SlideShare a Scribd company logo

Digital Signatures: how it's done in PDF

iText Group nv
iText Group nv

These are the slides that were be presented at a GlobalSign customer event in Leuven on September 16, 2014. In my talk, I explained why digital signatures are important. I introduced the audience to the basic concepts used when signing documents and showed how these concepts are used in the context of PDF. Furthermore, I discussed different architectures to implement a digital signature solution, as well as how digital signatures can be used in a workflow and how we can create digital signatures for the long term.

1 of 50
Download to read offline
Digital Signatures How it’s done in PDF
iText, an open source PDF library Java C#
Shareholders: -Ingeborg Willaert (50%) -Bruno Lowagie (50%) iText Group NV °2008 Belgium IP, TM, Development Marketing iText Software BVBA °2011 Belgium Sales EMEA/Asia iText Software Corp. °2009 USA (CA/MA) Sales Americas/Oceania Board of Directors: -Peter Camps (chairman) -Ingeborg Willaert -Bruno Lowagie Advisory Board: -Andrew Binstock -Mark de Visser -Bernard Slede iTextGroup Benelux: 10th place Belgium: 3rd place
Agenda •Why do we need digital signatures? •Basic concepts… •… applied to PDF •Architectures: server-side vs. client-side •Digital signatures and document workflow •Long term validation
Introduction Why do we need digital signatures?
Integrity I paid a forged invoice and lost 30K€!
Authenticity Why am I, Emperor Constantine I, in this picture? I never transferred authority to the Pope!
Non-repudiation I didn’t do it!
Three goals •Integrity —we want assurance that the document hasn’t been changed somewhere in the workflow •Authenticity —we want assurance that the author of the document is who we think it is (and not somebody else) •Non-repudiation —we want assurance that the author can’t deny his authorship.
Part 1 Basic concepts…
Concept 1: Hashing •Hashing algorithm: •a cryptographic hash function to turn an arbitrary block of data into a fixed-size bit string. •Available algorithms: •MD5: Ron Rivest •SHA: •SHA-1: NSA (Being phased out!) •SHA-2: NSA / NIST •NEW: SHA-3 contest winner “Keccak” •RIPEMD: KULeuven
Concept 1: Integrity check using hash Document Generate Hash AF1B4C...D34E Secure Server / Website Retrieve Hash AF1B4C...D34E Compare!
Concept 2: encryption •Assymetric key algorithms •Encryption •Digital signing
Some name dropping •Public Key Cryptography Standards •PKCS#1: RSA Cryptography Standard (Rivest, Shamir, Adleman) •PKCS#7: Cryptographic Message Standard (CMS) •PKCS#11: Cryptographic Token Interface •PKCS#12: PersonalInformation Exchange SyntaxStandard •PKCS#13: Elliptic Curve Cryptography Standard (ECDSA) •Federal Information Processing Standards (FIPS) •DSA: Digital Signature Algorithm (DSA) •European Telecommunications Standards Institute (ETSI) •CMS Advanced Electronic Signatures (CAdES)
Concept 1 + Concept 2 •Producer •Provides data as-is •Provides hash encrypted using private key •Provides public key •Consumer •Creates hash from data: hash1 •Decrypts hash using public key: hash2 •If (hash1== hash2) document OK!
Goals met? •Integrity: •hashes are identical •Authenticity: •identity found along with public key •Non-repudiation: •if hash can be decrypted with public key, the document was signed with the corresponding private key
Differences between EU and US •In the US, we make a distinction: •Electronic signatures don’t necessarily involve PKI •Digital signatures when a PKI infrastructure is involved •In Europe, we speak of electronic signatures •As a synonymfor digital signatures •All laws and regulations take this wording •There’s no sharp distinction between electronic and digital signatures (which leads to confusion) •I always speak of digital signatures
Part 2 … applied to PDF
Standards •ISO •ISO-32000-1 (2008) based on PDF 1.7 (2006) •ISO-32000-2 will define PDF 2.0 (2016) •ETSI: TS 102 778 (2009 -2010) •PAdES1: Overview •PAdES2: Basic –CMS based (ISO-32000-1) •PAdES3: Enhanced –CAdESbased (ISO-32000-2) •PAdES4: LTV –Long Term Validation •PAdES5: XAdESbased (XML content) •PAdES6: Visual representation guidelines •ETSI: TS 103 172 (2011 -2013) •PAdESBaseline Profile
Signatures in PDF •There are no bytes in the PDF that aren’t covered, other than the PDF signature itself. (*) •The digital signature isn’t part of the ByteRange. •The concept “to initial a document” doesn’t exist; you sign the complete document at once, not on a page per page basis. (*)
Some PDF terminology •Signature field: •Visualisation (onewidget annotation) •Extra info about signature (Lock, SV) •/V refers to the signature dictionary •Signing: •Creating an /APfor the widget annotation •Creating a signature dictionary for /V
