Need advice in implementing signed PDF files

[Miguel A Paraz <mp...@mparaz.com>]

Hi,
I've been reading the code and I hope to get some tips.

On Wed, Jul 17, 2002 at 02:58:13PM +0200, Keiron Liddle wrote:
> If I understand it properly you would need to add an Encrypt pdf object
> that is referenced in the documents trailer dictionary.

That is, write out the signature with PDFDocument.outputTrailer?
Or, add it to trailerObjects using addTrailerObject?

> The you would need to encrypt all pdf streams using the appropriate
> algorithm. If JCE can handle this then it would be used to encrypt the 
> stream.

Thus I will subclass PDFFilter.

>From my reading of the code, the scope of the PDFFilter is only inside
the PDFStream, and the document is composed of multiple PDFStreams.

If I am correct, then the signing process has to be closer to the output 
level. For instance, using a FilterOutputStream to peek at the data being 
written out at the PDFRenderer level.  Or, I could use a single
java.security.Signature instance for all the PDFFilter subclass instances.

If I am wrong, and I can use a PDFFilter subclass, how can I extract my
java.security.Signature instance from the PDFFilter, to write it out
(java.security.Signature.sign())?  The filters in PDFStream are not 
referenced by name.

> - organise the configuration for password etc.

If a PDFFilter subclass is to be used, how can this have access to the 
configuration file? 



Thanks in advance!

-- 
http://mparaz.com/journal/
+63-916-423-7922



---------------------------------------------------------------------
To unsubscribe, e-mail: fop-dev-unsubscribe@xml.apache.org
For additional commands, email: fop-dev-help@xml.apache.org

Re: Need advice in implementing signed PDF files

[Keiron Liddle <ke...@aftexsw.com>]

On Mon, 2002-07-22 at 19:12, Miguel A Paraz wrote:
> > I don't know. What do you think it should do?
> 
> Sorry, let me rephrase that.  My question is, what is the proper way for
> a PDFFilter subclass to read values from the configuration file?
> The signing system would need access to the name of the private key, for
> instance.

Are we talking maintanence branch, if so the configuration is static and
you simply put a key+value pair in the config and read the value using
the key.



---------------------------------------------------------------------
To unsubscribe, e-mail: fop-dev-unsubscribe@xml.apache.org
For additional commands, email: fop-dev-help@xml.apache.org

Re: Need advice in implementing signed PDF files

[Miguel A Paraz <mp...@mparaz.com>]

On Mon, Jul 22, 2002 at 11:51:05AM +0200, Keiron Liddle wrote:
> As I misunderstood the original question it appears there is a slight
> difference to what needs to be done.
> What exactly does it need to do to sign a pdf file. Does it need to read
> all data in all streams and then create a single signature number. If so
> then it sounds like there needs to be some adjustment to how the filters
> are created and used in order to accomodate what you want.

I read the spec. It turns out that signatures are part of Acrobat Forms
(chapter 6.14).  It's not clear to me, what in particular is being signed -
the rest of the form, perhaps?

I am going to find out.

> > If a PDFFilter subclass is to be used, how can this have access to the 
> > configuration file? 
> 
> I don't know. What do you think it should do?

Sorry, let me rephrase that.  My question is, what is the proper way for
a PDFFilter subclass to read values from the configuration file?
The signing system would need access to the name of the private key, for
instance.

-- 
http://mparaz.com/journal/
+63-916-423-7922



---------------------------------------------------------------------
To unsubscribe, e-mail: fop-dev-unsubscribe@xml.apache.org
For additional commands, email: fop-dev-help@xml.apache.org

Re: Need advice in implementing signed PDF files

[Keiron Liddle <ke...@aftexsw.com>]

On Sat, 2002-07-20 at 16:55, Miguel A Paraz wrote:
> Hi,
> I've been reading the code and I hope to get some tips.
> 
> On Wed, Jul 17, 2002 at 02:58:13PM +0200, Keiron Liddle wrote:
> > If I understand it properly you would need to add an Encrypt pdf object
> > that is referenced in the documents trailer dictionary.
> 
> That is, write out the signature with PDFDocument.outputTrailer?
> Or, add it to trailerObjects using addTrailerObject?

Add a new object to the pdf file that is referenced in the trailer
dictionary using the pdf object reference.

> > The you would need to encrypt all pdf streams using the appropriate
> > algorithm. If JCE can handle this then it would be used to encrypt the 
> > stream.
> 
> Thus I will subclass PDFFilter.
> 
> >From my reading of the code, the scope of the PDFFilter is only inside
> the PDFStream, and the document is composed of multiple PDFStreams.
> 
> If I am correct, then the signing process has to be closer to the output 
> level. For instance, using a FilterOutputStream to peek at the data being 
> written out at the PDFRenderer level.  Or, I could use a single
> java.security.Signature instance for all the PDFFilter subclass instances.
> 
> If I am wrong, and I can use a PDFFilter subclass, how can I extract my
> java.security.Signature instance from the PDFFilter, to write it out
> (java.security.Signature.sign())?  The filters in PDFStream are not 
> referenced by name.

As I misunderstood the original question it appears there is a slight
difference to what needs to be done.
What exactly does it need to do to sign a pdf file. Does it need to read
all data in all streams and then create a single signature number. If so
then it sounds like there needs to be some adjustment to how the filters
are created and used in order to accomodate what you want.

> > - organise the configuration for password etc.
> 
> If a PDFFilter subclass is to be used, how can this have access to the 
> configuration file? 

I don't know. What do you think it should do?


---------------------------------------------------------------------
To unsubscribe, e-mail: fop-dev-unsubscribe@xml.apache.org
For additional commands, email: fop-dev-help@xml.apache.org