Hash AF1B4C...D34E Secure Server / Website Retrieve Hash AF1B4C...D34E Compare!
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 2: Encryption Assymetric key algorithms Encryption Digital signing Digital signatures: How It's Done in PDF11
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 2: Some name dropping Public Key Cryptography Standards PKCS#1: RSA Cryptography Standard (Rivest, Shamir, Adleman) PKCS#7: Cryptographic Message Standard (CMS) PKCS#11: Cryptographic Token Interface PKCS#12: Personal Information Exchange Syntax Standard PKCS#13: Elliptic Curve Cryptography Standard (ECDSA) Federal Information Processing Standards (FIPS) DSA: Digital Signature Algorithm (DSA) European Telecommunications Standards Institute (ETSI) CMS Advanced Electronic Signatures (CAdES) Digital signatures: How It's Done in PDF12
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1 + Concept 2 Producer Provides data as-is: [A] Provides hash of data, encrypted using private key: [B] Provides public key Consumer Creates hash from data [A]: hash1 Decrypts hash [B] using public key: hash2 If (hash1 == hash2) document OK! Digital signatures: How It's Done in PDF13
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Goals met? Integrity Hashes are identical Authenticity Identity is stored in public key A time-stamp can be added Non-repudiation If hash can be decrypted with public key, the document was signed with the corresponding private key Digital signatures: How It's Done in PDF14
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Differences between EU and US In the US, we make a distinction Electronic signatures don’t necessarily involve PKI Digital signatures when a PKI infrastructure is involved In Europe, we speak of electronic signatures As a synonym for digital signatures All laws and regulations take this wording There’s no sharp distinction between electronic and digital signatures (which leads to confusion) I always speak of digital signatures Digital signatures: How It's Done in PDF15
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF16 … Applied to PDF ISO 32000-1 ETSI TS 102 778 (PAdES) ISO 32000-2
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Standards ISO ISO-32000-1 (2008) based on PDF 1.7 (2006) ISO-32000-2 will define PDF 2.0 (2016) ETSI: TS 102 778 (2009 - 2010) PAdES 1: Overview PAdES 2: Basic – CMS based (ISO-32000-1) PAdES 3: Enhanced – CAdES based (ISO-32000-2) PAdES 4: LTV – Long Term Validation PAdES 5: XAdES based (XML content) PAdES 6: Visual representation guidelines ETSI: TS 103 172 (2011 - 2013) PAdES Baseline Profile Digital signatures: How It's Done in PDF17
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Signatures in PDF There are no bytes in the PDF that aren’t covered, other than the PDF signature itself. (*) The digital signature isn’t part of the ByteRange. The concept “to initial a document” doesn’t exist; you sign the complete document at once, not on a page per page basis. (*) Digital signatures: How It's Done in PDF18
© 2015, iText Group NV, iText Software Corp., iText Software BVBA What’s inside a signature? Digital signatures: How It's Done in PDF19 ISO-32000: At minimum the PKCS#7 object shall include the signer’s X.509 signing certificate. This certificate shall be used to verify the signature value in /Contents. Best practices (“should” also have): • Full certificate chain • Revocation information (CRL / OCSP) • Timestamp %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE • Signed Message Digest • Certificate chain • Revocation information • Timestamp
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF20 Architectures Server-side signing Client-side signing Deferred signing
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Server-side signing Digital signatures: How It's Done in PDF21 <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest Application DeviceSERVER
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases server-side signing Company signature Invoices Contracts … Signing services in the Cloud Docusign Echosign … Security management responsibilities! Digital signatures: How It's Done in PDF22
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Client-side signing Digital signatures: How It's Done in PDF23 <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest ApplicationDevice CLIENT
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases client-side signing Desktop applications Adobe Acrobat Pro Adobe Reaer (for Reader-enabled documents) Home-made, e.g. using iText In a web context The PDF software runs on the client, e.g. using Java Web Start Access to the token or smart card through MSCAPI PKCS#11 Custom smart card library Security User has smart card and PIN or USB token and passphrase Digital signatures: How It's Done in PDF24