What’s inside the signature? %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE •Signed Message Digest •Certificatechain •Revocation information •Timestamp ISO-32000-2: At minimum the PKCS#7 object shall include the signer’s X.509 signing certificate. This certificate shall be used to verify the signature value in /Contents. Best practices (“should” also have): •Full certificate chain •Revocation information (CRL / OCSP) •Timestamp
Part 3 Architectures: Server-side vs. client-side signing
Server-side signing <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest Application Device SERVER
Use cases server-side signing •Company signature •Invoices •Contracts •… •Signing services in the Cloud •Docusign •Echosign •… •Security management responsibilities!
Client-side signing <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest Application Device CLIENT
Use cases client-side signing •Desktop applications •Adobe Acrobat Pro •Adobe Reader (only for Reader-enabled documents) •Home made, e.g. using iText •In a web context •The PDF software runs on the client, e.g. using Java Web Start •Access to the token or smart card through •MSCAPI •PKCS#11 •Custom smart card library •Security •User has smart card and PIN or USB token and passphrase
Deferred signing Signed Message Digest App Device CLIENT <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Application SERVER
Use cases deferred signing •Signing on an iPad / Tablet •App on the device has low footprint •Easy to link to integrate into a document management system •Disadvantage •You need to trust the server that the hash you receive is actually the hash of the document you want to sign •Common Criteria •a framework in which computer system users can specifytheir security functionaland assurancerequirements (SFRs and SARs respectively) through the use of Protection Profiles (PPs), vendors can then implementand/or make claims about the security attributes of their products, and testing laboratories can evaluatethe products to determine if they actually meet the claims.
Part 4 Digital signatures and document workflow
Digital signatures: types •Certification (aka author) signature •only possible for the first revision (*) •involves modification detection permissions: •No changes allowed •Form filling and signing allowed •Form filling, signing and commenting allowed •Approval (aka recipient) signature •workflow with subsequent signers •New in PDF 2.0: modification detection permissions •Usage Rights signature •involving Adobe’s private key to Reader enable a PDF
Other possible icons •Signer’s identity is unknown •Document has been altered or corrupted
Serial signatures %PDF-1.x %Originaldocument % Additional content 1 ... ... %%EOF DIGITAL SIGNATURE 1 ... %%EOF DIGITAL SIGNATURE 2 % Additional content 2 ... ... %%EOF DIGITAL SIGNATURE 3 Rev1 Rev2 Rev3 A PDF document can be signed more than once, but parallel signatures aren’t supported, only serial signatures: additional signatures sign all previous signatures.
Certified by Alice
Read and approved by Bob
Signed by Bob
Bob’s signature invalidated by Chuck
Read, approved and signed by Carol
Read, approved, and signed by Dave
Signature and lock broken by Chuck
Part 5 Long-term validation
Certificates expire Expiration date 2012 2013 2014
Certificates get revoked Expiration date Revocation date 2012 2013 2014
How to survive revocation / expiration? 2012 2013 2014 Expiration date Revocation date
Timestamps
What to do when: •There’s no CRL/OCSP/TS in the document? •The certificate is about to expire in one of your documents? •The hashing / encryption algorithm is about to be deprecated?
Document Security Store %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE •Signed Message Digest •Certificate %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DIGITAL SIGNATURE •Signed Message Digest •Certificate
Document-level timestamp %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 ETSI.RFC3161 DIGITAL SIGNATURE •Signed Message Digest •Certificate DIGITAL SIGNATURE •Signed Message Digest •Certificate
Repeat as soon as needed %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 DSS for TS1 DOCUMENT TIMESTAMP TS2 DIGITAL SIGNATURE •Signed Message Digest •Certificate DIGITAL SIGNATURE •Signed Message Digest •Certificate
Q & A EMEAKerkstraat 1089050 GentbruggeBELGIUME: sales.isb@itextpdf.com T: +32 92 98 02 31F: +32 92 70 33 75 Americas, Oceania1 Broadway, 14th floorCambridge, MA 02142USA E: sales.isc@itextpdf.comT: +1 617 982 2646 F: +1 617 982 2647 iText HQAdolf Baeyensstraat 1219040 Sint-AmandsbergBELGIUM Asia71 Ayer Rajah Crescent #05-04139951SINGAPOREE: sales.isa@itextpdf,com T: tel: +65 31 58 39 47 http://itextpdf.com

