Re: [Podofo-users] PDF signature

[Josep M. T. <jm...@c3...>]

On Tue, 2007-03-13 at 16:01 -0400, Leonard Rosenthol wrote:
> On Mar 13, 2007, at 12:22 PM, Josep Mones Teixidor wrote:
> 
> > I need to sign PDF files using ordinary or MDP signatures along with
> > ByteRange or, if possible, ObjectDigest. I need to do that from a
> > Windows CE environment, so I'm considering C and C++ possibilities, as
> > PoDoFo.
> >
> 	ByteRange signatures are MUCH simpler to implement than MDP/ 
> ObjDigest ones.   So if you have a choice - go with them!
> 
> 
> > As I see from the code, the library doesn't support signature. Am I
> > right?
> >
> 	Correct.
> 
> 
> > I'd be willing to add this feature to PoDoFo, but I'd need to  
> > assess how
> > much work I'd need to do that. Can this feature easily be added to the
> > library?
> >
> 
> 	ASSUMING that you have a comprehensive crypto library available to  
> handle the complexities of hashing, signing and certificate  
> management - PoDoFo is complete enough to enable you to build a  
> solution.   Using something like openssl, cryptlib or crypto++ (on a  
> desktop/server machine), adding byte range signatures to PoDoFo  
> wouldn't take more than a couple of days of work - assuming someone  
> familar with DigSig technology and low level PDF work.   If you're  
> not familiar with one or the other, than add accordingly.
> 
> 
> Leonard
> 

Leonard,

Thank you very much for your answer... It has been very helpful.

Our company is a smart card reader manufacturer and we have lots of
experience in the digital signature field.

However we don't have such experience in the PDF field, but we can
handle it ;)

I see that no extra libraries are used, and porting to MS Windows is
already done. So i expect porting to Windows CE should be easy,
shouldn't it?

We will use this for a project for a customer, so I can't say now that
we'll surely make this in the future. We depend on their decision.

If we finally do this modification and if you think it would be a nice
addition to PoDoFo, we'll work to do this in PoDoFo "style".

Since we need windows, we'll probably need to use CryptoAPI (because we
want to enable a solution to smart card users and certificates are
usually in CryptoAPI or PKCS#11 must be used). Perhaps it would be a a
good solution to make an API that's able to extract a hash (or data to
be hashed), and then to introduce a signature, since I imagine you don't
want to stick to CryptoAPI ;)

Or we could just make a system that has multiple backends (but it would
be a little bit difficult to make a unique API to that, in order to
select signing certificates).

Anyway, we can discuss that later.

Thank you again for all the information!

Regards,

-- 
Josep Monés
jm...@c3...
C3PO, S.L.
http://www.c3po.es
C/ Bertran, 113  -  08023 Barcelona
Tel. 93 417 99 55  -  Fax 93 253 12 80