Daniel Perez Alvarez, Daniel Perez Alvarez wrote: > I've found the following about the signature in the signed PDFs I have to > timestamp: > > * The '/Filter' entry contains 'Adobe.PPKLite' > * The '/SubFilter' entry contains 'adbe.x509.rsa_sha1' > * The X509 certificate is stored in the '/Cert' entry > * The '/Contents' entry doesn't seem to be padded, so there is no free > space > * The '/M' entry contains the date of signing, but it is an unverified > computer time > > This information leads me to believe the PDFs are signed using PKCS#1 as > Michael said, not PKCS#7 as I had supposed. How can I confirm it?
No further confirmation is needed. A SubFilter value /adbe.x509.rsa_sha1 implies that the /Contents value is a PKCS#1 signature (at least if the Adobe Reader is happy with the signature). Daniel Perez Alvarez wrote: > So, if the signatures are PKCS#1, does the situation change? Is it less > troublesome to timestamp the PDFs then? How would I go about it? Where > would I insert the timestamp? I'm lost as heck... It changes only insofar as there is not even a theoretical possibility to revamp those signatures to include a timestamp. PKCS#1 signatures essentially are merely an encrypted structure containing a hash algorithm identifier and a hash value. So either you add a new timestamped signature of your own to all those documents or you go the PAdES-LTV way. Depending on the possible use of the DocMDP transform method in those documents, the former possibility might be forbidden while the latter has retroactively (in the PAdES-Spec and eventually in PDF 2.0) been allowed. Daniel Perez Alvarez wrote: > PD: If PAdES-LTV is the way to go, I will look deeper into it, but I > haven't found many examples on the net, so I'm a bit wary. Actually PAdES-LTV is the _only_ standardized way to add integrated timestamps to your documents. Unfortunately, as has been mentioned before, PAdES-LTV is... 1T3XT info wrote: > ... not even implemented in Adobe Reader, and it will only be in the PDF > specification somewhere in 2011 (ISO 32000-2). Thus, depending on what your employer or customer actually needs, you might even be better off with non-integrated timestamps... Regards, Michael. -- View this message in context: http://itext-general.2136553.n4.nabble.com/Add-timestamp-to-signed-PDF-tp2247722p2250049.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.itextpdf.com/book/ Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
