SlideShare ist ein Scribd-Unternehmen logo

PAdES signatures in iText and the road ahead

iText Group nv
iText Group nv

iText Summit 2012, talk by Paulo Soares. Note that the plans that are discussed in these slides were already implemented. See also http://itextpdf.com/book/digitalsignatures

Technologie
1 von 23
Downloaden Sie, um offline zu lesen
PAdES signatures in iText and the road ahead Paulo Soares
About the speaker         Paulo Soares M.Sc. Electronics and Telecomunications Hardware background in military comunication systems Works for www.glintt.com Healthcare software (pharmacies, hospitals, clinics, laboratories) Industrial control, automation Software architect iText co-developer since 2000 2012-03-29 iText Summit 2
Some acronyms          OSI - Open Systems Interconnection ASN.1 - Abstract Syntax Notation One BER - Basic Encoding Rules DER - Distinguished Encoding Rules IETF - Internet Engineering Task Force RFC – Request For Comments CMS – Cryptographic Message Syntax CAdES - CMS Advanced Electronic Signatures PAdES - PDF Advanced Electronic Signature Profiles 2012-03-29 iText Summit 3
What is PAdES  In July 2009, ETSI (European Telecommunications Standard Institute) has published a new standard that will facilitate secure paperless transactions throughout Europe, in conformance with European legislation. The standard defines a series of profiles for PAdES — Advanced Electronic Signatures for PDF documents — that meet the requirements of the European Directive on a Community framework for electronic signatures (Directive 1999/93/EC).  The new standard was developed by ETSI's Electronic Signatures and Infrastructure (ESI) Technical Committee in collaboration with PDF experts. PDF is defined in a standard ISO 32000-1, so the ETSI activity included reviewing and documenting how ISO 32000-1 can satisfy the European Directive. The resulting PAdES standard, ETSI Technical Specification (TS) 102 778, also introduces a number of adaptations and extensions to PDF to satisfy the Directive's requirements. 2012-03-29 iText Summit 4
PAdES summary      Part 1: "PAdES Overview - a framework document for PAdES"; Part 2: "PAdES Basic - Profile based on ISO 320001"; Part 3: "PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles"; Part 4: "PAdES Long Term - PAdES-LTV Profile"; Part 5: "PAdES for XML Content - Profiles for XAdES signatures". 2012-03-29 iText Summit 5
PAdES Part 1    Provides a general description of support for signatures in PDF documents including use of XML signatures to protect XML data in PDF documents; Lists the features of the PDF profiles specified in other parts of the document; Describes how the profiles may be used in combination. 2012-03-29 iText Summit 6
PAdES Part 2  Profiles the use of PDF signatures, as described in ISO 32000-1 and based on CMS, for its use in any application areas where PDF is the appropriate technology for exchange of digital documents including interactive forms. 2012-03-29 iText Summit 7
PAdES Part 2 SubFilter value adbe.pkcs7.detached Message Digest adbe.pkcs7.sha1 adbe.x509.rsa.sha1a SHA1 (PDF 1.3) SHA1 (PDF 1.3)b SHA1 (PDF 1.3) SHA256 (PDF 1.6) SHA384 (PDF 1.7) SHA384 (PDF 1.7) SHA512 (PDF 1.7) SHA512 (PDF 1.7) RIPEMD160 (PDF 1.7) RSA Algorithm Support SHA256 (PDF 1.6) RIPEMD160 (PDF 1.7) Up to 1024-bit (PDF 1.3) See adbe.pkcs7.detached See adbe.pkcs7.detached See adbe.pkcs7.detached No Up to 2048-bit (PDF 1.5) Up to 4096-bit (PDF 1.5) DSA Algorithm Support Up to 4096-bits (PDF 1.6) a Despite the appearance of sha1 in the name of this SubFilter value, supported encodings shall not be limited to the SHA1 algorithm. The PKCS#1 object contains an identifier that indicates which algorithm shall be used. b Other digest algorithms may be used to digest the signed-data field; however, SHA1 shall be used to digest the data that is being signed. 2012-03-29 iText Summit 8
PAdES Part 3    Profiles the use of PDF Signatures specified in ISO 32000-1 with an alternative signature encoding to support signature formats equivalent to the signature forms CAdES-BES, CAdES-EPES and CAdES-T as Specified in TS 101 733. The PAdES-BES profile supports basic CMS (RFC 3852) signature features as specified TS 102 778-2 with the additional protection against signing certificate substitution. The PAdES-EPES profile extends the PAdES-BES profile to include signature policies. 2012-03-29 iText Summit 9
PAdES Part 4   Profiles the electronic signature formats found in ISO 32000-1 [1] to support Long Term Validation (LTV) of PDF Signatures Specifies how to include validation information in a PDF Document and to further protect the document using time-stamps so that it is possible to subsequently verify a PDF Signature long after it was signed. This profile may be used to support long term validation of: • • • PDF Signatures to profiles specified in TS 102 778-2 PDF Signatures to profiles specified in TS 102 778-3 PDF Signatures to profiles specified in TS 102 778-5 2012-03-29 iText Summit 10
PAdES Part 4 2012-03-29 iText Summit 11
PAdES Part 5  Defines four profiles that together profile the usage of XAdES signatures, as defined in TS 101 903, for signing XML content within the PDF containers. 2012-03-29 iText Summit 12
