[Leaplist] What do you all use for digitally signing PDF files?

[John Simpson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2008-09-16, at 1413, Bryan J. Smith wrote:
>
> It seems a number of licensed Florida professionals
> are now being required to sign any of their documents.
> It seems PDF 1.3+ (Acrobat 4+) uses SHA-1 hashes.
> Haven't looked at how it all works though (what PKCS
> type is used).
>
> As such, I'm curious who else has run into this, and
> what they are currently using to digitally sign PDF
> files?  A print queue that automates this?  Other?
> Automating it on a print queue would be outstanding,
> since any system could use it.

the only "organized" system i've seen is adobe acrobat, which of  
course is only available if you have the full-blown adobe acrobat  
program. we were using it at KUA (we had a VP who was a microsoft  
cheerleader) back in 2002-2003, and it did work- basically we would  
print or export a document to PDF, then open it in acrobat and add our  
"signature".

there was no CA involved, in theory anybody could have created a key  
pair which had my name on it and there was no verification mechanism,  
other than physically getting my pubilc key directly from me.

my own method of solving the problem would be to just use PGP...  
basically make the PDF file (or whatever kind of file it might be) and  
send a detached PGP signature with it. of course that has its  
limitations as well. the acrobat system allowed multiple people to  
sign a document, and the scope of each person's signature included not  
only the original document but any previous signatures- so if an  
earlier signature were removed, any later signatures become invalid.  
only a system which is able to work with the individual atoms inside  
of a PDF file would be able to do this type of signature, and for the  
most part, PGP only deals with files as series of bytes- it doesn't  
know or care about any structure inherent in the file itself. (the  
only exception is the PGP MIME standard, which has basic knowledge of  
the structure of an RFC 822 email message.)


- --------------------------------------------------------
| John M. Simpson  --  KG4ZOW  --  Programmer At Large |
| http://www.jms1.net/                 <jms1 at jms1.net> |
- --------------------------------------------------------
|   Hope for America  --  http://www.ronpaul2008.com/  |
- --------------------------------------------------------





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkjP+woACgkQj42MmpAUrRqINACgm+ksBD1ppaUTcqvYU10We5o0
jAMAn29IaomXTKEhpm3dG2PbssGiWBm0
=K+ol
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.