[jira] [Commented] (PDFBOX-4784) Possibility to provide the SecureRandom to SecurityHandler

Fri, 15 May 2020 04:41:27 -0700 


    [ 
https://issues.apache.org/jira/browse/PDFBOX-4784?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17108192#comment-17108192
 ] 

Aleksandr Beliakov commented on PDFBOX-4784:
--------------------------------------------

[~lehmi] , please take a look on a pull request I have created : 
[https://github.com/apache/pdfbox/pull/83]

I added a unit test to show our use case. As Michael have explained, in DSS we 
sign a signature in three steps:

1) Compute data to be signed;

2) Compute Signature Value;

3) Sign the document.

The PDF creation is required on steps 1 and 3, therefore in order to have a 
cryptographically valid signature, the both steps must produce a PDF with the 
same binaries. Based on this, we need to have a possibility to use AES 
encryption in a deterministic way, i.e. by providing a custom SecureRandom.

> Possibility to provide the SecureRandom to SecurityHandler
> ----------------------------------------------------------
>
>                 Key: PDFBOX-4784
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-4784
>             Project: PDFBox
>          Issue Type: Improvement
>            Reporter: Pierrick Vandenbroucke
>            Priority: Major
>
> In DSS, we build electronic signatures with two stateless operations 
> (computation of the data to be signed and incorporation of the signature 
> value). Currently, the signature creation fails with encrypted documents 
> (AES) due to the Initialization Vector generations which produce different 
> values at each call.
> We would need a way to "stabilize" this part. We discussed about that on our 
> [issue tracker|https://ec.europa.eu/cefdigital/tracker/browse/DSS-1962] and 
> the idea would be to provide a custom instance of the SecureRandom to the 
> [SecurityHandler|https://github.com/apache/pdfbox/blob/2.0.19/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/encryption/SecurityHandler.java#L381].



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to