On 6/17/2024 7:51 PM, Pablo Rodriguez via ntg-context wrote:
Dear list,
the latest version of LMTX can digitally sign PDF documents. It requires OpenSSL installed (since it does the crypto part).
I have two issues that I would like to be tested by others.
A sample certificate may be found at https://mailman.ntg.nl/archives/list/ntg-context@ntg.nl/message/ECSXLVMT3TMQ... (I sent it myself).
Here is a sample document (actually provided by Hans):
\setupinteraction[state=start] \definefield[signature][signed] \defineoverlay[signature][my signature] \starttext \startTEXpage[offset=1ts,frame=on,framecolor=darkblue] sign: \inframed[background=signature,framecolor=darkred] {\fieldbody[signature][width=3cm,option=hidden]} \stopTEXpage \stoptext
After compiling the sample, you need to run:
mtxrun --script pdf --sign --certificate=c.pfx --password=ABCabc doc.pdf
Password will be prompted again ("ABCabc"), since it is an encrypted certificate (also for the public part).
Could anyone confirm the following issues?
1. The signature I get is wrong, unless I apply this patch (https://mailman.ntg.nl/archives/list/dev-context@ntg.nl/message/T3OCKVZWTUTI... [sent by myself to the devel list]).
2. I cannot get any signature display in Acrobat. Does any PDF viewer (I have tested this with pdfsig from poppler and MuPDF-GL) display the digital signature at all?
i use a pem this whole digitial signing is a bit of a scam imo ... - one has to buy a specific kind of certificate - often one is supposed to use some token - when the root cert expires one has to resign - reader has root certs built in and checking is supposed to be online - it doesn't come cheap and supporting / testing is not something one can expect for free (so i can't really test it) ... so just some business model and not really something one can do out of the box ... apart from ... - just sign with some certificate and don't expect viewers to do something - offer a service to upload the document for checking when a user is in doubt - that can be done without root cert and basically works as long as the service works concerning the suggested patches: this <....whatever....> boundary is a bit fuzzy and i found that different viewers / checkers expect either or not +/- 1 but i didn't check recently if things have improved if we know the specs and have way to test ... no big deal to fix a few offsets Hans ----------------------------------------------------------------- Hans Hagen | PRAGMA ADE Ridderstraat 27 | 8061 GH Hasselt | The Netherlands tel: 038 477 53 69 | www.pragma-ade.nl | www.pragma-pod.nl -----------------------------------------------------------------