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Deferred signing Digital signatures: How It's Done in PDF25 Signed Message Digest AppDevice CLIENT <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Application SERVER
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases deferred signing Signing on an iPad/Tablet App on the device has a low footprint Easy to integrate into a document management system Disadvantage You need to trust the server that the hash you receive is actually the hash of the document you want to sign Common Criteria A framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) through the use of Protection Profiles (PPs), vendors can then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. Digital signatures: How It's Done in PDF26
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF27 Digital signatures and workflow Author signatures Recipient signatures Locking fields / documents
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Serial signatures 28 %PDF-1.x % Original document % Additional content 1 ... ... %%EOF DIGITAL SIGNATURE 1 ... %%EOF DIGITAL SIGNATURE 2 % Additional content 2 ... ... %%EOF DIGITAL SIGNATURE 3 Rev1 Rev2 Rev3 A PDF document can be signed more than once, but parallel signatures aren’t supported, only serial signatures: additional signatures sign all previous signatures. Digital signatures: How It's Done in PDF
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: types Certification (aka author) signature Only possible for the first revision Involves modification detection permissions: No changes allowed Form filling and signing allowed Form filling, signing and commenting allowed Approval (aka recipient) signature Workflow with subsequent signers New in PDF 2.0: modification detection permissions Digital signatures: How It's Done in PDF29
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Other possible icons Signer’s identity is unknown Document has been altered or corrupted Digital signatures: How It's Done in PDF30
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Certified by Alice Digital signatures: How It's Done in PDF31
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Bob Digital signatures: How It's Done in PDF32
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Bob’s signature invalidated by Chuck Digital signatures: How It's Done in PDF33
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Carol Digital signatures: How It's Done in PDF34
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Dave Digital signatures: How It's Done in PDF35
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Signature and lock broken by Chuck Digital signatures: How It's Done in PDF36
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF37 Long-term validation Revocation Timestamps LTV
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Certificates expire Digital signatures: How It's Done in PDF38 Expiration date 2013 2014 2015
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Certificates get revoked Digital signatures: How It's Done in PDF39 Expiration dateRevocation date 2013 2014 2015
© 2015, iText Group NV, iText Software Corp., iText Software BVBA How to survive revocation / expiration? Digital signatures: How It's Done in PDF40 Expiration dateRevocation date
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Timestamps Digital signatures: How It's Done in PDF41
© 2015, iText Group NV, iText Software Corp., iText Software BVBA What to do when: There’s no CRL/OCSP/TS in the document? The certificate is about to expire in one of your documents? The hashing/encryption algorithm is about to be deprecated? Digital signatures: How It's Done in PDF42
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Document Security Store (DSS) Digital signatures: How It's Done in PDF43 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE • Signed Message Digest • Certificate %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DIGITAL SIGNATURE • Signed Message Digest • Certificate
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Document-level timestamp Digital signatures: How It's Done in PDF44 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 ETSI.RFC3161 DIGITAL SIGNATURE • Signed Message Digest • Certificate DIGITAL SIGNATURE • Signed Message Digest • Certificate
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF45 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 DSS for TS1 DOCUMENT TIMESTAMP TS2 DIGITAL SIGNATURE • Signed Message Digest • Certificate DIGITAL SIGNATURE • Signed Message Digest • Certificate
© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF46 Questions? itextpdf.com SG: sales.isa@itextpdf.com +65 31 58 39 47 BE: sales.isb@itextpdf.com +32 92 98 02 31 US: sales.isc@itextpdf.com +1 617 982 646

Recommended

Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
Virtual Private Network VPN
Virtual Private Network VPNVirtual Private Network VPN
Virtual Private Network VPNFarah M. Altufaili
 
The Internet of Things (IoT) PDF
The Internet of Things (IoT) PDFThe Internet of Things (IoT) PDF
The Internet of Things (IoT) PDFNigel Tebbutt 奈杰尔 泰巴德
 
Multimedia
MultimediaMultimedia
MultimediaArchana P Babu
 
Digital communication
Digital communicationDigital communication
Digital communicationKd Abbasi
 
Digital signature
Digital signatureDigital signature
Digital signatureYash Karanke
 
GiFi
GiFi GiFi
GiFi Muhammed Abdulmahdi
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 

Recommended

Voip security
Voip securityVoip security
Voip securityShethwala Ridhvesh
 
Virtual Private Network VPN
Virtual Private Network VPNVirtual Private Network VPN
Virtual Private Network VPNFarah M. Altufaili
 
The Internet of Things (IoT) PDF
The Internet of Things (IoT) PDFThe Internet of Things (IoT) PDF
The Internet of Things (IoT) PDFNigel Tebbutt 奈杰尔 泰巴德
 
Multimedia
MultimediaMultimedia
MultimediaArchana P Babu
 
Digital communication
Digital communicationDigital communication
Digital communicationKd Abbasi
 
Digital signature
Digital signatureDigital signature
Digital signatureYash Karanke
 
GiFi
GiFi GiFi
GiFi Muhammed Abdulmahdi
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature pptRavi Ranjan
 
Internet of Things
Internet of ThingsInternet of Things
Internet of ThingsPratibha Kumari
 
Presentation on Wireless devices
Presentation on Wireless devicesPresentation on Wireless devices
Presentation on Wireless devicesUnhappy Verse
 
3d password - Report
3d password - Report 3d password - Report
3d password - Report Sunanda Bansal
 
IOT
IOT IOT
IOT Gaurav Dwivedi
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security pptSAIKAT BISWAS
 
JINI Technology
JINI TechnologyJINI Technology
JINI TechnologyChaitanya Ram
 
4g technology
4g technology4g technology
4g technologyPublicis Sapient
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip SpoofingRoushan Jha
 
6-IoT protocol.pptx
6-IoT protocol.pptx6-IoT protocol.pptx
6-IoT protocol.pptxPratik Gohel
 
Multimedia communication networks
Multimedia communication networksMultimedia communication networks
Multimedia communication networksMohammad Ilyas Malik
 
Multimedia network services and protocols for multimedia communications
Multimedia network services and protocols for multimedia communicationsMultimedia network services and protocols for multimedia communications
Multimedia network services and protocols for multimedia communicationsMazin Alwaaly
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
Presentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesPresentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesVivaka Nand
 
IP Spoofing
IP SpoofingIP Spoofing
IP SpoofingAkmal Hussain
 
Internet Protocol Television - IPTV
Internet Protocol Television - IPTVInternet Protocol Television - IPTV
Internet Protocol Television - IPTVDulith Kasun
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signaturejolly9293
 
Short message service
Short message serviceShort message service
Short message serviceVishnu Kudumula
 
CS6551 COMPUTER NETWORKS
CS6551 COMPUTER NETWORKSCS6551 COMPUTER NETWORKS
CS6551 COMPUTER NETWORKSKathirvel Ayyaswamy
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesIshwar Dayal
 
ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFiText Group nv
 
Digital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's doneDigital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's doneBruno Lowagie
 

More Related Content

What's hot

Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature pptRavi Ranjan
 
Presentation on Wireless devices
Presentation on Wireless devicesPresentation on Wireless devices
Presentation on Wireless devicesUnhappy Verse
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security pptSAIKAT BISWAS
 
6-IoT protocol.pptx
6-IoT protocol.pptx6-IoT protocol.pptx
6-IoT protocol.pptxPratik Gohel
 
Multimedia network services and protocols for multimedia communications
Multimedia network services and protocols for multimedia communicationsMultimedia network services and protocols for multimedia communications
Multimedia network services and protocols for multimedia communicationsMazin Alwaaly
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
Presentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesPresentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesVivaka Nand
 
