Am 02.11.18 um 15:20 schrieb Dirk Gottschalk:
Hello Stefan.Am Freitag, den 02.11.2018, 12:53 +0100 schrieb Stefan Claas:Hi Wiktor, thanks a lot! Now this is awesome... i just timestamped my already signed .pdf with Adobe Reader DC and this does not invalidate my qualified signature, when saving the document again! :-) I must admit i did not know this.You mean, you "tampered" with the file and the signature is still valid? Are you sure? Then Adome does sometging really bad, IMHO. Such a signature should ensure that the file is unmodified completely. otherwise somebody can modify it in a way that could be used as a backdoor to the signature, at least in theory.
Hi Dirk, i did not tampered with the file, i simply used the function in Adobe Reader DC to let it *add* a time stamp to my document and then saved it again. I strongly assume that it is also possible that someone else can sign my .pdf too with a qualified signature and this will also not invalidate my qualified signature, unless of course someone would *edit* my document. This would then mean in reality, that for example a "boss", team-leader or whoever prepares a contract signs it and then lets other parties sign this document too and all involved parties have then a multiple signed and valid document. You can check two added (one from freetsa and another commercial one which is in the EU list) timestamps i added to my greetings.pdf on keybase. Regards Stefan
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