Recommended

Digital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's doneDigital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's done
Bruno Lowagie
 
Bitcoin: Nedir, ne değildir?
Bitcoin: Nedir, ne değildir?Bitcoin: Nedir, ne değildir?
Bitcoin: Nedir, ne değildir?
Onur Güngör
 
AirTree Ventures Crypto 101
AirTree Ventures Crypto 101AirTree Ventures Crypto 101
AirTree Ventures Crypto 101
AirTree
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & Wallets
Christopher Allen
 
アイデンティティ管理の基礎~Fim adfsアーキテクチャ
アイデンティティ管理の基礎~Fim adfsアーキテクチャアイデンティティ管理の基礎~Fim adfsアーキテクチャ
アイデンティティ管理の基礎~Fim adfsアーキテクチャ
Naohiro Fujie
 
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
Masaru Kurahayashi
 
Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装
Haniyama Wataru
 
LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向
LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向
LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向
Naohiro Fujie
 

Recommended

Digital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's doneDigital Signatures in PDF: how it's done
Digital Signatures in PDF: how it's done
Bruno Lowagie
 
Bitcoin: Nedir, ne değildir?
Bitcoin: Nedir, ne değildir?Bitcoin: Nedir, ne değildir?
Bitcoin: Nedir, ne değildir?
Onur Güngör
 
AirTree Ventures Crypto 101
AirTree Ventures Crypto 101AirTree Ventures Crypto 101
AirTree Ventures Crypto 101
AirTree
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & Wallets
Christopher Allen
 
アイデンティティ管理の基礎~Fim adfsアーキテクチャ
アイデンティティ管理の基礎~Fim adfsアーキテクチャアイデンティティ管理の基礎~Fim adfsアーキテクチャ
アイデンティティ管理の基礎~Fim adfsアーキテクチャ
Naohiro Fujie
 
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
OpenID Connect 入門 〜コンシューマーにおけるID連携のトレンド〜
Masaru Kurahayashi
 
Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装
Haniyama Wataru
 
LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向
LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向
LINE Payも取り組んでいるKYCってなんだろう?KYCの基本と最近の動向
Naohiro Fujie
 
Ethereum A to Z
Ethereum A to ZEthereum A to Z
Ethereum A to Z
Dongsam Byun
 
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Simplilearn
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
Torsten Lodderstedt
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 
Litecoin Crypto Currency Bootcamp
Litecoin Crypto Currency BootcampLitecoin Crypto Currency Bootcamp
Litecoin Crypto Currency Bootcamp
Joseph Holbrook, Chief Learning Officer (CLO)
 
Ethereum virtual machine for Developers Part 1
Ethereum virtual machine for Developers Part 1Ethereum virtual machine for Developers Part 1
Ethereum virtual machine for Developers Part 1
ArcBlock
 
Blockchain Explained
Blockchain ExplainedBlockchain Explained
Blockchain Explained
Shermin Voshmgir
 
Bitcoin Addresses
Bitcoin AddressesBitcoin Addresses
Bitcoin Addresses
ashmoran
 
Analyzing Bitcoin Security
Analyzing Bitcoin SecurityAnalyzing Bitcoin Security
Analyzing Bitcoin Security
Philippe Camacho, Ph.D.
 
Examination and interpretation findings in asphyxial death
Examination and interpretation findings in asphyxial deathExamination and interpretation findings in asphyxial death
Examination and interpretation findings in asphyxial death
Sultan Al-Otaibi
 
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
Cory Forsyth
 
Staking Cryptocurrency Explained (with Platform List)
Staking Cryptocurrency Explained (with Platform List)Staking Cryptocurrency Explained (with Platform List)
Staking Cryptocurrency Explained (with Platform List)
Jared Broker
 
Triple Entry Accounting: A BlockChain Use Case for Banks With R3 Corda
Triple Entry Accounting: A BlockChain Use Case for Banks With R3 CordaTriple Entry Accounting: A BlockChain Use Case for Banks With R3 Corda
Triple Entry Accounting: A BlockChain Use Case for Banks With R3 Corda
Debajani Mohanty
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User Authentication
FIDO Alliance
 
Types of blockchain
Types of blockchainTypes of blockchain
Types of blockchain
Darwin Labs
 
Mechanical asphyxia.pptx
Mechanical asphyxia.pptxMechanical asphyxia.pptx
Mechanical asphyxia.pptx
Dr Nikita Prabhakaran
 
