[jira] [Commented] (PDFBOX-2776) support "Long Term Validation" signature extensions (LTV)

Mon, 26 Oct 2020 23:08:02 -0700 


    [ 
https://issues.apache.org/jira/browse/PDFBOX-2776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17221165#comment-17221165
 ] 

Ralf Hauser commented on PDFBOX-2776:
-------------------------------------

[~mkl] <<But no, this is impossible in a number of use cases, in particular 
there are many signing services nowadays which just-in-time, while processing a 
signature request, create a short-term certificate only for this signature. As 
you cannot know the signer certificate before signing, you cannot retrieve 
revocation information for it in time to consider them when building the signed 
attributes.>>

Seems that provider shortLivedCrlAsLTV-sig.pdf solve it with a small, 
long-lasting CRL ...

> support "Long Term Validation" signature extensions (LTV)
> ---------------------------------------------------------
>
>                 Key: PDFBOX-2776
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-2776
>             Project: PDFBox
>          Issue Type: Improvement
>          Components: Signing
>    Affects Versions: 2.0.0
>            Reporter: Ralf Hauser
>            Priority: Major
>             Fix For: 3.0.0 PDFBox
>
>         Attachments: certified_368835_Sig_de_201026171017_LTV.pdf, 
> nonSigPdf-sig1.pdf, notCertified_368835_Sig_en_201026090509.pdf, 
> notCertified_368835_Sig_en_201026090509_report.png
>
>
> in recent acrobat readers, every signature is commented w.r.t. "LTV"
> ETSI TS 102 778-4 V1.1.2 (2009-12) Technical Specification
> referenced as part 4 in
> http://en.wikipedia.org/wiki/PAdES 
> It would be great if pdf signatures created with PDFBox would assist in 
> creatign those.
> Target test setup: 
> 1) input of an unsigned PDF-1.5 document
> 2) signature with
> a) local key pair
> b) hsm
> c) remote signature service (e.g. via soap)
> 3) add ocsp response for LTV (crls typically are larger)
> ==> Result: signed pdf where acrobat reader claims it to be "LTV enabled"
> see also PDFBOX-1848
> more in 
> http://stackoverflow.com/questions/26090558/ltv-enabled-signature-in-pdf



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to