iText Summit 2012, talk by Paulo Soares. Note that the plans that are discussed in these slides were already implemented. See also http://itextpdf.com/book/digitalsignatures
2. About the speaker
Paulo Soares
M.Sc. Electronics and Telecomunications
Hardware background in military comunication
systems
Works for www.glintt.com
Healthcare software (pharmacies, hospitals,
clinics, laboratories)
Industrial control, automation
Software architect
iText co-developer since 2000
2012-03-29
iText Summit
2
3. Some acronyms
OSI - Open Systems Interconnection
ASN.1 - Abstract Syntax Notation One
BER - Basic Encoding Rules
DER - Distinguished Encoding Rules
IETF - Internet Engineering Task Force
RFC – Request For Comments
CMS – Cryptographic Message Syntax
CAdES - CMS Advanced Electronic Signatures
PAdES - PDF Advanced Electronic Signature
Profiles
2012-03-29
iText Summit
3
4. What is PAdES
In July 2009, ETSI (European Telecommunications Standard Institute)
has published a new standard that will facilitate secure paperless
transactions throughout Europe, in conformance with European
legislation. The standard defines a series of profiles for PAdES —
Advanced Electronic Signatures for PDF documents — that meet the
requirements of the European Directive on a Community framework for
electronic signatures (Directive 1999/93/EC).
The new standard was developed by ETSI's Electronic Signatures and
Infrastructure (ESI) Technical Committee in collaboration with PDF
experts. PDF is defined in a standard ISO 32000-1, so the ETSI
activity included reviewing and documenting how ISO 32000-1 can
satisfy the European Directive. The resulting PAdES standard, ETSI
Technical Specification (TS) 102 778, also introduces a number of
adaptations and extensions to PDF to satisfy the Directive's
requirements.
2012-03-29
iText Summit
4
5. PAdES summary
Part 1: "PAdES Overview - a framework document
for PAdES";
Part 2: "PAdES Basic - Profile based on ISO 320001";
Part 3: "PAdES Enhanced - PAdES-BES and
PAdES-EPES Profiles";
Part 4: "PAdES Long Term - PAdES-LTV Profile";
Part 5: "PAdES for XML Content - Profiles for XAdES
signatures".
2012-03-29
iText Summit
5
6. PAdES Part 1
Provides a general description of support
for signatures in PDF documents
including use of XML signatures to
protect XML data in PDF documents;
Lists the features of the PDF profiles
specified in other parts of the document;
Describes how the profiles may be used
in combination.
2012-03-29
iText Summit
6
7. PAdES Part 2
Profiles the use of PDF signatures, as
described in ISO 32000-1 and based on
CMS, for its use in any application areas
where PDF is the appropriate technology
for exchange of digital documents
including interactive forms.
2012-03-29
iText Summit
7
8. PAdES Part 2
SubFilter value
adbe.pkcs7.detached
Message Digest
adbe.pkcs7.sha1
adbe.x509.rsa.sha1a
SHA1 (PDF 1.3)
SHA1 (PDF 1.3)b
SHA1 (PDF 1.3)
SHA256 (PDF 1.6)
SHA384 (PDF 1.7)
SHA384 (PDF 1.7)
SHA512 (PDF 1.7)
SHA512 (PDF 1.7)
RIPEMD160 (PDF 1.7)
RSA Algorithm Support
SHA256 (PDF 1.6)
RIPEMD160 (PDF 1.7)
Up to 1024-bit (PDF 1.3)
See adbe.pkcs7.detached
See adbe.pkcs7.detached
See adbe.pkcs7.detached
No
Up to 2048-bit (PDF 1.5)
Up to 4096-bit (PDF 1.5)
DSA Algorithm Support
Up to 4096-bits (PDF 1.6)
a Despite
the appearance of sha1 in the name of this SubFilter value, supported encodings shall not be limited to the SHA1 algorithm. The PKCS#1
object contains an identifier that indicates which algorithm shall be used.
b Other
digest algorithms may be used to digest the signed-data field; however, SHA1 shall be used to digest the data that is being signed.
2012-03-29
iText Summit
8
9. PAdES Part 3
Profiles the use of PDF Signatures specified in ISO
32000-1 with an alternative signature encoding to support
signature formats equivalent to the signature forms
CAdES-BES, CAdES-EPES and CAdES-T as Specified in
TS 101 733.
The PAdES-BES profile supports basic CMS (RFC 3852)
signature features as specified TS 102 778-2 with the
additional protection against signing certificate
substitution.
The PAdES-EPES profile extends the PAdES-BES profile
to include signature policies.