PAdES support in iText     Full support of PAdES Part 2 Support of PAdES Part 3 with an external signature Full support of PAdES Part 4 No support of PAdES Part 5 2012-03-29 iText Summit 13
PAdES Part 2 in iText    Direct support of adbe.x509.rsa.sha1 Direct support of adbe.pkcs7.sha1 Support of adbe.pkcs7.detached as an external signature but iText does the signing 2012-03-29 iText Summit 14
adbe.x509.rsa.sha1 signing KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(new FileInputStream("my_private_key.pfx"), "my_password".toCharArray()); String alias = (String)ks.aliases().nextElement(); PrivateKey key = (PrivateKey)ks.getKey(alias, "my_password".toCharArray()); Certificate[] chain = ks.getCertificateChain(alias); PdfReader reader = new PdfReader("original.pdf"); FileOutputStream fout = new FileOutputStream("signed.pdf"); PdfStamper stp = PdfStamper.createSignature(reader, fout, '0'); PdfSignatureAppearance sap = stp.getSignatureAppearance(); sap.setCrypto(key, chain, null, PdfSignatureAppearance.SELF_SIGNED); sap.setReason("I'm the author"); sap.setLocation("Lisbon"); sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null); stp.close(); 2012-03-29 iText Summit 15
adbe.pkcs7.sha1 signing KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(new FileInputStream("my_private_key.pfx"), "my_password".toCharArray()); String alias = (String)ks.aliases().nextElement(); PrivateKey key = (PrivateKey)ks.getKey(alias, "my_password".toCharArray()); Certificate[] chain = ks.getCertificateChain(alias); PdfReader reader = new PdfReader("original.pdf"); FileOutputStream fout = new FileOutputStream("signed.pdf"); PdfStamper stp = PdfStamper.createSignature(reader, fout, '0'); PdfSignatureAppearance sap = stp.getSignatureAppearance(); sap.setCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED); sap.setReason("I'm the author"); sap.setLocation("Lisbon"); sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null); stp.close(); 2012-03-29 iText Summit 16
adbe.pkcs7.detached signing PdfSignatureAppearance sap = stp.getSignatureAppearance(); sap.setCrypto(null, chain, null, PdfSignatureAppearance.SELF_SIGNED); PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, new PdfName("adbe.pkcs7.detached")); dic.setDate(new PdfDate(sap.getSignDate())); sap.setCryptoDictionary(dic); HashMap<PdfName,Integer> exc = new HashMap<PdfName,Integer>(); exc.put(PdfName.CONTENTS, new Integer(contentEstimated * 2 + 2)); sap.preClose(exc); PdfPKCS7 sgn = new PdfPKCS7(pk, chain, null, "SHA1", null, false); InputStream data = sap.getRangeStream(); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); byte buf[] = new byte[8192]; int n; while ((n = data.read(buf)) > 0) messageDigest.update(buf, 0, n); byte hash[] = messageDigest.digest(); Calendar cal = Calendar.getInstance(); TSAClient tsc = new TSAClientBouncyCastle(TSA_URL, TSA_ACCNT, TSA_PASSW); byte[] ocsp = new OcspClientBouncyCastle((X509Certificate)chain[0], (X509Certificate)chain[1], url).getEncoded(); byte sh[] = sgn.getAuthenticatedAttributeBytes(hash, cal, ocsp); sgn.update(sh, 0, sh.length); byte[] encodedSig = sgn.getEncodedPKCS7(hash, cal, tsc, ocsp); byte[] paddedSig = new byte[contentEstimated]; System.arraycopy(encodedSig, 0, paddedSig, 0, encodedSig.length); PdfDictionary dic2 = new PdfDictionary(); dic2.put(PdfName.CONTENTS, new PdfString(paddedSig).setHexWriting(true)); sap.close(dic2); 2012-03-29 iText Summit 17
PAdES Part 3 in iText   No direct support but possible to use an external signature iText currently has no capabilities to assist in the signing 2012-03-29 iText Summit 18
PAdES Part 4 in iText  Full LTV support both in Document security Store and Timestamp 2012-03-29 iText Summit 19
PAdES Part 4 in iText PdfReader r = new PdfReader(IN_FILE); FileOutputStream fout = new FileOutputStream(OUT_FILE); PdfStamper stp = PdfStamper.createSignature(r, fout, '0', null, true); LtvVerification v = stp.getLtvVerification(); AcroFields af = stp.getAcroFields(); for (String sigName : af.getSignatureNames()) { v.addVerification(sigName, new OcspClientBouncyCastle(), new CrlClientImp(), LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO); } PdfSignatureAppearance sap = stp.getSignatureAppearance(); TSAClientBouncyCastle tsa = new TSAClientBouncyCastle(TSA_URL, TSA_ACCNT, TSA_PASSW, 6500, "sha256"); LtvTimestamp.timestamp(sap, tsa, null); 2012-03-29 iText Summit 20
iText sign architecture     Certificate encryption Validation – AcroFields.verifySignature() Signing – PdfSignatureAppearance, PdfPKCS7 Open Source – Modify at will 2012-03-29 iText Summit 21
Shortcomings of iText signing architecture      Monolithic Impossible to open a certificate encrypted PDF with a smartcard with C# Impossible to plug-in another validation engine/logic Arbitrary signing is possible with an external signature but iText won’t assist much in the process Open Source – no urgency in providing a decent interface 2012-03-29 iText Summit 22
New iText signing architecture    Based on the factory pattern Plug-in for certificate encryption, validation and signing Standard plug-in for detached signing and CAdES signing 2012-03-29 iText Summit 23