Introduction to Ethereum Blockchain & Smart Contract
Introduction to Ethereum Blockchain & Smart ContractIntroduction to Ethereum Blockchain & Smart Contract
Introduction to Ethereum Blockchain & Smart Contract
Thanh Nguyen
 
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7Hackito Ergo Sum
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
iText Group nv
 
PDF made easy with iText 7
PDF made easy with iText 7PDF made easy with iText 7
PDF made easy with iText 7
iText Group nv
 
PAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadPAdES signatures in iText and the road ahead
PAdES signatures in iText and the road ahead
iText Group nv
 
The importance of standards
The importance of standardsThe importance of standards
The importance of standards
iText Group nv
 

More Related Content

What's hot

Ethereum A to Z
Ethereum A to ZEthereum A to Z
Ethereum A to Z
Dongsam Byun
 
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Simplilearn
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
Torsten Lodderstedt
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 
Litecoin Crypto Currency Bootcamp
Litecoin Crypto Currency BootcampLitecoin Crypto Currency Bootcamp
Litecoin Crypto Currency Bootcamp
Joseph Holbrook, Chief Learning Officer (CLO)
 
Ethereum virtual machine for Developers Part 1
Ethereum virtual machine for Developers Part 1Ethereum virtual machine for Developers Part 1
Ethereum virtual machine for Developers Part 1
ArcBlock
 
Blockchain Explained
Blockchain ExplainedBlockchain Explained
Blockchain Explained
Shermin Voshmgir
 
Bitcoin Addresses
Bitcoin AddressesBitcoin Addresses
Bitcoin Addresses
ashmoran
 
Analyzing Bitcoin Security
Analyzing Bitcoin SecurityAnalyzing Bitcoin Security
Analyzing Bitcoin Security
Philippe Camacho, Ph.D.
 
Examination and interpretation findings in asphyxial death
Examination and interpretation findings in asphyxial deathExamination and interpretation findings in asphyxial death
Examination and interpretation findings in asphyxial death
Sultan Al-Otaibi
 
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
Cory Forsyth
 
Staking Cryptocurrency Explained (with Platform List)
Staking Cryptocurrency Explained (with Platform List)Staking Cryptocurrency Explained (with Platform List)
Staking Cryptocurrency Explained (with Platform List)
Jared Broker
 
Triple Entry Accounting: A BlockChain Use Case for Banks With R3 Corda
Triple Entry Accounting: A BlockChain Use Case for Banks With R3 CordaTriple Entry Accounting: A BlockChain Use Case for Banks With R3 Corda
Triple Entry Accounting: A BlockChain Use Case for Banks With R3 Corda
Debajani Mohanty
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User Authentication
FIDO Alliance
 
Types of blockchain
Types of blockchainTypes of blockchain
Types of blockchain
Darwin Labs
 
Mechanical asphyxia.pptx
Mechanical asphyxia.pptxMechanical asphyxia.pptx
Mechanical asphyxia.pptx
Dr Nikita Prabhakaran
 
Introduction to Ethereum Blockchain & Smart Contract
Introduction to Ethereum Blockchain & Smart ContractIntroduction to Ethereum Blockchain & Smart Contract
Introduction to Ethereum Blockchain & Smart Contract
Thanh Nguyen
 
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7Hackito Ergo Sum
 

What's hot (18)

Ethereum A to Z
Ethereum A to ZEthereum A to Z
Ethereum A to Z
 
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
Litecoin Crypto Currency Bootcamp
Litecoin Crypto Currency BootcampLitecoin Crypto Currency Bootcamp
Litecoin Crypto Currency Bootcamp
 
Ethereum virtual machine for Developers Part 1
Ethereum virtual machine for Developers Part 1Ethereum virtual machine for Developers Part 1
Ethereum virtual machine for Developers Part 1
 
Blockchain Explained
Blockchain ExplainedBlockchain Explained
Blockchain Explained
 
Bitcoin Addresses
Bitcoin AddressesBitcoin Addresses
Bitcoin Addresses
 
Analyzing Bitcoin Security
Analyzing Bitcoin SecurityAnalyzing Bitcoin Security
Analyzing Bitcoin Security
 
Examination and interpretation findings in asphyxial death
Examination and interpretation findings in asphyxial deathExamination and interpretation findings in asphyxial death
Examination and interpretation findings in asphyxial death
 
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
HTTP by Hand: Exploring HTTP/1.0, 1.1 and 2.0
 
