[jira] [Commented] (PDFBOX-4020) Into signature embedded Signed Timestamp for validation

2017-11-21 Thread Tilman Hausherr (JIRA) 

[ 
https://issues.apache.org/jira/browse/PDFBOX-4020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16261274#comment-16261274
 ] 

Tilman Hausherr commented on PDFBOX-4020:
-

That is indeed a good argument!

> Into signature embedded Signed Timestamp for validation
> ---
>
> Key: PDFBOX-4020
> URL: https://issues.apache.org/jira/browse/PDFBOX-4020
> Project: PDFBox
>  Issue Type: Improvement
>  Components: Signing
>Affects Versions: 2.0.8
>Reporter: Alexis Suter
> Attachments: SignatureValidation_Embedded_Timestamping.java.patch
>
>
> I would like to contribute a new example for embedded Timestamping.
> The Timestamp is beeing embedded into the existing Signature (which has so be 
> prepared big enough for it). So that the document does not get changed. 
> This Step is a preparation for the LTV and includes some reorganisation for 
> Validation-Purposes.
> I am still working on embedding the OCSP-Data, wich will take a bit longer. 
> For that I have excluded and commented out the Code for it, to avoid 
> confusion.
> Possible Usage:
> {code:java}
> exec:java -X 
> -Dexec.mainClass="org.apache.pdfbox.examples.signature.validation.CreateEmbeddedValidation"
>  -Dexec.args="${infile} -tsa ${tsa}"
> {code}
> CreateSignature has been changed to add SignatureOptions, where we can choose 
> the size of the signature.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org

[jira] [Commented] (PDFBOX-4020) Into signature embedded Signed Timestamp for validation

2017-11-21 Thread Ralf Hauser (JIRA) 

[ 
https://issues.apache.org/jira/browse/PDFBOX-4020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16261267#comment-16261267
 ] 

Ralf Hauser commented on PDFBOX-4020:
-

The use case is that you want to sign offline to avoid zero-day attacks against 
your signing machine.
Once the signature is there und the pdf is transferred to a network connect 
machine, one is likely to want to add a timestamp.

> Into signature embedded Signed Timestamp for validation
> ---
>
> Key: PDFBOX-4020
> URL: https://issues.apache.org/jira/browse/PDFBOX-4020
> Project: PDFBox
>  Issue Type: Improvement
>  Components: Signing
>Affects Versions: 2.0.8
>Reporter: Alexis Suter
> Attachments: SignatureValidation_Embedded_Timestamping.java.patch
>
>
> I would like to contribute a new example for embedded Timestamping.
> The Timestamp is beeing embedded into the existing Signature (which has so be 
> prepared big enough for it). So that the document does not get changed. 
> This Step is a preparation for the LTV and includes some reorganisation for 
> Validation-Purposes.
> I am still working on embedding the OCSP-Data, wich will take a bit longer. 
> For that I have excluded and commented out the Code for it, to avoid 
> confusion.
> Possible Usage:
> {code:java}
> exec:java -X 
> -Dexec.mainClass="org.apache.pdfbox.examples.signature.validation.CreateEmbeddedValidation"
>  -Dexec.args="${infile} -tsa ${tsa}"
> {code}
> CreateSignature has been changed to add SignatureOptions, where we can choose 
> the size of the signature.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org

[jira] [Commented] (PDFBOX-4020) Into signature embedded Signed Timestamp for validation

2017-11-21 Thread Tilman Hausherr (JIRA) 

[ 
https://issues.apache.org/jira/browse/PDFBOX-4020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16261243#comment-16261243
 ] 

Tilman Hausherr commented on PDFBOX-4020:
-

What is the use case of this, i.e. what would prevent a user from adding the 
timestamp at signing time? 

I saw your ICLA confirmation, it was for the mail address one can see here.

> Into signature embedded Signed Timestamp for validation
> ---
>
> Key: PDFBOX-4020
> URL: https://issues.apache.org/jira/browse/PDFBOX-4020
> Project: PDFBox
>  Issue Type: Improvement
>  Components: Signing
>Affects Versions: 2.0.8
>Reporter: Alexis Suter
> Attachments: SignatureValidation_Embedded_Timestamping.java.patch
>
>
> I would like to contribute a new example for embedded Timestamping.
> The Timestamp is beeing embedded into the existing Signature (which has so be 
> prepared big enough for it). So that the document does not get changed. 
> This Step is a preparation for the LTV and includes some reorganisation for 
> Validation-Purposes.
> I am still working on embedding the OCSP-Data, wich will take a bit longer. 
> For that I have excluded and commented out the Code for it, to avoid 
> confusion.
> Possible Usage:
> {code:java}
> exec:java -X 
> -Dexec.mainClass="org.apache.pdfbox.examples.signature.validation.CreateEmbeddedValidation"
>  -Dexec.args="${infile} -tsa ${tsa}"
> {code}
> CreateSignature has been changed to add SignatureOptions, where we can choose 
> the size of the signature.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org

[jira] [Commented] (PDFBOX-4020) Into signature embedded Signed Timestamp for validation

2017-11-21 Thread Ralf Hauser (JIRA) 

[ 
https://issues.apache.org/jira/browse/PDFBOX-4020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16260633#comment-16260633
 ] 

Ralf Hauser commented on PDFBOX-4020:
-

see also PDFBOX-1848

> Into signature embedded Signed Timestamp for validation
> ---
>
> Key: PDFBOX-4020
> URL: https://issues.apache.org/jira/browse/PDFBOX-4020
> Project: PDFBox
>  Issue Type: Improvement
>  Components: Signing
>Affects Versions: 2.0.8
>Reporter: Alexis Suter
> Attachments: SignatureValidation_Embedded_Timestamping.java.patch
>
>
> I would like to contribute a new example for embedded Timestamping.
> The Timestamp is beeing embedded into the existing Signature (which has so be 
> prepared big enough for it). So that the document does not get changed. 
> This Step is a preparation for the LTV and includes some reorganisation for 
> Validation-Purposes.
> I am still working on embedding the OCSP-Data, wich will take a bit longer. 
> For that I have excluded and commented out the Code for it, to avoid 
> confusion.
> Possible Usage:
> {code:java}
> exec:java -X 
> -Dexec.mainClass="org.apache.pdfbox.examples.signature.validation.CreateEmbeddedValidation"
>  -Dexec.args="${infile} -tsa ${tsa}"
> {code}
> CreateSignature has been changed to add SignatureOptions, where we can choose 
> the size of the signature.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org