Empfohlen

Six Word Stories
Six Word StoriesSix Word Stories
Six Word StoriesDamian T. Gordon
 
Accelerate Your Apache Spark with Intel Optane DC Persistent Memory
Accelerate Your Apache Spark with Intel Optane DC Persistent MemoryAccelerate Your Apache Spark with Intel Optane DC Persistent Memory
Accelerate Your Apache Spark with Intel Optane DC Persistent MemoryDatabricks
 
About GStreamer 1.0 application development for beginners
About GStreamer 1.0 application development for beginnersAbout GStreamer 1.0 application development for beginners
About GStreamer 1.0 application development for beginnersShota TAMURA
 
ibus-skkをなんとかすっぺ会議
ibus-skkをなんとかすっぺ会議ibus-skkをなんとかすっぺ会議
ibus-skkをなんとかすっぺ会議emasaka
 
コンテナにおけるパフォーマンス調査でハマった話
コンテナにおけるパフォーマンス調査でハマった話コンテナにおけるパフォーマンス調査でハマった話
コンテナにおけるパフォーマンス調査でハマった話Yuta Shimada
 
NVMCT #1 ~今さら聞けないSSDの基本~
NVMCT #1 ~今さら聞けないSSDの基本~NVMCT #1 ~今さら聞けないSSDの基本~
NVMCT #1 ~今さら聞けないSSDの基本~Fixstars Corporation
 
Introduction to gRPC
Introduction to gRPCIntroduction to gRPC
Introduction to gRPCChandresh Pancholi
 
gRPC Design and Implementation
gRPC Design and ImplementationgRPC Design and Implementation
gRPC Design and ImplementationVarun Talwar
 

Empfohlen

Six Word Stories
Six Word StoriesSix Word Stories
Six Word StoriesDamian T. Gordon
 
Accelerate Your Apache Spark with Intel Optane DC Persistent Memory
Accelerate Your Apache Spark with Intel Optane DC Persistent MemoryAccelerate Your Apache Spark with Intel Optane DC Persistent Memory
Accelerate Your Apache Spark with Intel Optane DC Persistent MemoryDatabricks
 
About GStreamer 1.0 application development for beginners
About GStreamer 1.0 application development for beginnersAbout GStreamer 1.0 application development for beginners
About GStreamer 1.0 application development for beginnersShota TAMURA
 
ibus-skkをなんとかすっぺ会議
ibus-skkをなんとかすっぺ会議ibus-skkをなんとかすっぺ会議
ibus-skkをなんとかすっぺ会議emasaka
 
コンテナにおけるパフォーマンス調査でハマった話
コンテナにおけるパフォーマンス調査でハマった話コンテナにおけるパフォーマンス調査でハマった話
コンテナにおけるパフォーマンス調査でハマった話Yuta Shimada
 
NVMCT #1 ~今さら聞けないSSDの基本~
NVMCT #1 ~今さら聞けないSSDの基本~NVMCT #1 ~今さら聞けないSSDの基本~
NVMCT #1 ~今さら聞けないSSDの基本~Fixstars Corporation
 
Introduction to gRPC
Introduction to gRPCIntroduction to gRPC
Introduction to gRPCChandresh Pancholi
 
gRPC Design and Implementation
gRPC Design and ImplementationgRPC Design and Implementation
gRPC Design and ImplementationVarun Talwar
 
仮想マシンにおけるメモリ管理
仮想マシンにおけるメモリ管理仮想マシンにおけるメモリ管理
仮想マシンにおけるメモリ管理Akari Asai
 
Robert Kubis - gRPC - boilerplate to high-performance scalable APIs - code.t...
Robert Kubis - gRPC - boilerplate to high-performance scalable APIs - code.t... Robert Kubis - gRPC - boilerplate to high-performance scalable APIs - code.t...
Robert Kubis - gRPC - boilerplate to high-performance scalable APIs - code.t...AboutYouGmbH
 
Fluent Bit: Log Forwarding at Scale
Fluent Bit: Log Forwarding at ScaleFluent Bit: Log Forwarding at Scale
Fluent Bit: Log Forwarding at ScaleEduardo Silva Pereira
 
2015年度先端GPGPUシミュレーション工学特論 第5回 GPUのメモリ階層の詳細 (様々なメモリの利用)
2015年度先端GPGPUシミュレーション工学特論 第5回 GPUのメモリ階層の詳細 (様々なメモリの利用) 2015年度先端GPGPUシミュレーション工学特論 第5回 GPUのメモリ階層の詳細 (様々なメモリの利用)
2015年度先端GPGPUシミュレーション工学特論 第5回 GPUのメモリ階層の詳細 (様々なメモリの利用) 智啓 出川
 
[GKE & Spanner 勉強会] Cloud Spanner の技術概要
[GKE & Spanner 勉強会] Cloud Spanner の技術概要[GKE & Spanner 勉強会] Cloud Spanner の技術概要
[GKE & Spanner 勉強会] Cloud Spanner の技術概要Google Cloud Platform - Japan
 
SparkとCassandraの美味しい関係
SparkとCassandraの美味しい関係SparkとCassandraの美味しい関係
SparkとCassandraの美味しい関係datastaxjp
 
SQL Server 資料庫版本控管
SQL Server 資料庫版本控管SQL Server 資料庫版本控管
SQL Server 資料庫版本控管Will Huang
 
gRPC vs REST: let the battle begin!
gRPC vs REST: let the battle begin!gRPC vs REST: let the battle begin!
gRPC vs REST: let the battle begin!Alex Borysov
 
SRv6 study
SRv6 studySRv6 study
SRv6 studyHiro Mura
 
Dokkuの活用と内部構造
Dokkuの活用と内部構造Dokkuの活用と内部構造
Dokkuの活用と内部構造修平 富田
 
EC2上でパケットをミラーリング
EC2上でパケットをミラーリングEC2上でパケットをミラーリング
EC2上でパケットをミラーリングKenta Yasukawa
 
pg_bigmを用いた全文検索のしくみ(後編)
pg_bigmを用いた全文検索のしくみ(後編)pg_bigmを用いた全文検索のしくみ(後編)
pg_bigmを用いた全文検索のしくみ(後編)NTT DATA OSS Professional Services
 
Redis勉強会資料(2015/06 update)
Redis勉強会資料(2015/06 update)Redis勉強会資料(2015/06 update)
Redis勉強会資料(2015/06 update)Yuji Otani
 
PYNQ 祭り: Pmod のプログラミング
PYNQ 祭り: Pmod のプログラミングPYNQ 祭り: Pmod のプログラミング
PYNQ 祭り: Pmod のプログラミングryos36
 
Fluentd Overview, Now and Then
Fluentd Overview, Now and ThenFluentd Overview, Now and Then
Fluentd Overview, Now and ThenSATOSHI TAGOMORI
 