Internet Protocol Television - IPTV
Internet Protocol Television - IPTVInternet Protocol Television - IPTV
Internet Protocol Television - IPTVDulith Kasun
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signaturejolly9293
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesIshwar Dayal
 

What's hot (20)

Seminar presentation on digital signature ppt
Seminar presentation on digital signature pptSeminar presentation on digital signature ppt
Seminar presentation on digital signature ppt
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
Presentation on Wireless devices
Presentation on Wireless devicesPresentation on Wireless devices
Presentation on Wireless devices
 
3d password - Report
3d password - Report 3d password - Report
3d password - Report
 
IOT
IOT IOT
IOT
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
 
JINI Technology
JINI TechnologyJINI Technology
JINI Technology
 
4g technology
4g technology4g technology
4g technology
 
Ip Spoofing
Ip SpoofingIp Spoofing
Ip Spoofing
 
6-IoT protocol.pptx
6-IoT protocol.pptx6-IoT protocol.pptx
6-IoT protocol.pptx
 
Multimedia communication networks
Multimedia communication networksMultimedia communication networks
Multimedia communication networks
 
Multimedia network services and protocols for multimedia communications
Multimedia network services and protocols for multimedia communicationsMultimedia network services and protocols for multimedia communications
Multimedia network services and protocols for multimedia communications
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
Presentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificatesPresentation on digital signatures & digital certificates
Presentation on digital signatures & digital certificates
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
 
Internet Protocol Television - IPTV
Internet Protocol Television - IPTVInternet Protocol Television - IPTV
Internet Protocol Television - IPTV
 
Seminar ppt on digital signature
Seminar ppt on digital signatureSeminar ppt on digital signature
Seminar ppt on digital signature
 
Short message service
Short message serviceShort message service
Short message service
 
CS6551 COMPUTER NETWORKS
CS6551 COMPUTER NETWORKSCS6551 COMPUTER NETWORKS
CS6551 COMPUTER NETWORKS
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
 

Similar to Digital Signatures Explained

ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFiText Group nv
 
Digital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's doneDigital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's doneBruno Lowagie
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyiText Group nv
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 
How do you secure an electronic signature?
How do you secure an electronic signature?How do you secure an electronic signature?
How do you secure an electronic signature?XeniT Solutions nv
 
1.31.17 Asignet Technology FAQ & Vendor Assurance Summary
1.31.17 Asignet Technology FAQ & Vendor Assurance Summary1.31.17 Asignet Technology FAQ & Vendor Assurance Summary
1.31.17 Asignet Technology FAQ & Vendor Assurance SummaryJason Koenigsberg,MBA
 
Digital leadership event ipt und swisscom 28.10.2015
Digital leadership event ipt und swisscom 28.10.2015Digital leadership event ipt und swisscom 28.10.2015
Digital leadership event ipt und swisscom 28.10.2015Noemi Haag
 
IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)Dania Rashid
 
Xybermotive introduction (en) 092014
Xybermotive introduction (en) 092014Xybermotive introduction (en) 092014
Xybermotive introduction (en) 092014Hans-Chr. Brockmann
 
V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]Robert Grawet
 
Serial RS232 to Keyboard wedge software
Serial RS232 to Keyboard wedge softwareSerial RS232 to Keyboard wedge software
Serial RS232 to Keyboard wedge softwaretopomax
 
Easy Invoice Solution Package
Easy Invoice Solution PackageEasy Invoice Solution Package
Easy Invoice Solution Packagehromzykowski
 
Digital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustDigital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustZeev Shetach
 
WSO2 ITALIA SMART TALK #4 - Telefonica Use Case
WSO2 ITALIA SMART TALK #4 - Telefonica Use CaseWSO2 ITALIA SMART TALK #4 - Telefonica Use Case
WSO2 ITALIA SMART TALK #4 - Telefonica Use CaseProfesia Srl, Lynx Group
 
Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Innova Advanced Consulting
 
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014Digital signatures, paving the way to a digital Europe_Arthur D Little_2014
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014Market Engel SAS
 

Similar to Digital Signatures Explained (20)

ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDF
 
Digital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's doneDigital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's done
 
ECM & Digital Signature
ECM & Digital SignatureECM & Digital Signature
ECM & Digital Signature
 
ZUGFeRD: an overview
ZUGFeRD: an overviewZUGFeRD: an overview
ZUGFeRD: an overview
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case Study
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
 
How do you secure an electronic signature?
How do you secure an electronic signature?How do you secure an electronic signature?
How do you secure an electronic signature?
 
