[jira] [Commented] (PDFBOX-2776) support "Long Term Validation" signature extensions (LTV)

Mon, 19 Oct 2020 07:07:04 -0700 


    [ 
https://issues.apache.org/jira/browse/PDFBOX-2776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17216743#comment-17216743
 ] 

Ralf Hauser commented on PDFBOX-2776:
-------------------------------------

Testing with:
 
System.setProperty("org.apache.pdfbox.examples.pdmodel.tsa","http://tsa.pki.admin.ch/tsa";);
 TestCreateSignature.init();
 new TestCreateSignature().testAddValidationInformation();

Still looking for a good test file. The attached is a proposal, for the 
sig-cert used therein, there is both a current OCSP and CRL available

OCSP (-Wed Oct 21 15:55:00 CEST 2020):

    The certificate was not revoked. According to the OCSP
    Response from: http://ocspdr.quovadisglobal.com , created 20201019_1555 
CertID
    ser#: 2e4540e4f6993bbe4f737f3d6841df0485582bf, validity of OCSP-Response 
till:    20201021_1555

CRL (-Thu Oct 22 14:33:53 CEST 2020):
    Found a valid CRL in the local cache. Issued on Oct 19, 2020,
    next update on Oct 22, 2020.
    size 467KB



> support "Long Term Validation" signature extensions (LTV)
> ---------------------------------------------------------
>
>                 Key: PDFBOX-2776
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-2776
>             Project: PDFBox
>          Issue Type: Improvement
>          Components: Signing
>    Affects Versions: 2.0.0
>            Reporter: Ralf Hauser
>            Priority: Major
>             Fix For: 3.0.0 PDFBox
>
>         Attachments: nonSigPdf-sig1.pdf
>
>
> in recent acrobat readers, every signature is commented w.r.t. "LTV"
> ETSI TS 102 778-4 V1.1.2 (2009-12) Technical Specification
> referenced as part 4 in
> http://en.wikipedia.org/wiki/PAdES 
> It would be great if pdf signatures created with PDFBox would assist in 
> creatign those.
> Target test setup: 
> 1) input of an unsigned PDF-1.5 document
> 2) signature with
> a) local key pair
> b) hsm
> c) remote signature service (e.g. via soap)
> 3) add ocsp response for LTV (crls typically are larger)
> ==> Result: signed pdf where acrobat reader claims it to be "LTV enabled"
> see also PDFBOX-1848
> more in 
> http://stackoverflow.com/questions/26090558/ltv-enabled-signature-in-pdf



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to