Digitally sign PDF files

Discussion in 'Python' started by haxier, Aug 11, 2008.

  1. haxier

    haxier Guest

    Hi all

    I'm developing an application with some reports and we're looking for
    advice. This reports should be openoffice.org .odf files, pdf files,
    and perhaps microsoft word files (.doc, .docx?) and must be digitally
    signed. Is out there some kind of libraries to ease this tasks?

    * Access to the local user certificate store, and read PEM or PKCS12
    certificate files.
    * Read, parse and validate user certificates
    * Sign documents: as a binary stream, within an specific document
    (pdf, odt, doc)

    I've been googling and found very few documentation about this --
    except some examples using jython and ironpython.

    Thanks
     
    haxier, Aug 11, 2008
    #1
    1. Advertisements

  2. Hi,
    For signing you can use OpenSSL or the more complete M2crypto modules.
    But this is only the crypto part of the task.
    If the certificate store is just a file, both packages can to this. If
    the store is some otehr format or maybe the Windows registry, some
    additional functions are required, but should be easy to implement.
    This can be easily done with both.
    This is the hardest part of the task, since the signature has to be
    embedded into the document.


    --
    Schönen Gruß - Regards
    Hartmut Goebel

    Goebel Consult
    Spezialist für IT-Sicherheit in komplexen Umgebungen
    http://www.goebel-consult.de
     
    Hartmut Goebel, Aug 11, 2008
    #2
    1. Advertisements

  3. haxier

    haxier Guest

    M2Crypto? I didn't know of it... surely I must check it.

    It's a very delicate component (security and reliability is a must)
    and don't know how openssl works in windows environments.
    Certificates can be both: PKCS12 (.p12) files and under the windows
    certificate store.

    The best option could be some kind of thin wrapper around windows
    CryotoAPI, so access to hardware tokens and smartcard readers should
    be easy because under Linux everything seems tied to Mozilla NSS
    libraries.
    OpenOffice.org uses XML DSIG (libxmlsec, libxml2) as stated here[1]
    but I can't find more than this[2] implementation/wrapper of libxmlsec

    PDF signing... I can't find something like iText for Python... I've
    finded examples like this[3] based on Jython... perhaps I should look
    at jython because java 1.6 has full access to Windows CryptoAPI and
    full XML-DSIG support[4]

    IronPython could also be an interesting option for obvious reasons and
    there's and iText port for .NET

    Thanks

    [1] http://marketing.openoffice.org/ooocon2004/presentations/friday/timmermann_digital_signatures.pdf
    [2] http://xmlsig.sourceforge.net/build.html
    [3] http://kelpi.com/script/00cd7c
    [4] http://java.sun.com/javase/6/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
     
    haxier, Aug 11, 2008
    #3
  4. M2crypto is available for windows, too. So I would not expect any
    problems here.
    I'm not a windows guy, so I can't help here.
    Some is using NSS, some is OpenSSL. I personally use M2crypto, since the
    licence fits me better.
    I've not found a usefull specification, too. Digital Signing seams to
    become part of ODF 1.2, but I've not found a clear statement on which
    files have to be signed nor how.
    iText is overkill far what you need. You only want to sign, not generate
    PDF files.

    --
    Schönen Gruß - Regards
    Hartmut Goebel

    Goebel Consult
    Spezialist für IT-Sicherheit in komplexen Umgebungen
    http://www.goebel-consult.de
     
    Hartmut Goebel, Aug 15, 2008
    #4
  5. haxier

    John Krukoff Guest

    A note on libxmlsec, there are also these python bindings available:
    http://pyxmlsec.labs.libre-entreprise.org/index.php?section=examples
     
    John Krukoff, Aug 15, 2008
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.