Digitally sign PDF files
haxier
haxier at gmail.com
Mon Aug 11 17:13:13 EDT 2008
On 11 ago, 22:29, Hartmut Goebel <h.goe... at goebel-consult.de> wrote:
> > I'm developing an application with some reports and we're looking for
> > advice. This reports should be openoffice.org .odf files, pdf files,
> > and perhaps microsoft word files (.doc, .docx?) and must be digitally
> > signed. Is out there some kind of libraries to ease this tasks?
>
> For signing you can use OpenSSL or the more complete M2crypto modules.
> But this is only the crypto part of the task.
M2Crypto? I didn't know of it... surely I must check it.
It's a very delicate component (security and reliability is a must)
and don't know how openssl works in windows environments.
> > * Access to the local user certificate store, and read PEM or PKCS12
> > certificate files.
>
> If the certificate store is just a file, both packages can to this. If
> the store is some otehr format or maybe the Windows registry, some
> additional functions are required, but should be easy to implement.
Certificates can be both: PKCS12 (.p12) files and under the windows
certificate store.
The best option could be some kind of thin wrapper around windows
CryotoAPI, so access to hardware tokens and smartcard readers should
be easy because under Linux everything seems tied to Mozilla NSS
libraries.
> > * Sign documents: as a binary stream, within an specific document
> > (pdf, odt, doc)
>
> This is the hardest part of the task, since the signature has to be
> embedded into the document.
OpenOffice.org uses XML DSIG (libxmlsec, libxml2) as stated here[1]
but I can't find more than this[2] implementation/wrapper of libxmlsec
PDF signing... I can't find something like iText for Python... I've
finded examples like this[3] based on Jython... perhaps I should look
at jython because java 1.6 has full access to Windows CryptoAPI and
full XML-DSIG support[4]
IronPython could also be an interesting option for obvious reasons and
there's and iText port for .NET
Thanks
[1] http://marketing.openoffice.org/ooocon2004/presentations/friday/timmermann_digital_signatures.pdf
[2] http://xmlsig.sourceforge.net/build.html
[3] http://kelpi.com/script/00cd7c
[4] http://java.sun.com/javase/6/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
More information about the Python-list
mailing list