HTML5と WebSocket / WebRTC / Web Audio API / WebGL 技術解説
HTML5と WebSocket / WebRTC / Web Audio API / WebGL 技術解説HTML5と WebSocket / WebRTC / Web Audio API / WebGL 技術解説
HTML5と WebSocket / WebRTC / Web Audio API / WebGL 技術解説You_Kinjoh
 
PostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFSPostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFSTomas Vondra
 
Logicadの秒間16万リクエストをさばく広告入札システムにおける、gRPCの活用事例
Logicadの秒間16万リクエストをさばく広告入札システムにおける、gRPCの活用事例Logicadの秒間16万リクエストをさばく広告入札システムにおける、gRPCの活用事例
Logicadの秒間16万リクエストをさばく広告入札システムにおける、gRPCの活用事例Hironobu Isoda
 
使ってみませんか?pg_hint_plan
使ってみませんか?pg_hint_plan使ってみませんか?pg_hint_plan
使ってみませんか?pg_hint_planNTT DATA OSS Professional Services
 
Active Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオActive Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオjunichi anno
 
Fememare Ulkokallan saaristo ruoka&matkailu
Fememare Ulkokallan saaristo ruoka&matkailuFememare Ulkokallan saaristo ruoka&matkailu
Fememare Ulkokallan saaristo ruoka&matkailuElisa Aunola
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 

Weitere ähnliche Inhalte

Was ist angesagt?

仮想マシンにおけるメモリ管理
仮想マシンにおけるメモリ管理仮想マシンにおけるメモリ管理
仮想マシンにおけるメモリ管理Akari Asai
 
Robert Kubis - gRPC - boilerplate to high-performance scalable APIs - code.t...
Robert Kubis - gRPC - boilerplate to high-performance scalable APIs - code.t... Robert Kubis - gRPC - boilerplate to high-performance scalable APIs - code.t...
Robert Kubis - gRPC - boilerplate to high-performance scalable APIs - code.t...AboutYouGmbH
 
2015年度先端GPGPUシミュレーション工学特論 第5回 GPUのメモリ階層の詳細 (様々なメモリの利用)
2015年度先端GPGPUシミュレーション工学特論 第5回 GPUのメモリ階層の詳細 (様々なメモリの利用) 2015年度先端GPGPUシミュレーション工学特論 第5回 GPUのメモリ階層の詳細 (様々なメモリの利用)
2015年度先端GPGPUシミュレーション工学特論 第5回 GPUのメモリ階層の詳細 (様々なメモリの利用) 智啓 出川
 
[GKE & Spanner 勉強会] Cloud Spanner の技術概要
[GKE & Spanner 勉強会] Cloud Spanner の技術概要[GKE & Spanner 勉強会] Cloud Spanner の技術概要
[GKE & Spanner 勉強会] Cloud Spanner の技術概要Google Cloud Platform - Japan
 
SparkとCassandraの美味しい関係
SparkとCassandraの美味しい関係SparkとCassandraの美味しい関係
SparkとCassandraの美味しい関係datastaxjp
 
SQL Server 資料庫版本控管
SQL Server 資料庫版本控管SQL Server 資料庫版本控管
SQL Server 資料庫版本控管Will Huang
 
gRPC vs REST: let the battle begin!
gRPC vs REST: let the battle begin!gRPC vs REST: let the battle begin!
gRPC vs REST: let the battle begin!Alex Borysov
 
Dokkuの活用と内部構造
Dokkuの活用と内部構造Dokkuの活用と内部構造
Dokkuの活用と内部構造修平 富田
 
EC2上でパケットをミラーリング
EC2上でパケットをミラーリングEC2上でパケットをミラーリング
EC2上でパケットをミラーリングKenta Yasukawa
 
Redis勉強会資料(2015/06 update)
Redis勉強会資料(2015/06 update)Redis勉強会資料(2015/06 update)
Redis勉強会資料(2015/06 update)Yuji Otani
 
PYNQ 祭り: Pmod のプログラミング
PYNQ 祭り: Pmod のプログラミングPYNQ 祭り: Pmod のプログラミング
PYNQ 祭り: Pmod のプログラミングryos36
 
Fluentd Overview, Now and Then
Fluentd Overview, Now and ThenFluentd Overview, Now and Then
Fluentd Overview, Now and ThenSATOSHI TAGOMORI
 
HTML5と WebSocket / WebRTC / Web Audio API / WebGL 技術解説
HTML5と WebSocket / WebRTC / Web Audio API / WebGL 技術解説HTML5と WebSocket / WebRTC / Web Audio API / WebGL 技術解説
HTML5と WebSocket / WebRTC / Web Audio API / WebGL 技術解説You_Kinjoh
 
PostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFSPostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFSTomas Vondra
 
Logicadの秒間16万リクエストをさばく広告入札システムにおける、gRPCの活用事例
Logicadの秒間16万リクエストをさばく広告入札システムにおける、gRPCの活用事例Logicadの秒間16万リクエストをさばく広告入札システムにおける、gRPCの活用事例
Logicadの秒間16万リクエストをさばく広告入札システムにおける、gRPCの活用事例Hironobu Isoda
 
Active Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオActive Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオjunichi anno
 

Was ist angesagt? (20)

仮想マシンにおけるメモリ管理
仮想マシンにおけるメモリ管理仮想マシンにおけるメモリ管理
仮想マシンにおけるメモリ管理
 
Robert Kubis - gRPC - boilerplate to high-performance scalable APIs - code.t...
Robert Kubis - gRPC - boilerplate to high-performance scalable APIs - code.t... Robert Kubis - gRPC - boilerplate to high-performance scalable APIs - code.t...
Robert Kubis - gRPC - boilerplate to high-performance scalable APIs - code.t...
 
