Digitally sign PDF files
jkrukoff at ltgc.com
Fri Aug 15 20:02:53 CEST 2008
On Mon, 2008-08-11 at 14:13 -0700, haxier wrote:
> On 11 ago, 22:29, Hartmut Goebel <h.goe... at goebel-consult.de> wrote:
> > > I'm developing an application with some reports and we're looking for
> > > advice. This reports should be openoffice.org .odf files, pdf files,
> > > and perhaps microsoft word files (.doc, .docx?) and must be digitally
> > > signed. Is out there some kind of libraries to ease this tasks?
> > For signing you can use OpenSSL or the more complete M2crypto modules.
> > But this is only the crypto part of the task.
> M2Crypto? I didn't know of it... surely I must check it.
> It's a very delicate component (security and reliability is a must)
> and don't know how openssl works in windows environments.
> > > * Access to the local user certificate store, and read PEM or PKCS12
> > > certificate files.
> > If the certificate store is just a file, both packages can to this. If
> > the store is some otehr format or maybe the Windows registry, some
> > additional functions are required, but should be easy to implement.
> Certificates can be both: PKCS12 (.p12) files and under the windows
> certificate store.
> The best option could be some kind of thin wrapper around windows
> CryotoAPI, so access to hardware tokens and smartcard readers should
> be easy because under Linux everything seems tied to Mozilla NSS
> > > * Sign documents: as a binary stream, within an specific document
> > > (pdf, odt, doc)
> > This is the hardest part of the task, since the signature has to be
> > embedded into the document.
> OpenOffice.org uses XML DSIG (libxmlsec, libxml2) as stated here
> but I can't find more than this implementation/wrapper of libxmlsec
> PDF signing... I can't find something like iText for Python... I've
> finded examples like this based on Jython... perhaps I should look
> at jython because java 1.6 has full access to Windows CryptoAPI and
> full XML-DSIG support
> IronPython could also be an interesting option for obvious reasons and
> there's and iText port for .NET
>  http://marketing.openoffice.org/ooocon2004/presentations/friday/timmermann_digital_signatures.pdf
>  http://xmlsig.sourceforge.net/build.html
>  http://kelpi.com/script/00cd7c
>  http://java.sun.com/javase/6/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
A note on libxmlsec, there are also these python bindings available:
John Krukoff <jkrukoff at ltgc.com>
Land Title Guarantee Company
More information about the Python-list