Martin Paljak wrote: > Most of the PDF attacks AFAIK make use of stuff in PDF that should > not be there. Like JavaScript or .exe-s :) > > I'm not 100% sure but the PDF format that is used for long-term > archival, PDF/A [1], should not have at least some of the problems.
PDF supports a subset of PostScript. --8<-- http://en.wikipedia.org/wiki/PDF The PDF combines three technologies: * A subset of the PostScript page description programming language, for generating the layout and graphics. * A font-embedding/replacement system to allow fonts to travel with the documents. * A structured storage system to bundle these elements and any associated content into a single file, with data compression where appropriate. -->8-- A program that renders PDF files will interpret and execute the PostScript program, in order to show a rasterized image on screen or paper. Two interpreters may not produce identical rasterized output. Unless the signature is made on some canonical representation of the output from the PostScript program, rather than the source, it's not really possible to know if the signature was for the particular rasterized image that will be rendered by a distinct interpretation of the PS program. Host filesystem I/O is supported in PostScript, but at least not mentioned to be removed in PDF/A on Wikipedia. PDF/A requires all fonts to be embedded in the file, which at least for TrueType means that there is yet another layer where the recipient is to some degree executing code (kerning instructions) from the sender. Dunno.. Are signed PDFs what govts are using? Seems risky. //Peter _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel