Re: [iText-questions] Metadata in signature dictionary

[Petras]

Thank you Leonard, thank you Michael for your responses, you confirmed my
doubts.

In Lithuania we have specification "PDF-LT", here are links to English
version of the document and its appendixes with technical details:
http://www.archyvai.lt/download/10484/pdf_lt_specification.doc
  
http://www.archyvai.lt/download/10483/pdf_lt_apend.doc
  

The appendixes document describes the technical details of the
specification. Specification does not seek to override any part of ISO
32000-1 or ISO 19005-2. It defines new XMP metadata, adds few dictionary
entries  with specific developer prefix "LTUd" registered by Adobe, defines
restrictions for document content and requirements for signatures.

Section II in appendixes document defines optional metadata in XMP format
that may be added to signature dictionary Metadata entry, which placement in
signature dictionary raised my doubts about validity of such approach. There
shouldn't be any other points in specification that would be conflicting
with the standards. Specification defined document format being fully
conformant to PDF/A-2 and signed with PAdES Baseline format signatures. 

Entering of EU eIDAS Regulation into force and approval of the new PAdES
Baseline signatures formats will require to make amendments into PDF-LT
specification to be aligned with new EU requirements. Thus it will also be a
good opportunity to resolve this issue with metadata in signature
dictionary. I hope it won't be a big issue for current implementations, as
specification was not widely endorsed since it has not been fully entered
into force. Besides, those metadata were optional and included only in
specific scenarios (when public institution registers a document).

To shift the metadata to signature field dictionary probably would be the
best solution. I also considered this option. Once again, thank you for your
responses.




--
View this message in context: 
http://itext.2136553.n4.nabble.com/Metadata-in-signature-dictionary-tp4661089p4661092.html
Sent from the iText mailing list archive at Nabble.com.

--
___
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference 
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: 
http://itextpdf.com/themes/keywords.php

Re: [iText-questions] Metadata in signature dictionary

[mkl]

Petras,

Petras wrote
> Our national PDF-based electronic document specification defines metadata
> which may be included into signature dictionary.

Can you share (a link to) that specification, so we are sure what we are
talking about? Given that there is an English version of that document, that
is...

The national specification probably overrides certain parts of ISO 32000-1.
This would not be a wise thing to do (interoperability-wise) but would not
be unheard of either...

In the following text I answer in a way favoring ISO 32000-1 conformance. 


> ISO 32000-1 section "14.3.2 Metadata Streams" states, that "Metadata, both
> for an entire document and for components within a document, may be stored
> in PDF streams called metadata streams". Therefore as a component,
> signature dictionary may contain metadata entry.
> Section "7.3.8 Stream Objects" states, that "All streams shall be indirect
> objects", but this requirement clashes with the requirement for signature
> dictionary entries in "12.8 Digital Signatures", which states: "When a
> byte range digest is present, all values in the signature dictionary shall
> be direct objects."

So you have essentially found all the relevant information yourself: The
signature dictionary itself is not allowed to reference indirect objects. In
particular, therefore, it is not allowed to reference metadata streams.
Thus,


> Does that mean that metadata stream may not be included in signature
> dictionary?

Indeed, no metadata stream can immediately be attached to a signature
dictionary with a byte range digest (i.e. any interoperable signature
dictionary) in a completely ISO 32000-1 conform way.

But the specification in section 14.3.2 also says "When there is ambiguity
about exactly which stream or dictionary may bear the Metadata entry, the
metadata shall be attached as close as possible to the object that actually
stores the data resource described." As close as possible in the case at
hand may be the signature field dictionary the signature dictionary is the
value of.

Regards,

Michael

PS: You had better ask on stackoverflow tagging your question with pdf and
digital-signature tags; this mailing list is pretty inactive...



--
View this message in context: 
http://itext.2136553.n4.nabble.com/Metadata-in-signature-dictionary-tp4661089p4661091.html
Sent from the iText mailing list archive at Nabble.com.

--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. http://sdm.link/zohodev2dev
___
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference 
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: 
http://itextpdf.com/themes/keywords.php

Re: [iText-questions] Metadata in signature dictionary

[Leonard Rosenthol]

That is correct – you cannot place a metadata stream in a Signature Dictionary.

Can you point us to this “national PDF-based electronic signature spec”?  Seems 
like it may not be valid…

From: Petras Petkus <petras.pet...@mitsoft.lt>
Organization: UAB "Mit-Soft"
Reply-To: Post here <itext-questions@lists.sourceforge.net>
Date: Friday, August 12, 2016 at 7:41 AM
To: Post here <itext-questions@lists.sourceforge.net>
Subject: [iText-questions] Metadata in signature dictionary

I have a question to PDF experts regarding placing metadata in signature 
dictionary.

Our national PDF-based electronic document specification defines metadata which 
may be included into signature dictionary. ISO 32000-1 section “14.3.2 Metadata 
Streams” states, that “Metadata, both for an entire document and for components 
within a document, may be stored in PDF streams called metadata streams”. 
Therefore as a component, signature dictionary may contain metadata entry. 
Section “7.3.8 Stream Objects” states, that “All streams shall be indirect 
objects”, but this requirement clashes with the requirement for signature 
dictionary entries in “12.8 Digital Signatures”, which states: "When a byte 
range digest is present, all values in the signature dictionary shall be direct 
objects."

I looked at the earlier (2014) draft of ISO 32000-2 and those requirements were 
not changed, probably this contradiction will remain unchanged in the final 
version.

Does that mean that metadata stream may not be included in signature dictionary?

Thank you in advance for any input.
--
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. http://sdm.link/zohodev2dev___
iText-questions mailing list
iText-questions@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference 
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: 
http://itextpdf.com/themes/keywords.php