Staking Cryptocurrency Explained (with Platform List)
Staking Cryptocurrency Explained (with Platform List)Staking Cryptocurrency Explained (with Platform List)
Staking Cryptocurrency Explained (with Platform List)
 
Triple Entry Accounting: A BlockChain Use Case for Banks With R3 Corda
Triple Entry Accounting: A BlockChain Use Case for Banks With R3 CordaTriple Entry Accounting: A BlockChain Use Case for Banks With R3 Corda
Triple Entry Accounting: A BlockChain Use Case for Banks With R3 Corda
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User Authentication
 
Types of blockchain
Types of blockchainTypes of blockchain
Types of blockchain
 
Mechanical asphyxia.pptx
Mechanical asphyxia.pptxMechanical asphyxia.pptx
Mechanical asphyxia.pptx
 
Introduction to Ethereum Blockchain & Smart Contract
Introduction to Ethereum Blockchain & Smart ContractIntroduction to Ethereum Blockchain & Smart Contract
Introduction to Ethereum Blockchain & Smart Contract
 
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
 

Viewers also liked

Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
iText Group nv
 
PDF made easy with iText 7
PDF made easy with iText 7PDF made easy with iText 7
PDF made easy with iText 7
iText Group nv
 
PAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadPAdES signatures in iText and the road ahead
PAdES signatures in iText and the road ahead
iText Group nv
 
The importance of standards
The importance of standardsThe importance of standards
The importance of standards
iText Group nv
 
iText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Summit 2014: Keynote talk
iText Summit 2014: Keynote talk
iText Group nv
 
Intellectual property and licensing
Intellectual property and licensingIntellectual property and licensing
Intellectual property and licensing
iText Group nv
 
Oops, I broke my API
Oops, I broke my APIOops, I broke my API
Oops, I broke my API
iText Group nv
 
FIT Seminar Singapore presentation
FIT Seminar Singapore presentationFIT Seminar Singapore presentation
FIT Seminar Singapore presentation
iText Group nv
 
Monetizing open-source projects
Monetizing open-source projectsMonetizing open-source projects
Monetizing open-source projects
iText Group nv
 
ZUGFeRD: an overview
ZUGFeRD: an overviewZUGFeRD: an overview
ZUGFeRD: an overview
iText Group nv
 
Tech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitTech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hit
iText Group nv
 
Présentation de mon PFE
Présentation de mon PFEPrésentation de mon PFE
Présentation de mon PFE
Nadir Haouari
 
présentation soutenance PFE.ppt
présentation soutenance PFE.pptprésentation soutenance PFE.ppt
présentation soutenance PFE.pptMohamed Ben Bouzid
 

Viewers also liked (13)

Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
 
PDF made easy with iText 7
PDF made easy with iText 7PDF made easy with iText 7
PDF made easy with iText 7
 
PAdES signatures in iText and the road ahead
PAdES signatures in iText and the road aheadPAdES signatures in iText and the road ahead
PAdES signatures in iText and the road ahead
 
The importance of standards
The importance of standardsThe importance of standards
The importance of standards
 
iText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Summit 2014: Keynote talk
iText Summit 2014: Keynote talk
 
Intellectual property and licensing
Intellectual property and licensingIntellectual property and licensing
Intellectual property and licensing
 
Oops, I broke my API
Oops, I broke my APIOops, I broke my API
Oops, I broke my API
 
FIT Seminar Singapore presentation
FIT Seminar Singapore presentationFIT Seminar Singapore presentation
FIT Seminar Singapore presentation
 
Monetizing open-source projects
Monetizing open-source projectsMonetizing open-source projects
Monetizing open-source projects
 
ZUGFeRD: an overview
ZUGFeRD: an overviewZUGFeRD: an overview
ZUGFeRD: an overview
 
Tech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitTech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hit
 
Présentation de mon PFE
Présentation de mon PFEPrésentation de mon PFE
Présentation de mon PFE
 
présentation soutenance PFE.ppt
présentation soutenance PFE.pptprésentation soutenance PFE.ppt
présentation soutenance PFE.ppt
 

Similar to Digital Signatures: how it's done in PDF

What's new in PDF 2.0 regarding digital signatures
What's new in PDF 2.0 regarding digital signaturesWhat's new in PDF 2.0 regarding digital signatures
What's new in PDF 2.0 regarding digital signatures
Bruno Lowagie
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case Study
iText Group nv
 
Digital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustDigital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrust
Zeev Shetach
 
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Nordic APIs
 
ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDF
iText Group nv
 
Utilizing PKI to Reduce Risk & Cost
Utilizing PKI to Reduce Risk & CostUtilizing PKI to Reduce Risk & Cost
Utilizing PKI to Reduce Risk & Cost
Chin Wan Lim
 
