Kyle Hamilton wrote:
Eddy's gone ahead and sent a signed PDF, according to a later message
in-thread. I expect that it'll work without a hitch, though I would
like to hear of any anomalous behavior. :)
It did indeed work without problems. I was able to read the document
successfully with a variety of PDF viewers (Adobe Reader 9 on OS X,
Preview on OS X, and Evince on Ubuntu and Red Hat). However the
signature could actually be verified only using Acrobat Reader; the
other viewers apparently don't have digsig capabilities. (Is this
present in any PDF viewers other than Adobe's?)
Also, for reference, in order to verify the signature I had to do the
following:
1. Get the root CA cert for Startcom, because Eddy (of course) was using
a Startcom-issued certificate to do the signing. (As mentioned
previously, the only root pre-loaded into Adobe Reader is Adobe's.)
2. Import the root cert into Adobe Reader. On the Mac this is done using
the "Manage Trusted Identities..." menu item on the "Document" menu.
Then you have to click the "Add Contacts" button (which I found somewhat
confusing) and then the "Browse..." button to find the cert.
3. Mark the root as a trusted root. This is done from the "Manage
Trusted Indenties..." dialog by selecting "Certificates" from the
"Display" popup menu, selecting the cert, and then clicking "Edit
Trust..." and then check the "Use this certificate as a trusted root"
checkbox.
4. You also have to check the "Certified documents" checkbox. (In the
"If signature validation succeeds, trust this certificate for..."
section.) I found this a bit confusing as well; I don't know what the
distinction between "signed documents" and "certified documents" means
in the context of Adobe Acrobat and Adobe Reader, and I've asked Eddy to
provide more information on this.
At this point you should be able to open the documents on Eddy's site at
https://www.startssl.com/?app=26
with Adobe Reader and open the "signature panel" to verify the signature.
You can apparently create signed PDF documents using Adobe Acrobat 9
Standard; Eddy says there are free signing utilities than be used also,
but I don't have references for those right now.
Why does everything have to have an explicit 'threat model' before
cryptography can be applied?
Well, it doesn't necessarily. My concern in this case had more to do
with justifying any extra work that might be involved on our end in
terms of getting the documents signed; I was also concerned that signng
might mess up reading the documents on non-Adobe software (a concern
that turned out to be misplaced).
Frank
--
Frank Hecker
hec...@mozillafoundation.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto