PDF Digital signatures

1T3XT BVBA, the iText Company http://itextpdf.com/

Protecting your PDFPDF and digital signatures


Protecting your PDF

iText in Action, chapter 12• 12.1: Adding Metadata• 12.2: PDF and compression• 12.3: Encrypting a PDF document• 12.4: Digital signatures, OCSP, and

timestamping


Structure of a PDF file

A PDF file consists of a collection of objects.A PDF files starts with %PDF-1.x and ends with %%EOF

%PDF-1.x%âãÏÓ�1 0 obj...

2 0 obj... (Hello World) Tj ...

xref0 810000000000 65535 f0000000015 00000 n...trailer<< ... >>startxref15787%%EOF


Changing the content of a PDF file

You can use software to change the content of a PDF document: change a stream, add objects (e.g annotations), and so on.

%PDF-1.x%âãÏÓ�1 0 obj...2 0 obj... (Hello People) Tj ...121 0 obj...xref0 850000000000 65535 f0000000015 00000 n...trailer<< ... >>startxref16157%%EOF


What are our concerns?

• Integrity—we want assurance that the document hasn’t been changed somewhere in the workflow

• Authenticity—we want assurance that the author of the document is who we think it is (and not somebody else)

• Non-repudiation—we want assurance that the author can’t deny his authorship.


Integrity

• A digest is computed over a range of bytes from the file.

• This ByteRange is signed using the private key of the sender.

• This digest and the sender’s Certificate are embedded in the PDF.

• The receiver compares the embedded digest with the digest of the content.


Digital Signature field

A signed PDF file contains a signature dictionary.The binary value of the PDF signature is placed into the Contents entry of a signature dictionary.

%PDF-1.x%âãÏÓ�1 0 obj...2 0 obj<< /Type/Sig /Contents/...>>...xref0 810000000000 65535 f...trailer<< ... >>startxref15787%%EOF


Embedded Digital Signature

The digital signature isn’t part of the ByteRange.There are no bytes in the PDF that aren’t covered, other than the PDF signature itself.

%PDF-1.x%âãÏÓ�...2 0 obj<<... /Type/Sig /Contents<

> ... >>xref0 810000000000 65535 f...trailer<< ... >>startxref15787%%EOF

DIGITALSIGNATURE


Cryptography

• Symmetric key algorithms: the same key is used to encrypt and decrypt content.

• Asymmetric key algorithms: a public key is used to encrypt, a private key is used to decrypt (for encryption purposes).

• Or, a private key is used to encrypt, a public key is used to decrypt (for digital signatures).


Obtain a public/private key

• Create your own keystore (with the private key) and self-signed certificate (with the public key); e.g. using keytool

• Ask a Certificate Authority (CA) to sign your certificate to prove your identity

• A Certificate signed by a CA’s private key can be decrypted with the CA’s root certificate (stored in Adobe Reader)


Digital Signatures

Stored on the producer’s side• Certificate

– Public key– Identity info

• Private key• Original document

ByteRange

Received by the consumer

%PDF-1.x.../ByteRange .../Contents<

>...%%EOF

DIGITAL SIGNATURE• Certificate• Signed Message Digest• Timestamp


DIGITAL SIGNATURE• Certificate

%PDF-1.x...

...%%EOF

• Timestamp

• Signed Message Digest

Possible architecture

Existing PDF documentCreated by PDF producer

Fill out signature fieldUsing iText

Externally sign digestcreated with iText

Application Device


Displaying digital signatures

• Digital signatures are part of the file structure: it isn’t mandatory for a digital signature to be displayed on a page.

• Digital signatures are listed in the signature panel.

• A digital signature can be visualized as a field widget (this widget can consist of graphics, text,...).


Invisible signature


Visible signature


Invalid signature


Custom signature


Important note

• A signature signs the complete document.

• The concept of signing separate pages in a document (“to initial a document”) doesn’t exist in PDF.

• Legal issue: how to prove that a person who signed for approval has read the complete document?


Serial signatures

A PDF document can be signed more than once, but parallel signatures aren’t supported, only serial signatures: additional signatures sign all previous signatures.

%PDF-1.x% Original document

% Additional content 1...

...%%EOF

DIGITAL SIGNATURE 1

...%%EOF

DIGITAL SIGNATURE 2

% Additional content 2...

...%%EOF

DIGITAL SIGNATURE 3

Rev1

Rev2

Rev3


Two signatures


Types of signatures

• Certification (aka author) signature— only possible for the first revision; involves modification detection permissions.

• Approval (aka recipient) signature— workflow with subsequent signers.

• Usage Rights signature— involving Adobe’s private key to Reader enable a PDF (off-topic here).


Problems solved?

• Integrity—signature is invalidated if bytes are changed

• Authenticity—Certificate Authority verifies the identity of the owner of the private key

• Non-repudiation—the author is the only one who has access to the private key


What if?

• What if the author’s private key is compromised?

• What if the author falsifies the creation date of the document?

• What if the certificate expires too soon?


Revocation checking

• Certificate Revocation List (CRL)The certificate is checked against a list of revoked certificates.

• Online Certificate Status Protocol (OCSP)The revokation status is obtained from a server.If the certificate was revoked, the signature is invalid.


OCSP


Timestamping

• The timestamp of a signature can be based on the signer’s local machine time,

• Or the signer can involve a Time Stamp Authority (TSA). The message digest is sent to a trusted timestamp server. This server adds a timestamp and signs the resulting hash using the TSA’s private key.

• The signer can’t forge the time anymore.


Timestamp


PAdES - LTV

• PAdES: PDF Advanced Electronic Signatures• LTV: Long Term Validation• Requires extensions to ISO-32000-1• Described by ETSI in TS 102 778 part 4• Requires Document Security Store (DSS)

and Document Timestamp• A new DSS+TS are added before expiration

of the last document timestamp


More info

• iText in Action Second Edition• Web site:

http://itextpdf.com• Company:

1T3XT BVBA

PDF Digital signatures

Technology

pdf file pdf

private key

digital signatures

digital signature

public key

pdf document

signature dictionary

trailer