1.31.17 Asignet Technology FAQ & Vendor Assurance Summary
1.31.17 Asignet Technology FAQ & Vendor Assurance Summary1.31.17 Asignet Technology FAQ & Vendor Assurance Summary
1.31.17 Asignet Technology FAQ & Vendor Assurance Summary
 
Digital leadership event ipt und swisscom 28.10.2015
Digital leadership event ipt und swisscom 28.10.2015Digital leadership event ipt und swisscom 28.10.2015
Digital leadership event ipt und swisscom 28.10.2015
 
IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)IOTprotocols and overview (SSI)
IOTprotocols and overview (SSI)
 
Xybermotive introduction (en) 092014
Xybermotive introduction (en) 092014Xybermotive introduction (en) 092014
Xybermotive introduction (en) 092014
 
V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]V3.1.Ds Generic Presentation Pptshow [Autosaved]
V3.1.Ds Generic Presentation Pptshow [Autosaved]
 
Embed trust in your software & data
Embed trust in your software & dataEmbed trust in your software & data
Embed trust in your software & data
 
Serial RS232 to Keyboard wedge software
Serial RS232 to Keyboard wedge softwareSerial RS232 to Keyboard wedge software
Serial RS232 to Keyboard wedge software
 
Digital signatur
Digital signaturDigital signatur
Digital signatur
 
Easy Invoice Solution Package
Easy Invoice Solution PackageEasy Invoice Solution Package
Easy Invoice Solution Package
 
Digital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustDigital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrust
 
WSO2 ITALIA SMART TALK #4 - Telefonica Use Case
WSO2 ITALIA SMART TALK #4 - Telefonica Use CaseWSO2 ITALIA SMART TALK #4 - Telefonica Use Case
WSO2 ITALIA SMART TALK #4 - Telefonica Use Case
 
Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...Docuten Webinar: Get ready for your vacations with the digital signature inte...
Docuten Webinar: Get ready for your vacations with the digital signature inte...
 
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014Digital signatures, paving the way to a digital Europe_Arthur D Little_2014
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014
 

More from iText Group nv

The effects of the GDPR
The effects of the GDPRThe effects of the GDPR
The effects of the GDPRiText Group nv
 
Build your own_photobooth
Build your own_photoboothBuild your own_photobooth
Build your own_photoboothiText Group nv
 
FIT Seminar Singapore presentation
FIT Seminar Singapore presentationFIT Seminar Singapore presentation
FIT Seminar Singapore presentationiText Group nv
 
Tech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitTech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitiText Group nv
 
Intellectual property and licensing
Intellectual property and licensingIntellectual property and licensing
Intellectual property and licensingiText Group nv
 
Monetizing open-source projects
Monetizing open-source projectsMonetizing open-source projects
Monetizing open-source projectsiText Group nv
 
PDF made easy with iText 7
PDF made easy with iText 7PDF made easy with iText 7
PDF made easy with iText 7iText Group nv
 
Start-ups: the tortoise and the hare
Start-ups: the tortoise and the hareStart-ups: the tortoise and the hare
Start-ups: the tortoise and the hareiText Group nv
 
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegalIANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegaliText Group nv
 
PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!iText Group nv
 
iText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Group nv
 
iText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Group nv
 
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Group nv
 
The XML Forms Architecture
The XML Forms ArchitectureThe XML Forms Architecture
The XML Forms ArchitectureiText Group nv
 
Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!iText Group nv
 
PAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadPAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadiText Group nv
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsiText Group nv
 
Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...iText Group nv
 
The importance of standards
The importance of standardsThe importance of standards
The importance of standardsiText Group nv
 

More from iText Group nv (20)

The effects of the GDPR
The effects of the GDPRThe effects of the GDPR
The effects of the GDPR
 
Build your own_photobooth
Build your own_photoboothBuild your own_photobooth
Build your own_photobooth
 
FIT Seminar Singapore presentation
FIT Seminar Singapore presentationFIT Seminar Singapore presentation
FIT Seminar Singapore presentation
 
Tech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitTech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hit
 
Intellectual property and licensing
Intellectual property and licensingIntellectual property and licensing
Intellectual property and licensing
 
Monetizing open-source projects
Monetizing open-source projectsMonetizing open-source projects
Monetizing open-source projects
 
Oops, I broke my API
Oops, I broke my APIOops, I broke my API
Oops, I broke my API
 
PDF made easy with iText 7
PDF made easy with iText 7PDF made easy with iText 7
PDF made easy with iText 7
 
Start-ups: the tortoise and the hare
Start-ups: the tortoise and the hareStart-ups: the tortoise and the hare
Start-ups: the tortoise and the hare
 
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegalIANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and Legal
 
PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!
 
iText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycle
 
iText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Summit 2014: Keynote talk
iText Summit 2014: Keynote talk
 
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
 
The XML Forms Architecture
The XML Forms ArchitectureThe XML Forms Architecture
The XML Forms Architecture
 
Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!
 
PAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadPAdES signatures in iText and the road ahead
PAdES signatures in iText and the road ahead
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFs
 
Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...
 
The importance of standards
The importance of standardsThe importance of standards
The importance of standards
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Digital Signatures Explained

  • 1. © 2015, iText Group NV, iText Software Corp., iText Software BVBA© 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital Signatures: How It’s Done in PDF Zetes eaZySign event (Kasteel van Ruisbroek: April 2, 2015)
  • 2. © 2015, iText Group NV, iText Software Corp., iText Software BVBA© 2015, iText Group NV, iText Software Corp., iText Software BVBA Agenda • Why do we need digital signatures? • Basic concepts… • … applied to PDF • Architectures: server-side vs. client-side • Digital signatures and document workflow • Long term validation
  • 3. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF3 Why do we need digital signatures? Integrity Authenticity Non-repudiation
  • 4. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Integrity Digital signatures: How It's Done in PDF4 I paid a forged invoice and lost 30K€ !
  • 5. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Authenticity Digital signatures: How It's Done in PDF5 Why am I, Emperor Constantine I, in this picture? I never transferred authority to the Pope!
  • 6. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Non-repudiation Digital signatures: How It's Done in PDF6 I didn’t do it!
  • 7. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Three goals Integrity — we want assurance that the document hasn’t been changed somewhere in the workflow. Authenticity — we want assurance that the author of the document is who we think it is (and not somebody else). Non-repudiation — we want assurance that the author can’t deny his authorship. Digital signatures: How It's Done in PDF7
  • 8. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF8 Basic Concepts… Hashing algorithms Encryption algorithms Digital signatures
  • 9. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1: Hashing Hashing algorithm a cryptographic hash function to turn an arbitrary block of data into a fixed-size bit string. Available algorithms MD5: Ron Rivest (deprecated) SHA: SHA-1: NSA (phased out!) SHA-2: NSA / NIST SHA-3: Keccak (made in Belgium!) RIPEMD: KULeuven Digital signatures: How It's Done in PDF9
  • 10. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1: Integrity check using hash Digital signatures: How It's Done in PDF10 Document Generate Hash AF1B4C...D34E Secure Server / Website Retrieve Hash AF1B4C...D34E Compare!
  • 11. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 2: Encryption Assymetric key algorithms Encryption Digital signing Digital signatures: How It's Done in PDF11
  • 12. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 2: Some name dropping Public Key Cryptography Standards PKCS#1: RSA Cryptography Standard (Rivest, Shamir, Adleman) PKCS#7: Cryptographic Message Standard (CMS) PKCS#11: Cryptographic Token Interface PKCS#12: Personal Information Exchange Syntax Standard PKCS#13: Elliptic Curve Cryptography Standard (ECDSA) Federal Information Processing Standards (FIPS) DSA: Digital Signature Algorithm (DSA) European Telecommunications Standards Institute (ETSI) CMS Advanced Electronic Signatures (CAdES) Digital signatures: How It's Done in PDF12
  • 13. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Concept 1 + Concept 2 Producer Provides data as-is: [A] Provides hash of data, encrypted using private key: [B] Provides public key Consumer Creates hash from data [A]: hash1 Decrypts hash [B] using public key: hash2 If (hash1 == hash2) document OK! Digital signatures: How It's Done in PDF13
  • 14. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Goals met? Integrity Hashes are identical Authenticity Identity is stored in public key A time-stamp can be added Non-repudiation If hash can be decrypted with public key, the document was signed with the corresponding private key Digital signatures: How It's Done in PDF14
  • 15. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Differences between EU and US In the US, we make a distinction Electronic signatures don’t necessarily involve PKI Digital signatures when a PKI infrastructure is involved In Europe, we speak of electronic signatures As a synonym for digital signatures All laws and regulations take this wording There’s no sharp distinction between electronic and digital signatures (which leads to confusion) I always speak of digital signatures Digital signatures: How It's Done in PDF15
  • 16. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF16 … Applied to PDF ISO 32000-1 ETSI TS 102 778 (PAdES) ISO 32000-2
  • 17. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Standards ISO ISO-32000-1 (2008) based on PDF 1.7 (2006) ISO-32000-2 will define PDF 2.0 (2016) ETSI: TS 102 778 (2009 - 2010) PAdES 1: Overview PAdES 2: Basic – CMS based (ISO-32000-1) PAdES 3: Enhanced – CAdES based (ISO-32000-2) PAdES 4: LTV – Long Term Validation PAdES 5: XAdES based (XML content) PAdES 6: Visual representation guidelines ETSI: TS 103 172 (2011 - 2013) PAdES Baseline Profile Digital signatures: How It's Done in PDF17
  • 18. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Signatures in PDF There are no bytes in the PDF that aren’t covered, other than the PDF signature itself. (*) The digital signature isn’t part of the ByteRange. The concept “to initial a document” doesn’t exist; you sign the complete document at once, not on a page per page basis. (*) Digital signatures: How It's Done in PDF18
  • 19. © 2015, iText Group NV, iText Software Corp., iText Software BVBA What’s inside a signature? Digital signatures: How It's Done in PDF19 ISO-32000: At minimum the PKCS#7 object shall include the signer’s X.509 signing certificate. This certificate shall be used to verify the signature value in /Contents. Best practices (“should” also have): • Full certificate chain • Revocation information (CRL / OCSP) • Timestamp %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE • Signed Message Digest • Certificate chain • Revocation information • Timestamp
  • 20. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF20 Architectures Server-side signing Client-side signing Deferred signing
  • 21. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Server-side signing Digital signatures: How It's Done in PDF21 <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest Application DeviceSERVER