Securing .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsSecuring .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applications
NETUserGroupBern
 
The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)Channy Yun
 
SHA_and_DS.pdf
SHA_and_DS.pdfSHA_and_DS.pdf
SHA_and_DS.pdf
Santosh Gupta
 
Adobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES SecurityAdobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES Security
guest2a5a03
 
Thawte Code Signing Certificate Feature and Benefits
Thawte Code Signing Certificate Feature and BenefitsThawte Code Signing Certificate Feature and Benefits
Thawte Code Signing Certificate Feature and Benefits
CodeSigningStore
 
Implementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated EnvironmentImplementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated Environment
Perficient, Inc.
 
#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS
Olle E Johansson
 
Kerberos survival guide
Kerberos survival guideKerberos survival guide
Kerberos survival guideJ.D. Wade
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSEC
Carlos Martinez Cagnazzo
 
Network security-primer-9544
Network security-primer-9544Network security-primer-9544
Network security-primer-9544Hfz Mushtaq
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
CASCouncil
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
NETUserGroupBern
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
Fatih Ozavci
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays
 

Similar to Digital Signatures: how it's done in PDF (20)

What's new in PDF 2.0 regarding digital signatures
What's new in PDF 2.0 regarding digital signaturesWhat's new in PDF 2.0 regarding digital signatures
What's new in PDF 2.0 regarding digital signatures
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case Study
 
Digital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrustDigital Signatures solution by ComsignTrust
Digital Signatures solution by ComsignTrust
 
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
 
ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDF
 
Utilizing PKI to Reduce Risk & Cost
Utilizing PKI to Reduce Risk & CostUtilizing PKI to Reduce Risk & Cost
Utilizing PKI to Reduce Risk & Cost
 
Securing .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applicationsSecuring .NET Core, ASP.NET Core applications
Securing .NET Core, ASP.NET Core applications
 
The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)The History and Status of Web Crypto API (2012)
The History and Status of Web Crypto API (2012)
 
SHA_and_DS.pdf
SHA_and_DS.pdfSHA_and_DS.pdf
SHA_and_DS.pdf
 
Adobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES SecurityAdobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES Security
 
Thawte Code Signing Certificate Feature and Benefits
Thawte Code Signing Certificate Feature and BenefitsThawte Code Signing Certificate Feature and Benefits
Thawte Code Signing Certificate Feature and Benefits
 
Implementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated EnvironmentImplementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated Environment
 
#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS#Morecrypto 1.8 - with introduction to TLS
#Morecrypto 1.8 - with introduction to TLS
 
Kerberos survival guide
Kerberos survival guideKerberos survival guide
Kerberos survival guide
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSEC
 
Network security-primer-9544
Network security-primer-9544Network security-primer-9544
Network security-primer-9544
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
 
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
 

More from iText Group nv

The effects of the GDPR
The effects of the GDPRThe effects of the GDPR
The effects of the GDPR
iText Group nv
 
Build your own_photobooth
Build your own_photoboothBuild your own_photobooth
Build your own_photobooth
iText Group nv
 
Start-ups: the tortoise and the hare
Start-ups: the tortoise and the hareStart-ups: the tortoise and the hare
Start-ups: the tortoise and the hare
iText Group nv
 
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegalIANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and Legal
iText Group nv
 
PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!
iText Group nv
 
iText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycle
iText Group nv
 
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Group nv
 
The XML Forms Architecture
The XML Forms ArchitectureThe XML Forms Architecture
The XML Forms Architecture
iText Group nv
 
Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!
iText Group nv
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFs
iText Group nv
 
Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...
iText Group nv
 

More from iText Group nv (11)

The effects of the GDPR
The effects of the GDPRThe effects of the GDPR
The effects of the GDPR
 
Build your own_photobooth
Build your own_photoboothBuild your own_photobooth
Build your own_photobooth
 
Start-ups: the tortoise and the hare
Start-ups: the tortoise and the hareStart-ups: the tortoise and the hare
Start-ups: the tortoise and the hare
 
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegalIANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and Legal
 
PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!
 
iText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycle
 
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
 
The XML Forms Architecture
The XML Forms ArchitectureThe XML Forms Architecture
The XML Forms Architecture
 
Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFs
 
Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...
 

