EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PDF Signing and CA signed certificates

Posted: 07/26/2006 07:53:11
by Waldo Nell (Basic support level)
Joined: 07/26/2006
Posts: 2

I want to sign a PDF document with a certificate that comes from Verisign or Thawte. I know how to create a self signed certificate and sign a PDF with it - however I have no idea how to create a CSR and how to send it to a CA so that non-repudiation can be proven for all signed documents.

I know how to get certificates from Verisign and Thawte that works on web servers, but not ones that will work and be trusted on PDF documents. Please explain to me how I should go about getting a signed certificate and what kind.
Posted: 07/26/2006 09:47:42
by Ken Ivanov (Team)

Please use the TElCertificateRequest class to create the CSR. The CSR demo is included to the distribution, please use it as a guide.

Certificate purpose is usually specified by KeyUsage extension. So, you should add the corresponding extension to your CSR specifying 'digital signature' and 'non-repudiation' flags.
Posted: 07/26/2006 12:09:11
by Matthias Hanft (Basic support level)
Joined: 04/28/2006
Posts: 15

The CSR demo works fine indeed.

After creating a CSR, you can test it on https://www.thawte.com/core/process?process=public-display-request-details - just copy & paste the ASCII version of your CSR into the web form and click on "submit".
Posted: 07/27/2006 01:33:05
by Waldo Nell (Basic support level)
Joined: 07/26/2006
Posts: 2

Thanks. But my question was that in order for the certificate to be signed by a CA that is trusted by Adobe Root CA (thus it needs to be trusted when a PDF document is opened without importing the signer's certificate), to which CA do I need to go to? And what kind of certificate do I need? Email signing? Web Server?
Posted: 07/27/2006 04:51:57
by Matthias Hanft (Basic support level)
Joined: 04/28/2006
Posts: 15

Good question. I looked at the (German) Adobe website and found just "Adobe partners" where you apparently have to investigate further...

Is it really necessary for you to use the "Adobe-integrated" signature? I'm asking because signing PDF invoices is a major tax concern here in Germany, but I (and even the Deutsche Telekom, too) just generate an extra .pkcs7 signature file (for example, by use of the - free! - "SecSigner" software from http://www.seccommerce.de ) along with the original (and unaltered) PDF file. The (for tax reasons so-called "qualified") certificate is stored on a chip card (which costs about 40 EUR per year at http://www.signtrust.de ).

But if the signature has to be "embedded" within the PDF file, I'm afraid you'll have to stick to Adobe or an "Adobe partner" mentioned on the website (and pay lots of money for "Adobe-root-certified" certificates...).
Posted: 07/28/2006 08:32:28
by Alcane Alcane (Basic support level)
Joined: 07/28/2006
Posts: 1


I participate to this post because i have the same question of Waldo.

I take a demo secure mail certificate from Verisign and i use it to sign the PDF with PDF Signer. I declare also that my verisign certificate is installed in windows certificate store.

- Acrobat reader dont recognize the signature like VALID. After to read the FAQ, i discover that in signer code, we need to tell to use the Adobe.PPKMS storage (add simply PublicKeyHandler.CustomName := 'Adobe.PPKMS';)

Now, it's work correctly.

MY question is :
What does exactly the function Validate() of a TElPDFSignature ?

Posted: 07/28/2006 11:22:01
by Ken Ivanov (Team)

What does exactly the function Validate() of a TElPDFSignature ?

The TElPDFSignature.Validate() function detects if the document was altered since it has been signed. The details of validation procedure depend on security handler and signature method being used.



Topic viewed 6736 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!