  • 22. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases server-side signing Company signature Invoices Contracts … Signing services in the Cloud Docusign Echosign … Security management responsibilities! Digital signatures: How It's Done in PDF22
  • 23. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Client-side signing Digital signatures: How It's Done in PDF23 <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest ApplicationDevice CLIENT
  • 24. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases client-side signing Desktop applications Adobe Acrobat Pro Adobe Reaer (for Reader-enabled documents) Home-made, e.g. using iText In a web context The PDF software runs on the client, e.g. using Java Web Start Access to the token or smart card through MSCAPI PKCS#11 Custom smart card library Security User has smart card and PIN or USB token and passphrase Digital signatures: How It's Done in PDF24
  • 25. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Deferred signing Digital signatures: How It's Done in PDF25 Signed Message Digest AppDevice CLIENT <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Application SERVER
  • 26. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Use cases deferred signing Signing on an iPad/Tablet App on the device has a low footprint Easy to integrate into a document management system Disadvantage You need to trust the server that the hash you receive is actually the hash of the document you want to sign Common Criteria A framework in which computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) through the use of Protection Profiles (PPs), vendors can then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. Digital signatures: How It's Done in PDF26
  • 27. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF27 Digital signatures and workflow Author signatures Recipient signatures Locking fields / documents
  • 28. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Serial signatures 28 %PDF-1.x % Original document % Additional content 1 ... ... %%EOF DIGITAL SIGNATURE 1 ... %%EOF DIGITAL SIGNATURE 2 % Additional content 2 ... ... %%EOF DIGITAL SIGNATURE 3 Rev1 Rev2 Rev3 A PDF document can be signed more than once, but parallel signatures aren’t supported, only serial signatures: additional signatures sign all previous signatures. Digital signatures: How It's Done in PDF
  • 29. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: types Certification (aka author) signature Only possible for the first revision Involves modification detection permissions: No changes allowed Form filling and signing allowed Form filling, signing and commenting allowed Approval (aka recipient) signature Workflow with subsequent signers New in PDF 2.0: modification detection permissions Digital signatures: How It's Done in PDF29
  • 30. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Other possible icons Signer’s identity is unknown Document has been altered or corrupted Digital signatures: How It's Done in PDF30
  • 31. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Certified by Alice Digital signatures: How It's Done in PDF31
  • 32. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Bob Digital signatures: How It's Done in PDF32
  • 33. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Bob’s signature invalidated by Chuck Digital signatures: How It's Done in PDF33
  • 34. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Carol Digital signatures: How It's Done in PDF34
  • 35. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Read, approved and signed by Dave Digital signatures: How It's Done in PDF35
  • 36. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Signature and lock broken by Chuck Digital signatures: How It's Done in PDF36
  • 37. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF37 Long-term validation Revocation Timestamps LTV
  • 38. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Certificates expire Digital signatures: How It's Done in PDF38 Expiration date 2013 2014 2015
  • 39. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Certificates get revoked Digital signatures: How It's Done in PDF39 Expiration dateRevocation date 2013 2014 2015
  • 40. © 2015, iText Group NV, iText Software Corp., iText Software BVBA How to survive revocation / expiration? Digital signatures: How It's Done in PDF40 Expiration dateRevocation date
  • 41. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Timestamps Digital signatures: How It's Done in PDF41
  • 42. © 2015, iText Group NV, iText Software Corp., iText Software BVBA What to do when: There’s no CRL/OCSP/TS in the document? The certificate is about to expire in one of your documents? The hashing/encryption algorithm is about to be deprecated? Digital signatures: How It's Done in PDF42
  • 43. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Document Security Store (DSS) Digital signatures: How It's Done in PDF43 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE • Signed Message Digest • Certificate %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DIGITAL SIGNATURE • Signed Message Digest • Certificate
  • 44. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Document-level timestamp Digital signatures: How It's Done in PDF44 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 ETSI.RFC3161 DIGITAL SIGNATURE • Signed Message Digest • Certificate DIGITAL SIGNATURE • Signed Message Digest • Certificate
  • 45. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF45 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE • VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 DSS for TS1 DOCUMENT TIMESTAMP TS2 DIGITAL SIGNATURE • Signed Message Digest • Certificate DIGITAL SIGNATURE • Signed Message Digest • Certificate
  • 46. © 2015, iText Group NV, iText Software Corp., iText Software BVBA Digital signatures: How It's Done in PDF46 Questions? itextpdf.com SG: sales.isa@itextpdf.com +65 31 58 39 47 BE: sales.isb@itextpdf.com +32 92 98 02 31 US: sales.isc@itextpdf.com +1 617 982 646