From: Hans Hagen via ntg-context <ntg-context@ntg.nl>
To: ntg-context@ntg.nl
Cc: Hans Hagen <j.hagen@freedom.nl>
Subject: [NTG-context] Re: digital signing in ConTeXt
Date: Tue, 18 Jun 2024 00:52:38 +0200 [thread overview]
Message-ID: <78627a8c-9f9a-48d4-8244-fe78d9b9049c@freedom.nl> (raw)
In-Reply-To: <56e22216-05a2-4f33-849f-c3aff7ab9946@gmx.es>
On 6/17/2024 7:51 PM, Pablo Rodriguez via ntg-context wrote:
> Dear list,
>
> the latest version of LMTX can digitally sign PDF documents. It requires
> OpenSSL installed (since it does the crypto part).
>
> I have two issues that I would like to be tested by others.
>
> A sample certificate may be found at
> https://mailman.ntg.nl/archives/list/ntg-context@ntg.nl/message/ECSXLVMT3TMQBIHA2UZJPWJN7OVV5334/attachment/2/mycert.pfx
> (I sent it myself).
>
> Here is a sample document (actually provided by Hans):
>
> \setupinteraction[state=start]
> \definefield[signature][signed]
> \defineoverlay[signature][my signature]
> \starttext
> \startTEXpage[offset=1ts,frame=on,framecolor=darkblue]
> sign: \inframed[background=signature,framecolor=darkred]
> {\fieldbody[signature][width=3cm,option=hidden]}
> \stopTEXpage
> \stoptext
>
> After compiling the sample, you need to run:
>
> mtxrun --script pdf --sign --certificate=c.pfx --password=ABCabc doc.pdf
i use a pem
> Password will be prompted again ("ABCabc"), since it is an encrypted
> certificate (also for the public part).
>
> Could anyone confirm the following issues?
>
> 1. The signature I get is wrong, unless I apply this patch
> (https://mailman.ntg.nl/archives/list/dev-context@ntg.nl/message/T3OCKVZWTUTIXCSOKIFRVJ4X76MROZHE/attachment/3/byterange.diff
> [sent by myself to the devel list]).
>
> 2. I cannot get any signature display in Acrobat. Does any PDF viewer (I
> have tested this with pdfsig from poppler and MuPDF-GL) display the
> digital signature at all?
this whole digitial signing is a bit of a scam imo ...
- one has to buy a specific kind of certificate
- often one is supposed to use some token
- when the root cert expires one has to resign
- reader has root certs built in and checking is supposed to be online
- it doesn't come cheap and supporting / testing is not something one
can expect for free (so i can't really test it)
... so just some business model and not really something one can do out
of the box
... apart from ...
- just sign with some certificate and don't expect viewers to do something
- offer a service to upload the document for checking when a user is in
doubt
- that can be done without root cert and basically works as long as the
service works
concerning the suggested patches: this <....whatever....> boundary is a
bit fuzzy and i found that different viewers / checkers expect either or
not +/- 1 but i didn't check recently if things have improved
if we know the specs and have way to test ... no big deal to fix a few
offsets
Hans
-----------------------------------------------------------------
Hans Hagen | PRAGMA ADE
Ridderstraat 27 | 8061 GH Hasselt | The Netherlands
tel: 038 477 53 69 | www.pragma-ade.nl | www.pragma-pod.nl
-----------------------------------------------------------------
___________________________________________________________________________________
If your question is of interest to others as well, please add an entry to the Wiki!
maillist : ntg-context@ntg.nl / https://mailman.ntg.nl/mailman3/lists/ntg-context.ntg.nl
webpage : https://www.pragma-ade.nl / https://context.aanhet.net (mirror)
archive : https://github.com/contextgarden/context
wiki : https://wiki.contextgarden.net
___________________________________________________________________________________
next prev parent reply other threads:[~2024-06-17 22:53 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-17 17:51 [NTG-context] " Pablo Rodriguez via ntg-context
2024-06-17 18:21 ` [NTG-context] " Henning Hraban Ramm
2024-06-17 18:36 ` Pablo Rodriguez via ntg-context
2024-06-17 22:52 ` Hans Hagen via ntg-context [this message]
2024-06-18 6:44 ` Pablo Rodriguez via ntg-context
2024-06-18 8:27 ` Hans Hagen via ntg-context
2024-06-18 16:26 ` Pablo Rodriguez via ntg-context
2024-06-18 16:42 ` Hans Hagen via ntg-context
2024-06-18 17:28 ` Pablo Rodriguez via ntg-context
2024-06-18 17:42 ` Pablo Rodriguez via ntg-context
2024-06-19 7:28 ` Hans Hagen via ntg-context
2024-06-19 16:59 ` Pablo Rodriguez via ntg-context
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=78627a8c-9f9a-48d4-8244-fe78d9b9049c@freedom.nl \
--to=ntg-context@ntg.nl \
--cc=j.hagen@freedom.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).