Fluent Bit: Log Forwarding at Scale
Fluent Bit: Log Forwarding at ScaleFluent Bit: Log Forwarding at Scale
Fluent Bit: Log Forwarding at Scale
 
2015年度先端GPGPUシミュレーション工学特論 第5回 GPUのメモリ階層の詳細 (様々なメモリの利用)
2015年度先端GPGPUシミュレーション工学特論 第5回 GPUのメモリ階層の詳細 (様々なメモリの利用) 2015年度先端GPGPUシミュレーション工学特論 第5回 GPUのメモリ階層の詳細 (様々なメモリの利用)
2015年度先端GPGPUシミュレーション工学特論 第5回 GPUのメモリ階層の詳細 (様々なメモリの利用)
 
[GKE & Spanner 勉強会] Cloud Spanner の技術概要
[GKE & Spanner 勉強会] Cloud Spanner の技術概要[GKE & Spanner 勉強会] Cloud Spanner の技術概要
[GKE & Spanner 勉強会] Cloud Spanner の技術概要
 
SparkとCassandraの美味しい関係
SparkとCassandraの美味しい関係SparkとCassandraの美味しい関係
SparkとCassandraの美味しい関係
 
SQL Server 資料庫版本控管
SQL Server 資料庫版本控管SQL Server 資料庫版本控管
SQL Server 資料庫版本控管
 
gRPC vs REST: let the battle begin!
gRPC vs REST: let the battle begin!gRPC vs REST: let the battle begin!
gRPC vs REST: let the battle begin!
 
SRv6 study
SRv6 studySRv6 study
SRv6 study
 
Dokkuの活用と内部構造
Dokkuの活用と内部構造Dokkuの活用と内部構造
Dokkuの活用と内部構造
 
EC2上でパケットをミラーリング
EC2上でパケットをミラーリングEC2上でパケットをミラーリング
EC2上でパケットをミラーリング
 
pg_bigmを用いた全文検索のしくみ(後編)
pg_bigmを用いた全文検索のしくみ(後編)pg_bigmを用いた全文検索のしくみ(後編)
pg_bigmを用いた全文検索のしくみ(後編)
 
Redis勉強会資料(2015/06 update)
Redis勉強会資料(2015/06 update)Redis勉強会資料(2015/06 update)
Redis勉強会資料(2015/06 update)
 
PYNQ 祭り: Pmod のプログラミング
PYNQ 祭り: Pmod のプログラミングPYNQ 祭り: Pmod のプログラミング
PYNQ 祭り: Pmod のプログラミング
 
Fluentd Overview, Now and Then
Fluentd Overview, Now and ThenFluentd Overview, Now and Then
Fluentd Overview, Now and Then
 
HTML5と WebSocket / WebRTC / Web Audio API / WebGL 技術解説
HTML5と WebSocket / WebRTC / Web Audio API / WebGL 技術解説HTML5と WebSocket / WebRTC / Web Audio API / WebGL 技術解説
HTML5と WebSocket / WebRTC / Web Audio API / WebGL 技術解説
 
PostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFSPostgreSQL on EXT4, XFS, BTRFS and ZFS
PostgreSQL on EXT4, XFS, BTRFS and ZFS
 
Logicadの秒間16万リクエストをさばく広告入札システムにおける、gRPCの活用事例
Logicadの秒間16万リクエストをさばく広告入札システムにおける、gRPCの活用事例Logicadの秒間16万リクエストをさばく広告入札システムにおける、gRPCの活用事例
Logicadの秒間16万リクエストをさばく広告入札システムにおける、gRPCの活用事例
 
使ってみませんか?pg_hint_plan
使ってみませんか?pg_hint_plan使ってみませんか?pg_hint_plan
使ってみませんか?pg_hint_plan
 
Active Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオActive Directory をInternetから使用するための4つのシナリオ
Active Directory をInternetから使用するための4つのシナリオ
 

Andere mochten auch

Fememare Ulkokallan saaristo ruoka&matkailu
Fememare Ulkokallan saaristo ruoka&matkailuFememare Ulkokallan saaristo ruoka&matkailu
Fememare Ulkokallan saaristo ruoka&matkailuElisa Aunola
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFiText Group nv
 
Start-ups: the tortoise and the hare
Start-ups: the tortoise and the hareStart-ups: the tortoise and the hare
Start-ups: the tortoise and the hareiText Group nv
 
Intellectual property and licensing
Intellectual property and licensingIntellectual property and licensing
Intellectual property and licensingiText Group nv
 
PDF made easy with iText 7
PDF made easy with iText 7PDF made easy with iText 7
PDF made easy with iText 7iText Group nv
 
FIT Seminar Singapore presentation
FIT Seminar Singapore presentationFIT Seminar Singapore presentation
FIT Seminar Singapore presentationiText Group nv
 
Monetizing open-source projects
Monetizing open-source projectsMonetizing open-source projects
Monetizing open-source projectsiText Group nv
 
Tech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitTech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitiText Group nv
 

Andere mochten auch (10)

Fememare Ulkokallan saaristo ruoka&matkailu
Fememare Ulkokallan saaristo ruoka&matkailuFememare Ulkokallan saaristo ruoka&matkailu
Fememare Ulkokallan saaristo ruoka&matkailu
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
 
Digital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDFDigital Signatures: how it's done in PDF
Digital Signatures: how it's done in PDF
 
Start-ups: the tortoise and the hare
Start-ups: the tortoise and the hareStart-ups: the tortoise and the hare
Start-ups: the tortoise and the hare
 
Intellectual property and licensing
Intellectual property and licensingIntellectual property and licensing
Intellectual property and licensing
 
Oops, I broke my API
Oops, I broke my APIOops, I broke my API
Oops, I broke my API
 
PDF made easy with iText 7
PDF made easy with iText 7PDF made easy with iText 7
PDF made easy with iText 7
 
FIT Seminar Singapore presentation
FIT Seminar Singapore presentationFIT Seminar Singapore presentation
FIT Seminar Singapore presentation
 
Monetizing open-source projects
Monetizing open-source projectsMonetizing open-source projects
Monetizing open-source projects
 
Tech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hitTech Startup Day 2015: 4 failures and 1 hit
Tech Startup Day 2015: 4 failures and 1 hit
 

