https://issues.apache.org/ooo/show_bug.cgi?id=121782
--- Comment #6 from Ariel Constenla-Haile <[email protected]> --- Created attachment 80502 --> https://issues.apache.org/ooo/attachment.cgi?id=80502&action=edit PDF document catalog, with permisions enabled The PDF in attachment 80496 is enough to understand how the local save capability on the form is enabled. In short, these permissions are enabled in the /Perms entry of the document's catalog. This entry specifies a permissions dictionary, in this case with a /UR3 entry. See PDF Ref. v. 1.7, 12.8.4, Table 258. Quoting from that table: "A signature dictionary that shall be used to specify and validate additional capabilities (usage rights) granted for this document; that is, the enabling of interactive features of the conforming reader that are not available by default. For example, A conforming reader does not permit saving documents by default, but an agent may grant permissions that enable saving specific documents. The signature shall be used to validate that the permissions have been granted by the agent that did the signing." The key point is that additional capabilities are bound to a digital signature, but not any digital signature (one the user could provide, or one that could be shipped with OpenOffice): it is Adobe's own signature, or one authorized by Adobe (PDF Ref. v. 1.7, 12.8.2.3, page 471): "The UR transform method shall be used to detect changes to a document that shall invalidate a usage rights signature, which is referred to from the UR3 entry in the permissions dictionary (see 12.8.4, “Permissions”). Usage rights signatures shall be used to enable additional interactive features that may not available by default in a conforming reader. The signature shall be used to validate that the permissions have been granted by a bonafide granting authority. " More important the quote under EXAMPLE: "Adobe Systems grants permissions to enable additional features in Adobe Reader, using public-key cryptography. It uses certificate authorities to issue public key certificates to document creators with which it has entered into a business relationship. Adobe Reader verifies that the rights-enabling signature uses a certificate from an Adobe-authorized certificate authority. Other conforming readers are free to use this same mechanism for their own purposes." -- You are receiving this mail because: You are on the CC list for the bug. You are the assignee for the bug.
