[Leaplist] What do you all use for digitally signing PDF files?

Tue Sep 16 20:20:39 EDT 2008

If this is for Government use, the only problem I see using PGP is that
it is based off of the Web of Trust model. I would expect the
Government, especially the Federal Government to require a trusted third
party, i.e. Verisign, Thwart, Comodo, etc.I have seen quite a few
commercial options for signing pdf documents.

--Hank

John Simpson wrote:
> On 2008-09-16, at 1413, Bryan J. Smith wrote:
>
> > It seems a number of licensed Florida professionals
> > are now being required to sign any of their documents.
> > It seems PDF 1.3+ (Acrobat 4+) uses SHA-1 hashes.
> > Haven't looked at how it all works though (what PKCS
> > type is used).
>
> > As such, I'm curious who else has run into this, and
> > what they are currently using to digitally sign PDF
> > files?  A print queue that automates this?  Other?
> > Automating it on a print queue would be outstanding,
> > since any system could use it.
>
> the only "organized" system i've seen is adobe acrobat, which of
> course is only available if you have the full-blown adobe acrobat
> program. we were using it at KUA (we had a VP who was a microsoft
> cheerleader) back in 2002-2003, and it did work- basically we would
> print or export a document to PDF, then open it in acrobat and add our
> "signature".
>
> there was no CA involved, in theory anybody could have created a key
> pair which had my name on it and there was no verification mechanism,
> other than physically getting my pubilc key directly from me.
>
> my own method of solving the problem would be to just use PGP...
> basically make the PDF file (or whatever kind of file it might be) and
> send a detached PGP signature with it. of course that has its
> limitations as well. the acrobat system allowed multiple people to
> sign a document, and the scope of each person's signature included not
> only the original document but any previous signatures- so if an
> earlier signature were removed, any later signatures become invalid.
> only a system which is able to work with the individual atoms inside
> of a PDF file would be able to do this type of signature, and for the
> most part, PGP only deals with files as series of bytes- it doesn't
> know or care about any structure inherent in the file itself. (the
> only exception is the PGP MIME standard, which has basic knowledge of
> the structure of an RFC 822 email message.)
>
>
> --------------------------------------------------------
> | John M. Simpson  --  KG4ZOW  --  Programmer At Large |
> | http://www.jms1.net/                 <jms1 at jms1.net> |
> --------------------------------------------------------
> |   Hope for America  --  http://www.ronpaul2008.com/  |
> --------------------------------------------------------
>
>
>
>
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.