Ähnlich wie PAdES signatures in iText and the road ahead

Making Sense Of Web Services
Making Sense Of Web ServicesMaking Sense Of Web Services
Making Sense Of Web ServicesJorgen Thelin
 
Working Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security PayloadWorking Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security Payloadijtsrd
 
Adobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES SecurityAdobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES Securityguest2a5a03
 
Performance Analysis between H.323 and SIP over VoIP
Performance Analysis between H.323 and SIP over VoIPPerformance Analysis between H.323 and SIP over VoIP
Performance Analysis between H.323 and SIP over VoIPijtsrd
 
Communication Protocols Augmentation in VLSI Design Applications
Communication Protocols Augmentation in VLSI Design ApplicationsCommunication Protocols Augmentation in VLSI Design Applications
Communication Protocols Augmentation in VLSI Design ApplicationsIJERA Editor
 
All about idoc definition architecture, implementation
All about idoc definition architecture, implementationAll about idoc definition architecture, implementation
All about idoc definition architecture, implementationmadaxx
 
All about idoc definition architecture, implementation
All about idoc definition architecture, implementationAll about idoc definition architecture, implementation
All about idoc definition architecture, implementationmadaxx
 
Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)Jorgen Thelin
 
Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture designEnterpriseGRC Solutions, Inc.
 
Sap abap ale idoc
Sap abap ale idocSap abap ale idoc
Sap abap ale idocBunty Jain
 
9726 dsi-protocol-stacks-ds new
9726 dsi-protocol-stacks-ds new9726 dsi-protocol-stacks-ds new
9726 dsi-protocol-stacks-ds newmm nn
 
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)Jorgen Thelin
 

Ähnlich wie PAdES signatures in iText and the road ahead (20)

Making Sense Of Web Services
Making Sense Of Web ServicesMaking Sense Of Web Services
Making Sense Of Web Services
 
Sap
SapSap
Sap
 
Working Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security PayloadWorking Survey of Authentication Header and Encapsulating Security Payload
Working Survey of Authentication Header and Encapsulating Security Payload
 
Adobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES SecurityAdobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES Security
 
Performance Analysis between H.323 and SIP over VoIP
Performance Analysis between H.323 and SIP over VoIPPerformance Analysis between H.323 and SIP over VoIP
Performance Analysis between H.323 and SIP over VoIP
 
Communication Protocols Augmentation in VLSI Design Applications
Communication Protocols Augmentation in VLSI Design ApplicationsCommunication Protocols Augmentation in VLSI Design Applications
Communication Protocols Augmentation in VLSI Design Applications
 
All about idoc definition architecture, implementation
All about idoc definition architecture, implementationAll about idoc definition architecture, implementation
All about idoc definition architecture, implementation
 
All about idoc definition architecture, implementation
All about idoc definition architecture, implementationAll about idoc definition architecture, implementation
All about idoc definition architecture, implementation
 
Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)Web Services and Devices Profile for Web Services (DPWS)
Web Services and Devices Profile for Web Services (DPWS)
 
Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture design
 
Mule anypoint b2 b
Mule anypoint b2 bMule anypoint b2 b
Mule anypoint b2 b
 
Mule B2B
Mule B2BMule B2B
Mule B2B
 
Anypoint b2 b
Anypoint b2 bAnypoint b2 b
Anypoint b2 b
 
Mule b2 b
Mule b2 bMule b2 b
Mule b2 b
 
Idocs
IdocsIdocs
Idocs
 
Sap abap ale idoc
Sap abap ale idocSap abap ale idoc
Sap abap ale idoc
 
Glossary of EDI Terms
Glossary of EDI TermsGlossary of EDI Terms
Glossary of EDI Terms
 
9726 dsi-protocol-stacks-ds new
9726 dsi-protocol-stacks-ds new9726 dsi-protocol-stacks-ds new
9726 dsi-protocol-stacks-ds new
 
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
Overview of Windows Vista Devices and Windows Communication Foundation (WCF)
 
EDI_IDOC.pdf
EDI_IDOC.pdfEDI_IDOC.pdf
EDI_IDOC.pdf
 

Mehr von iText Group nv

The effects of the GDPR
The effects of the GDPRThe effects of the GDPR
The effects of the GDPRiText Group nv
 
Build your own_photobooth
Build your own_photoboothBuild your own_photobooth
Build your own_photoboothiText Group nv
 
ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFiText Group nv
 
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegalIANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegaliText Group nv
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyiText Group nv
 
PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!iText Group nv
 
iText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Group nv
 
iText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Group nv
 
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Group nv
 
The XML Forms Architecture
The XML Forms ArchitectureThe XML Forms Architecture
The XML Forms ArchitectureiText Group nv
 
Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!iText Group nv
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsiText Group nv
 
Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...iText Group nv
 
The importance of standards
The importance of standardsThe importance of standards
The importance of standardsiText Group nv
 

Mehr von iText Group nv (15)

The effects of the GDPR
The effects of the GDPRThe effects of the GDPR
The effects of the GDPR
 
Build your own_photobooth
Build your own_photoboothBuild your own_photobooth
Build your own_photobooth
 
ETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDFETDA Conference - Digital signatures: how it's done in PDF
ETDA Conference - Digital signatures: how it's done in PDF
 
IANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and LegalIANAL: what developers should know about IP and Legal
IANAL: what developers should know about IP and Legal
 
Digital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case StudyDigital Signatures in the Cloud: A B2C Case Study
Digital Signatures in the Cloud: A B2C Case Study
 
ZUGFeRD: an overview
ZUGFeRD: an overviewZUGFeRD: an overview
ZUGFeRD: an overview
 
PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!PDF is dead. Long live PDF... with Java!
PDF is dead. Long live PDF... with Java!
 
iText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycleiText Summit 2014: Talk: iText throughout the document life cycle
iText Summit 2014: Talk: iText throughout the document life cycle
 
iText Summit 2014: Keynote talk
iText Summit 2014: Keynote talkiText Summit 2014: Keynote talk
iText Summit 2014: Keynote talk
 
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...
 
The XML Forms Architecture
The XML Forms ArchitectureThe XML Forms Architecture
The XML Forms Architecture
 
Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!Damn, the new generation kids are getting iPads in Highschool!
Damn, the new generation kids are getting iPads in Highschool!
 
Best practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFsBest practices in Certifying and Signing PDFs
Best practices in Certifying and Signing PDFs
 
Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...Choosing the iText Solution that is right for you: Community or Commercial ed...
Choosing the iText Solution that is right for you: Community or Commercial ed...
 
The importance of standards
The importance of standardsThe importance of standards
The importance of standards
 

Kürzlich hochgeladen

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Kürzlich hochgeladen (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

PAdES signatures in iText and the road ahead

  • 1. PAdES signatures in iText and the road ahead Paulo Soares
  • 2. About the speaker         Paulo Soares M.Sc. Electronics and Telecomunications Hardware background in military comunication systems Works for www.glintt.com Healthcare software (pharmacies, hospitals, clinics, laboratories) Industrial control, automation Software architect iText co-developer since 2000 2012-03-29 iText Summit 2
  • 3. Some acronyms          OSI - Open Systems Interconnection ASN.1 - Abstract Syntax Notation One BER - Basic Encoding Rules DER - Distinguished Encoding Rules IETF - Internet Engineering Task Force RFC – Request For Comments CMS – Cryptographic Message Syntax CAdES - CMS Advanced Electronic Signatures PAdES - PDF Advanced Electronic Signature Profiles 2012-03-29 iText Summit 3
  • 4. What is PAdES  In July 2009, ETSI (European Telecommunications Standard Institute) has published a new standard that will facilitate secure paperless transactions throughout Europe, in conformance with European legislation. The standard defines a series of profiles for PAdES — Advanced Electronic Signatures for PDF documents — that meet the requirements of the European Directive on a Community framework for electronic signatures (Directive 1999/93/EC).  The new standard was developed by ETSI's Electronic Signatures and Infrastructure (ESI) Technical Committee in collaboration with PDF experts. PDF is defined in a standard ISO 32000-1, so the ETSI activity included reviewing and documenting how ISO 32000-1 can satisfy the European Directive. The resulting PAdES standard, ETSI Technical Specification (TS) 102 778, also introduces a number of adaptations and extensions to PDF to satisfy the Directive's requirements. 2012-03-29 iText Summit 4
  • 5. PAdES summary      Part 1: "PAdES Overview - a framework document for PAdES"; Part 2: "PAdES Basic - Profile based on ISO 320001"; Part 3: "PAdES Enhanced - PAdES-BES and PAdES-EPES Profiles"; Part 4: "PAdES Long Term - PAdES-LTV Profile"; Part 5: "PAdES for XML Content - Profiles for XAdES signatures". 2012-03-29 iText Summit 5
  • 6. PAdES Part 1    Provides a general description of support for signatures in PDF documents including use of XML signatures to protect XML data in PDF documents; Lists the features of the PDF profiles specified in other parts of the document; Describes how the profiles may be used in combination. 2012-03-29 iText Summit 6
  • 7. PAdES Part 2  Profiles the use of PDF signatures, as described in ISO 32000-1 and based on CMS, for its use in any application areas where PDF is the appropriate technology for exchange of digital documents including interactive forms. 2012-03-29 iText Summit 7
  • 8. PAdES Part 2 SubFilter value adbe.pkcs7.detached Message Digest adbe.pkcs7.sha1 adbe.x509.rsa.sha1a SHA1 (PDF 1.3) SHA1 (PDF 1.3)b SHA1 (PDF 1.3) SHA256 (PDF 1.6) SHA384 (PDF 1.7) SHA384 (PDF 1.7) SHA512 (PDF 1.7) SHA512 (PDF 1.7) RIPEMD160 (PDF 1.7) RSA Algorithm Support SHA256 (PDF 1.6) RIPEMD160 (PDF 1.7) Up to 1024-bit (PDF 1.3) See adbe.pkcs7.detached See adbe.pkcs7.detached See adbe.pkcs7.detached No Up to 2048-bit (PDF 1.5) Up to 4096-bit (PDF 1.5) DSA Algorithm Support Up to 4096-bits (PDF 1.6) a Despite the appearance of sha1 in the name of this SubFilter value, supported encodings shall not be limited to the SHA1 algorithm. The PKCS#1 object contains an identifier that indicates which algorithm shall be used. b Other digest algorithms may be used to digest the signed-data field; however, SHA1 shall be used to digest the data that is being signed. 2012-03-29 iText Summit 8
  • 9. PAdES Part 3    Profiles the use of PDF Signatures specified in ISO 32000-1 with an alternative signature encoding to support signature formats equivalent to the signature forms CAdES-BES, CAdES-EPES and CAdES-T as Specified in TS 101 733. The PAdES-BES profile supports basic CMS (RFC 3852) signature features as specified TS 102 778-2 with the additional protection against signing certificate substitution. The PAdES-EPES profile extends the PAdES-BES profile to include signature policies. 2012-03-29 iText Summit 9
  • 10. PAdES Part 4   Profiles the electronic signature formats found in ISO 32000-1 [1] to support Long Term Validation (LTV) of PDF Signatures Specifies how to include validation information in a PDF Document and to further protect the document using time-stamps so that it is possible to subsequently verify a PDF Signature long after it was signed. This profile may be used to support long term validation of: • • • PDF Signatures to profiles specified in TS 102 778-2 PDF Signatures to profiles specified in TS 102 778-3 PDF Signatures to profiles specified in TS 102 778-5 2012-03-29 iText Summit 10
