Digitally sign PDF files

John Krukoff jkrukoff at ltgc.com
Fri Aug 15 20:02:53 CEST 2008


On Mon, 2008-08-11 at 14:13 -0700, haxier wrote:
> On 11 ago, 22:29, Hartmut Goebel <h.goe... at goebel-consult.de> wrote:
> 
> > > I'm developing an application with some reports and we're looking for
> > > advice. This reports should be openoffice.org .odf files, pdf files,
> > > and perhaps microsoft word files (.doc, .docx?) and must be digitally
> > > signed. Is out there some kind of libraries to ease this tasks?
> >
> > For signing you can use OpenSSL or the more complete M2crypto modules.
> > But this is only the crypto part of the task.
> 
> M2Crypto? I didn't know of it... surely I must check it.
> 
> It's a very delicate component (security and reliability is a must)
> and don't know how openssl works in windows environments.
> 
> >  > * Access to the local user certificate store, and read PEM or PKCS12
> >  > certificate files.
> >
> > If the certificate store is just a file, both packages can to this. If
> > the store is some otehr format or maybe the Windows registry, some
> > additional functions are required, but should be easy to implement.
> 
> Certificates can be both: PKCS12 (.p12) files and under the windows
> certificate store.
> 
> The best option could be some kind of thin wrapper around windows
> CryotoAPI, so access to hardware tokens and smartcard readers should
> be easy because under Linux everything seems tied to Mozilla NSS
> libraries.
> 
> > > * Sign documents: as a binary stream, within an specific document
> > > (pdf, odt, doc)
> >
> > This is the hardest part of the task, since the signature has to be
> > embedded into the document.
> 
> OpenOffice.org uses XML DSIG (libxmlsec, libxml2) as stated here[1]
> but I can't find more than this[2] implementation/wrapper of libxmlsec
> 
> PDF signing... I can't find something like iText for Python... I've
> finded examples like this[3] based on Jython... perhaps I should look
> at jython because java 1.6 has full access to Windows CryptoAPI and
> full XML-DSIG support[4]
> 
> IronPython could also be an interesting option for obvious reasons and
> there's and iText port for .NET
> 
> Thanks
> 
> [1] http://marketing.openoffice.org/ooocon2004/presentations/friday/timmermann_digital_signatures.pdf
> [2] http://xmlsig.sourceforge.net/build.html
> [3] http://kelpi.com/script/00cd7c
> [4] http://java.sun.com/javase/6/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
> --
> http://mail.python.org/mailman/listinfo/python-list

A note on libxmlsec, there are also these python bindings available:
http://pyxmlsec.labs.libre-entreprise.org/index.php?section=examples

-- 
John Krukoff <jkrukoff at ltgc.com>
Land Title Guarantee Company




More information about the Python-list mailing list