Recently uploaded

To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 

Recently uploaded (20)

To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 

Digital Signatures: how it's done in PDF

  • 1. Digital Signatures How it’s done in PDF
  • 2. iText, an open source PDF library Java C#
  • 3. Shareholders: -Ingeborg Willaert (50%) -Bruno Lowagie (50%) iText Group NV °2008 Belgium IP, TM, Development Marketing iText Software BVBA °2011 Belgium Sales EMEA/Asia iText Software Corp. °2009 USA (CA/MA) Sales Americas/Oceania Board of Directors: -Peter Camps (chairman) -Ingeborg Willaert -Bruno Lowagie Advisory Board: -Andrew Binstock -Mark de Visser -Bernard Slede iTextGroup Benelux: 10th place Belgium: 3rd place
  • 4. Agenda •Why do we need digital signatures? •Basic concepts… •… applied to PDF •Architectures: server-side vs. client-side •Digital signatures and document workflow •Long term validation
  • 5. Introduction Why do we need digital signatures?
  • 6. Integrity I paid a forged invoice and lost 30K€!
  • 7. Authenticity Why am I, Emperor Constantine I, in this picture? I never transferred authority to the Pope!
  • 9. Three goals •Integrity —we want assurance that the document hasn’t been changed somewhere in the workflow •Authenticity —we want assurance that the author of the document is who we think it is (and not somebody else) •Non-repudiation —we want assurance that the author can’t deny his authorship.
  • 10. Part 1 Basic concepts…
  • 11. Concept 1: Hashing •Hashing algorithm: •a cryptographic hash function to turn an arbitrary block of data into a fixed-size bit string. •Available algorithms: •MD5: Ron Rivest •SHA: •SHA-1: NSA (Being phased out!) •SHA-2: NSA / NIST •NEW: SHA-3 contest winner “Keccak” •RIPEMD: KULeuven
  • 12. Concept 1: Integrity check using hash Document Generate Hash AF1B4C...D34E Secure Server / Website Retrieve Hash AF1B4C...D34E Compare!
  • 13. Concept 2: encryption •Assymetric key algorithms •Encryption •Digital signing
  • 14. Some name dropping •Public Key Cryptography Standards •PKCS#1: RSA Cryptography Standard (Rivest, Shamir, Adleman) •PKCS#7: Cryptographic Message Standard (CMS) •PKCS#11: Cryptographic Token Interface •PKCS#12: PersonalInformation Exchange SyntaxStandard •PKCS#13: Elliptic Curve Cryptography Standard (ECDSA) •Federal Information Processing Standards (FIPS) •DSA: Digital Signature Algorithm (DSA) •European Telecommunications Standards Institute (ETSI) •CMS Advanced Electronic Signatures (CAdES)
  • 15. Concept 1 + Concept 2 •Producer •Provides data as-is •Provides hash encrypted using private key •Provides public key •Consumer •Creates hash from data: hash1 •Decrypts hash using public key: hash2 •If (hash1== hash2) document OK!
  • 16. Goals met? •Integrity: •hashes are identical •Authenticity: •identity found along with public key •Non-repudiation: •if hash can be decrypted with public key, the document was signed with the corresponding private key
  • 17. Differences between EU and US •In the US, we make a distinction: •Electronic signatures don’t necessarily involve PKI •Digital signatures when a PKI infrastructure is involved •In Europe, we speak of electronic signatures •As a synonymfor digital signatures •All laws and regulations take this wording •There’s no sharp distinction between electronic and digital signatures (which leads to confusion) •I always speak of digital signatures
  • 18. Part 2 … applied to PDF
  • 19. Standards •ISO •ISO-32000-1 (2008) based on PDF 1.7 (2006) •ISO-32000-2 will define PDF 2.0 (2016) •ETSI: TS 102 778 (2009 -2010) •PAdES1: Overview •PAdES2: Basic –CMS based (ISO-32000-1) •PAdES3: Enhanced –CAdESbased (ISO-32000-2) •PAdES4: LTV –Long Term Validation •PAdES5: XAdESbased (XML content) •PAdES6: Visual representation guidelines •ETSI: TS 103 172 (2011 -2013) •PAdESBaseline Profile
  • 20. Signatures in PDF •There are no bytes in the PDF that aren’t covered, other than the PDF signature itself. (*) •The digital signature isn’t part of the ByteRange. •The concept “to initial a document” doesn’t exist; you sign the complete document at once, not on a page per page basis. (*)
  • 21. Some PDF terminology •Signature field: •Visualisation (onewidget annotation) •Extra info about signature (Lock, SV) •/V refers to the signature dictionary •Signing: •Creating an /APfor the widget annotation •Creating a signature dictionary for /V
  • 22. What’s inside the signature? %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE •Signed Message Digest •Certificatechain •Revocation information •Timestamp ISO-32000-2: At minimum the PKCS#7 object shall include the signer’s X.509 signing certificate. This certificate shall be used to verify the signature value in /Contents. Best practices (“should” also have): •Full certificate chain •Revocation information (CRL / OCSP) •Timestamp
  • 23. Part 3 Architectures: Server-side vs. client-side signing
  • 24. Server-side signing <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest Application Device SERVER
  • 25. Use cases server-side signing •Company signature •Invoices •Contracts •… •Signing services in the Cloud •Docusign •Echosign •… •Security management responsibilities!
  • 26. Client-side signing <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest Application Device CLIENT
  • 27. Use cases client-side signing •Desktop applications •Adobe Acrobat Pro •Adobe Reader (only for Reader-enabled documents) •Home made, e.g. using iText •In a web context •The PDF software runs on the client, e.g. using Java Web Start •Access to the token or smart card through •MSCAPI •PKCS#11 •Custom smart card library •Security •User has smart card and PIN or USB token and passphrase
  • 28. Deferred signing Signed Message Digest App Device CLIENT <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Application SERVER
  • 29. Use cases deferred signing •Signing on an iPad / Tablet •App on the device has low footprint •Easy to link to integrate into a document management system •Disadvantage •You need to trust the server that the hash you receive is actually the hash of the document you want to sign •Common Criteria •a framework in which computer system users can specifytheir security functionaland assurancerequirements (SFRs and SARs respectively) through the use of Protection Profiles (PPs), vendors can then implementand/or make claims about the security attributes of their products, and testing laboratories can evaluatethe products to determine if they actually meet the claims.
  • 30. Part 4 Digital signatures and document workflow
  • 31. Digital signatures: types •Certification (aka author) signature •only possible for the first revision (*) •involves modification detection permissions: •No changes allowed •Form filling and signing allowed •Form filling, signing and commenting allowed •Approval (aka recipient) signature •workflow with subsequent signers •New in PDF 2.0: modification detection permissions •Usage Rights signature •involving Adobe’s private key to Reader enable a PDF
  • 32. Other possible icons •Signer’s identity is unknown •Document has been altered or corrupted
  • 33. Serial signatures %PDF-1.x %Originaldocument % Additional content 1 ... ... %%EOF DIGITAL SIGNATURE 1 ... %%EOF DIGITAL SIGNATURE 2 % Additional content 2 ... ... %%EOF DIGITAL SIGNATURE 3 Rev1 Rev2 Rev3 A PDF document can be signed more than once, but parallel signatures aren’t supported, only serial signatures: additional signatures sign all previous signatures.
  • 38. Read, approved and signed by Carol
  • 39. Read, approved, and signed by Dave
  • 40. Signature and lock broken by Chuck
  • 41. Part 5 Long-term validation
  • 42. Certificates expire Expiration date 2012 2013 2014
  • 43. Certificates get revoked Expiration date Revocation date 2012 2013 2014
  • 44. How to survive revocation / expiration? 2012 2013 2014 Expiration date Revocation date
  • 46. What to do when: •There’s no CRL/OCSP/TS in the document? •The certificate is about to expire in one of your documents? •The hashing / encryption algorithm is about to be deprecated?
  • 47. Document Security Store %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE •Signed Message Digest •Certificate %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DIGITAL SIGNATURE •Signed Message Digest •Certificate
  • 48. Document-level timestamp %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 ETSI.RFC3161 DIGITAL SIGNATURE •Signed Message Digest •Certificate DIGITAL SIGNATURE •Signed Message Digest •Certificate
  • 49. Repeat as soon as needed %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 DSS for TS1 DOCUMENT TIMESTAMP TS2 DIGITAL SIGNATURE •Signed Message Digest •Certificate DIGITAL SIGNATURE •Signed Message Digest •Certificate
  • 50. Q & A EMEAKerkstraat 1089050 GentbruggeBELGIUME: sales.isb@itextpdf.com T: +32 92 98 02 31F: +32 92 70 33 75 Americas, Oceania1 Broadway, 14th floorCambridge, MA 02142USA E: sales.isc@itextpdf.comT: +1 617 982 2646 F: +1 617 982 2647 iText HQAdolf Baeyensstraat 1219040 Sint-AmandsbergBELGIUM Asia71 Ayer Rajah Crescent #05-04139951SINGAPOREE: sales.isa@itextpdf,com T: tel: +65 31 58 39 47 http://itextpdf.com