[
https://issues.apache.org/jira/browse/PDFBOX-1847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13934946#comment-13934946
]
vakhtang koroghlishvili commented on PDFBOX-1847:
-------------------------------------------------
1. We can do it with java's build-in "SHA-256" message digest too. :) you can
change with it too. There is no difference :)
2. It is just a number, not special. Then it will be better if we add document
hash for nonce too.
3. you are right.
4. I was testing TSA for emails. we should remove this - If we have nothing in
common with emails, we shouldn't use this header.
5. I don't remember... I will test it... In additional, in.readObject() might
throw java.io.EOFException or java.io.IOException. So method needs some
refactoring :)
6. Sure. Then I will add document hash to the nonce too :) For more security :)
> TSA Time Signature
> ------------------
>
> Key: PDFBOX-1847
> URL: https://issues.apache.org/jira/browse/PDFBOX-1847
> Project: PDFBox
> Issue Type: Improvement
> Components: Signing
> Affects Versions: 2.0.0
> Reporter: vakhtang koroghlishvili
> Assignee: John Hewson
> Fix For: 2.0.0
>
> Attachments: CreateSignature-updated.java.patch,
> TSATimeSignature.patch, resultOfSigning.jpg
>
>
> When we was signing document, we was using time from our time. For more
> security we can use Time Stamp server.
> "Trusted timestamping is the process of securely keeping track of the
> creation and modification time of a document. Security here means that no one
> — not even the owner of the document — should be able to change it once it
> has been recorded provided that the timestamper's integrity is never
> compromised."(wiki)
--
This message was sent by Atlassian JIRA
(v6.2#6252)