2012-03-29
iText Summit
9
10. PAdES Part 4
Profiles the electronic signature formats found in ISO
32000-1 [1] to support Long Term Validation (LTV) of
PDF Signatures
Specifies how to include validation information in a PDF
Document and to further protect the document using
time-stamps so that it is possible to subsequently verify a
PDF Signature long after it was signed. This profile may
be used to support long term validation of:
•
•
•
PDF Signatures to profiles specified in TS 102 778-2
PDF Signatures to profiles specified in TS 102 778-3
PDF Signatures to profiles specified in TS 102 778-5
2012-03-29
iText Summit
10
12. PAdES Part 5
Defines four profiles that together profile
the usage of XAdES signatures, as
defined in TS 101 903, for signing XML
content within the PDF containers.
2012-03-29
iText Summit
12
13. PAdES support in iText
Full support of PAdES Part 2
Support of PAdES Part 3 with an
external signature
Full support of PAdES Part 4
No support of PAdES Part 5
2012-03-29
iText Summit
13
14. PAdES Part 2 in iText
Direct support of adbe.x509.rsa.sha1
Direct support of adbe.pkcs7.sha1
Support of adbe.pkcs7.detached as an
external signature but iText does the
signing
2012-03-29
iText Summit
14
17. adbe.pkcs7.detached signing
PdfSignatureAppearance sap = stp.getSignatureAppearance();
sap.setCrypto(null, chain, null, PdfSignatureAppearance.SELF_SIGNED);
PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, new PdfName("adbe.pkcs7.detached"));
dic.setDate(new PdfDate(sap.getSignDate()));
sap.setCryptoDictionary(dic);
HashMap<PdfName,Integer> exc = new HashMap<PdfName,Integer>();
exc.put(PdfName.CONTENTS, new Integer(contentEstimated * 2 + 2));
sap.preClose(exc);
PdfPKCS7 sgn = new PdfPKCS7(pk, chain, null, "SHA1", null, false);
InputStream data = sap.getRangeStream();
MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
byte buf[] = new byte[8192]; int n;
while ((n = data.read(buf)) > 0) messageDigest.update(buf, 0, n);
byte hash[] = messageDigest.digest(); Calendar cal = Calendar.getInstance();
TSAClient tsc = new TSAClientBouncyCastle(TSA_URL, TSA_ACCNT, TSA_PASSW);
byte[] ocsp = new OcspClientBouncyCastle((X509Certificate)chain[0], (X509Certificate)chain[1],
url).getEncoded();
byte sh[] = sgn.getAuthenticatedAttributeBytes(hash, cal, ocsp);
sgn.update(sh, 0, sh.length);
byte[] encodedSig = sgn.getEncodedPKCS7(hash, cal, tsc, ocsp);
byte[] paddedSig = new byte[contentEstimated];
System.arraycopy(encodedSig, 0, paddedSig, 0, encodedSig.length);
PdfDictionary dic2 = new PdfDictionary();
dic2.put(PdfName.CONTENTS, new PdfString(paddedSig).setHexWriting(true));
sap.close(dic2);
2012-03-29
iText Summit
17
18. PAdES Part 3 in iText
No direct support but possible to use an
external signature
iText currently has no capabilities to
assist in the signing
2012-03-29
iText Summit
18
19. PAdES Part 4 in iText
Full LTV support both in Document
security Store and Timestamp
2012-03-29
iText Summit
19
20. PAdES Part 4 in iText
PdfReader r = new PdfReader(IN_FILE);
FileOutputStream fout = new FileOutputStream(OUT_FILE);
PdfStamper stp = PdfStamper.createSignature(r, fout, '0', null, true);
LtvVerification v = stp.getLtvVerification();
AcroFields af = stp.getAcroFields();
for (String sigName : af.getSignatureNames()) {
v.addVerification(sigName, new OcspClientBouncyCastle(), new
CrlClientImp(), LtvVerification.CertificateOption.WHOLE_CHAIN,
LtvVerification.Level.OCSP_CRL, LtvVerification.CertificateInclusion.NO);
}
PdfSignatureAppearance sap = stp.getSignatureAppearance();
TSAClientBouncyCastle tsa = new TSAClientBouncyCastle(TSA_URL,
TSA_ACCNT, TSA_PASSW, 6500, "sha256");
LtvTimestamp.timestamp(sap, tsa, null);
2012-03-29
iText Summit
20
21. iText sign architecture
Certificate encryption
Validation – AcroFields.verifySignature()
Signing – PdfSignatureAppearance,
PdfPKCS7
Open Source – Modify at will
2012-03-29
iText Summit
21
22. Shortcomings of iText signing
architecture
Monolithic
Impossible to open a certificate encrypted
PDF with a smartcard with C#
Impossible to plug-in another validation
engine/logic
Arbitrary signing is possible with an external
signature but iText won’t assist much in the
process
Open Source – no urgency in providing a
decent interface
2012-03-29
iText Summit
22
23. New iText signing architecture
Based on the factory pattern
Plug-in for certificate encryption,
validation and signing
Standard plug-in for detached signing
and CAdES signing
2012-03-29
iText Summit
23