FYI below and i would like to make a couple of proposals
currently, this seems to work when exporting from writer:
* non PDF A/1a
* CA cert signed signature
* timestamped with non http AUTH based timestamp server
this produces a PDF:
sha1 hashed
document restrictions summary, not allowed:
changing the document
document assembly
suggest these needs to be looked into in terms of:
when signing/timestamping within Acrobat, and locking the document,
causes the following restrictions _in addition_ to above:
commenting
filling of form fields
signing of form fields
creation of template pages
once a PDF is signed, there should be an option to enable/disable future
signing
once it's timestamped, no further changes should be allowed, it should
be 'locked' similarly to how Acrobat changes restrictions
no idea what is/is not possible in terms of doing this outside of
Acrobat but an sha256 hashed doc should be considered do-able (default
in Acrobat with recent updates)
-------- Forwarded Message --------
Subject: RE: [tdf-discuss] LO 5 PDF export sign/timestamp
Date: Tue, 1 Dec 2015 12:18:01 -0600
From: DigiStamp Support <[email protected]>
Organisation: DigiStamp Inc.
To: 'Fulano Diego Perez' <[email protected]>
CC: 'Richard' <[email protected]>
We appreciate your forwarding the information below.
Note, you have the option of making a TSA request to DigiStamp and
skipping HTTP authentication and instead do authentication based on the
client's IP Address. This would allow you to test a DigiStamp timestamp
without AUTH.
To use IP address authentication:
Configure your account here:
https://www.digistamp.com/account/view/authentication
Then send your request to address: https://www.digistamp.com/ipauth/tsa
Or, using the DigiStamp test environment:
https://supporttest.digistamp.com/account/view/authentication
and: http://supporttest.digistamp.com/ipauth/tsa
-----Original Message-----
From: Fulano Diego Perez [mailto:[email protected]]
Sent: Monday, November 30, 2015 23:51
To: [email protected]
Cc: Richard <[email protected]>
Subject: Re: [tdf-discuss] LO 5 PDF export sign/timestamp
short update
i can confirm that this fails when exporting to PDF A/1a format
i tried FDF and PDF submit format
however, the following worked:
*the free TSA https://tsa.safecreative.org
*sign per usual CA cert
i then tried again to sign a non PDF A/1a with a timestamp server which
requires AUTH
that failed again, did not prompt for credentials, PDF generation failed
Fulano Diego Perez:
> Hi,
>
> try these 2
>
> https://www.comodo.com/home/email-security/free-email-certificate.php
>
> https://www.startssl.com/?app=1
>
> i use paid timestamp service
>
> digistamp.com
>
> would be good to hear your experiences
>
>
>
> Richard:
>> Morning Diego,
>> I'm running 5.1.0.0.alpha1 but have 5.0.3.2-2 on another.
>> Point me to a link to create a certificate to sign with.
>> I've never tried to apply a timestamp to pdf.
>> Saludos.
>>
>> On Fri, Nov 27, 2015 at 1:45 AM, Fulano Diego Perez <
>> [email protected]> wrote:
>>
>>>
>>> Can anybody confirm the following work using:
>>>
>>> Writer Version: 1:5.0.3~rc2-1+b2
>>> debian stretch amd64
>>>
>>> *timestamp an ODF document exported to pdf where a http(s) timestamp
>>> server requires authentication?
>>>
>>> *ibid + sign the pdf with a commercial CA cert?
>>>
>>> *only sign a pdf with a commercial CA cert that does not produce a
>>> pdf altered after signing?
>>>
>>> please confirm how you did it........
>>>
>>>
>>>
>>>>
>>>>
>>>>
>>>> hello
>>>>
>>>> anybody had luck time stamping a PDF exported from libreoffice 5?
>>>>
>>>> i tried on debian/stretch 5.0.2-1 with no useful error output
>>>>
>>>> the export process doesn't prompt for TSA credentials
>>>>
>>>> then, signing just with a CA valid cert works, but opening the PDF
>>>> in a windows acrobat or reader shows a modification warning after
>>>> signing
>>>>
>>>> does not seem thorough yet in the new libreoffice
>>>>
>>>
>>> --
>>> To unsubscribe e-mail to: [email protected]
>>> Problems?
>>> http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe
>>> / Posting guidelines + more:
>>> http://wiki.documentfoundation.org/Netiquette
>>> List archive:
>>> http://listarchives.documentfoundation.org/www/discuss/
>>> All messages sent to this list will be publicly archived and cannot
>>> be deleted
>>>
>>
>
--
To unsubscribe e-mail to: [email protected]
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted
