[
https://issues.apache.org/jira/browse/PDFBOX-3047?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14991449#comment-14991449
]
Ralf Hauser commented on PDFBOX-3047:
-------------------------------------
For somebody who would like to face this challenge, we would offer EUR 1000.-
If interested, pls contact [email protected]
> LTV-fix offline signature
> -------------------------
>
> Key: PDFBOX-3047
> URL: https://issues.apache.org/jira/browse/PDFBOX-3047
> Project: PDFBox
> Issue Type: Improvement
> Components: Signing
> Reporter: Ralf Hauser
>
> This is a complement to PDFBOX-2776
> <<A PDF signature may not be successfully verified unless its collateral
> validation components are preserved, e.g., certificates, CRLs, time stamp
> tokens, revocation lists, and OCSP responses. To facilitate long term
> signature validation (LTV), PDF supports the ability to collect validation
> information to verify a signature at a later time if it has been verified
> once as being valid. Some of this information, i.e. certificates, CRLs and
> OCSP responses, when not already present in the signature, shall be stored in
> a document security store (DSS), see 12.8.4.3, "Document Security Store
> (DSS)". When storing this type of information and, when not already present
> in the signature, it shall be stored in a document time-stamp dictionary, see
> 12.8.5, "Document time-stamp (DTS) dictionary (PDF 2.0)". This will provide
> the information needed to verify a signature as this was done when that
> signature was first verified. >>
> If someone signs a pdf off-line, there should be a pdf-box routine that can
> possibly even be run on the command-line to amend a document with OCSP/CRL
> info for the signing certificate chain plus a verification time-stamp. The
> latter might even be interesting for an online signature that already has a
> timestamp but might be lacking other info.
> There should be a clear interface to obtain
> a) ocsp responses
> b) crls
> c) timestamps
> such that other (pre-existing) solutions can be tied to this routine
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