  • 12. PAdES Part 5  Defines four profiles that together profile the usage of XAdES signatures, as defined in TS 101 903, for signing XML content within the PDF containers. 2012-03-29 iText Summit 12
  • 13. PAdES support in iText     Full support of PAdES Part 2 Support of PAdES Part 3 with an external signature Full support of PAdES Part 4 No support of PAdES Part 5 2012-03-29 iText Summit 13
  • 14. PAdES Part 2 in iText    Direct support of adbe.x509.rsa.sha1 Direct support of adbe.pkcs7.sha1 Support of adbe.pkcs7.detached as an external signature but iText does the signing 2012-03-29 iText Summit 14
  • 15. adbe.x509.rsa.sha1 signing KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(new FileInputStream("my_private_key.pfx"), "my_password".toCharArray()); String alias = (String)ks.aliases().nextElement(); PrivateKey key = (PrivateKey)ks.getKey(alias, "my_password".toCharArray()); Certificate[] chain = ks.getCertificateChain(alias); PdfReader reader = new PdfReader("original.pdf"); FileOutputStream fout = new FileOutputStream("signed.pdf"); PdfStamper stp = PdfStamper.createSignature(reader, fout, '0'); PdfSignatureAppearance sap = stp.getSignatureAppearance(); sap.setCrypto(key, chain, null, PdfSignatureAppearance.SELF_SIGNED); sap.setReason("I'm the author"); sap.setLocation("Lisbon"); sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null); stp.close(); 2012-03-29 iText Summit 15
  • 16. adbe.pkcs7.sha1 signing KeyStore ks = KeyStore.getInstance("pkcs12"); ks.load(new FileInputStream("my_private_key.pfx"), "my_password".toCharArray()); String alias = (String)ks.aliases().nextElement(); PrivateKey key = (PrivateKey)ks.getKey(alias, "my_password".toCharArray()); Certificate[] chain = ks.getCertificateChain(alias); PdfReader reader = new PdfReader("original.pdf"); FileOutputStream fout = new FileOutputStream("signed.pdf"); PdfStamper stp = PdfStamper.createSignature(reader, fout, '0'); PdfSignatureAppearance sap = stp.getSignatureAppearance(); sap.setCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED); sap.setReason("I'm the author"); sap.setLocation("Lisbon"); sap.setVisibleSignature(new Rectangle(100, 100, 200, 200), 1, null); stp.close(); 2012-03-29 iText Summit 16
  • 17. adbe.pkcs7.detached signing PdfSignatureAppearance sap = stp.getSignatureAppearance(); sap.setCrypto(null, chain, null, PdfSignatureAppearance.SELF_SIGNED); PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, new PdfName("adbe.pkcs7.detached")); dic.setDate(new PdfDate(sap.getSignDate())); sap.setCryptoDictionary(dic); HashMap<PdfName,Integer> exc = new HashMap<PdfName,Integer>(); exc.put(PdfName.CONTENTS, new Integer(contentEstimated * 2 + 2)); sap.preClose(exc); PdfPKCS7 sgn = new PdfPKCS7(pk, chain, null, "SHA1", null, false); InputStream data = sap.getRangeStream(); MessageDigest messageDigest = MessageDigest.getInstance("SHA1"); byte buf[] = new byte[8192]; int n; while ((n = data.read(buf)) > 0) messageDigest.update(buf, 0, n); byte hash[] = messageDigest.digest(); Calendar cal = Calendar.getInstance(); TSAClient tsc = new TSAClientBouncyCastle(TSA_URL, TSA_ACCNT, TSA_PASSW); byte[] ocsp = new OcspClientBouncyCastle((X509Certificate)chain[0], (X509Certificate)chain[1], url).getEncoded(); byte sh[] = sgn.getAuthenticatedAttributeBytes(hash, cal, ocsp); sgn.update(sh, 0, sh.length); byte[] encodedSig = sgn.getEncodedPKCS7(hash, cal, tsc, ocsp); byte[] paddedSig = new byte[contentEstimated]; System.arraycopy(encodedSig, 0, paddedSig, 0, encodedSig.length); PdfDictionary dic2 = new PdfDictionary(); dic2.put(PdfName.CONTENTS, new PdfString(paddedSig).setHexWriting(true)); sap.close(dic2); 2012-03-29 iText Summit 17
  • 18. PAdES Part 3 in iText   No direct support but possible to use an external signature iText currently has no capabilities to assist in the signing 2012-03-29 iText Summit 18
  • 19. PAdES Part 4 in iText  Full LTV support both in Document security Store and Timestamp 2012-03-29 iText Summit 19
  • 20. PAdES Part 4 in iText PdfReader r = new PdfReader(IN_FILE); FileOutputStream fout = new FileOutputStream(OUT_FILE); PdfStamper stp = PdfStamper.createSignature(r, fout, '0', null, true); LtvVerification v = stp.getLtvVerification(); AcroFields af = stp.getAcroFields(); for (String sigName : af.getSignatureNames()) { v.addVerification(sigName, new OcspClientBouncyCastle(), new CrlClientImp(), LtvVerification.CertificateOption.WHOLE_CHAIN, LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO); } PdfSignatureAppearance sap = stp.getSignatureAppearance(); TSAClientBouncyCastle tsa = new TSAClientBouncyCastle(TSA_URL, TSA_ACCNT, TSA_PASSW, 6500, "sha256"); LtvTimestamp.timestamp(sap, tsa, null); 2012-03-29 iText Summit 20
  • 21. iText sign architecture     Certificate encryption Validation – AcroFields.verifySignature() Signing – PdfSignatureAppearance, PdfPKCS7 Open Source – Modify at will 2012-03-29 iText Summit 21
  • 22. Shortcomings of iText signing architecture      Monolithic Impossible to open a certificate encrypted PDF with a smartcard with C# Impossible to plug-in another validation engine/logic Arbitrary signing is possible with an external signature but iText won’t assist much in the process Open Source – no urgency in providing a decent interface 2012-03-29 iText Summit 22
  • 23. New iText signing architecture    Based on the factory pattern Plug-in for certificate encryption, validation and signing Standard plug-in for detached signing and CAdES signing 2012-03-29 iText Summit 23