I've just a simple conceptual question. I see that SignServer differences between file types when it comes to sign a file, e.g., ODF, PDF, XML, etc. My doubt is (and I suppose it has a simple question, but I can't find it), why is it necessary to distinguish between file formats? Or, from other perspective, why it is not valid to treat a file just like a bunch of binary data, sign it, and forget about anything else?
Thank you.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In general you can have a "binary blob" signer that sign just about anything. And we should probably create such a worker plug-in as well. BUT, you would generally not want to use that for signing PDF/ODF/OOXML/XML documents. Why? Simply because if we take PDF as an example the signature specification for PDF is specific for PDF and you have to create the *specific* PDF signature in order for PDF readers (currently only adobe has signature capability) to verify the PDF signature and display the verification result to the user. If you would use a "generic blob" signer to sign a PDF file, the PDF file would not even be possible to open as a PDF in any PDF readers.
The same goes for ODF/OOXML/XML etc. Most document types have specific technical specification how a digital signature should be applied to *this* specific document type.
Cheers,
Tomas
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
I've just a simple conceptual question. I see that SignServer differences between file types when it comes to sign a file, e.g., ODF, PDF, XML, etc. My doubt is (and I suppose it has a simple question, but I can't find it), why is it necessary to distinguish between file formats? Or, from other perspective, why it is not valid to treat a file just like a bunch of binary data, sign it, and forget about anything else?
Thank you.
In general you can have a "binary blob" signer that sign just about anything. And we should probably create such a worker plug-in as well. BUT, you would generally not want to use that for signing PDF/ODF/OOXML/XML documents. Why? Simply because if we take PDF as an example the signature specification for PDF is specific for PDF and you have to create the *specific* PDF signature in order for PDF readers (currently only adobe has signature capability) to verify the PDF signature and display the verification result to the user. If you would use a "generic blob" signer to sign a PDF file, the PDF file would not even be possible to open as a PDF in any PDF readers.
The same goes for ODF/OOXML/XML etc. Most document types have specific technical specification how a digital signature should be applied to *this* specific document type.
Cheers,
Tomas
Ok, that makes perfect sense. Thank you very much.