[jira] [Commented] (PDFBOX-2776) support "Long Term Validation" signature extensions (LTV)

Mon, 19 Oct 2020 23:20:00 -0700 


    [ 
https://issues.apache.org/jira/browse/PDFBOX-2776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17217312#comment-17217312
 ] 

Tilman Hausherr commented on PDFBOX-2776:
-----------------------------------------

That certificate doesn't help, and all certificates should be in the PDF 
anyway. Or at least contain an URL where they are to be downloaded.

ShowSignature checks all the paths (like AddValidation does). It fails on your 
PDF because the timestamp certificate doesn't validate because the revocation 
doesn't.

Acrobat Reader doesn't tell about the timestamp, only that it couldn't be 
checked.

If you have any contacts at http://www.pki.admin.ch/crl/QualifiedCA01.crl , can 
you ask them why their CRL is out of date and why their OCSP doesn't work?

> support "Long Term Validation" signature extensions (LTV)
> ---------------------------------------------------------
>
>                 Key: PDFBOX-2776
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-2776
>             Project: PDFBox
>          Issue Type: Improvement
>          Components: Signing
>    Affects Versions: 2.0.0
>            Reporter: Ralf Hauser
>            Priority: Major
>             Fix For: 3.0.0 PDFBox
>
>         Attachments: nonSigPdf-sig1.pdf
>
>
> in recent acrobat readers, every signature is commented w.r.t. "LTV"
> ETSI TS 102 778-4 V1.1.2 (2009-12) Technical Specification
> referenced as part 4 in
> http://en.wikipedia.org/wiki/PAdES 
> It would be great if pdf signatures created with PDFBox would assist in 
> creatign those.
> Target test setup: 
> 1) input of an unsigned PDF-1.5 document
> 2) signature with
> a) local key pair
> b) hsm
> c) remote signature service (e.g. via soap)
> 3) add ocsp response for LTV (crls typically are larger)
> ==> Result: signed pdf where acrobat reader claims it to be "LTV enabled"
> see also PDFBOX-1848
> more in 
> http://stackoverflow.com/questions/26090558/ltv-enabled-signature-in-pdf



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to