Signing pdf with certificate
I am using pdfwriter on Windows to sign my pdf's with a certificate. Does an equivalent exist for archlinux? My google-fu didn't turn up anything... Thanks!
It sounds like your problems stem from needing to adhere to whatever protocol pdfwriter uses. I'm not familiar with that piece of software myself.
Basically, you have three options in front of you: pdfwriter uses some open specification which *nix has already implemented under some other name; pdfwriter uses a closed specification which has been partially re-implemented in *nix so you can do basic stuff; pdfwriter uses a totally closed spec which no one else cares about.
If it's one of the first two, you'll be able to find a work around. If it's the last one, you should kick your employer right in the nuts.
Similar Messages
-
I used Adobe Reader XI to sign PDFs with certificate, which worked perfectly. Except that the PDF could still be edited by other programs (for example, Nitro PDF) after the signing (but not the fill out fields and the signature). To apply password protection makes sense to avoid changes in the PDF being made after it has been signed. So I applied password protection via Nitro PDF that allows only enter fill-out fields and signing. But when I open it with Adobe Reader, the filling out works fine, but the signing part is not available to click on it (all of the buttons under "Sign" tab are grey). When I go on the Security properties with Adobe Reader, I can explicitly see that signing of this PDF is allowed and yet the option is not open to use for me anymore.
Any ideas on why it is the case and what I could do about that?
Many thanks!
O.Actually yes, I just asked my colleague to assist me with this, he password-protected the PDF with Acrobat 8, explicitly allowing for signing and fill-out functions, it also appears in Adobe Reader under security properties as "allowed", but it is not open to use in the Reader for me anymore (grey buttons).
-
Free S/MIME certificate to digitally sign .pdf with Acrobat Reader
Good morning,
does anyone have idea where to obtain free S/MIME certificate for personal use and TRUSTED by Adobe Reader to digitally sign documents with own digital signature ? (Comodo S/MIME certificates released by GlobalTrust https://www.globaltrust.it/modulo_reg_smime.asp are free but aren't trusted automatically by Adobe)Thanks Ben,
Unfortunately, that video is for acrobat X or above and I cant find the "save as reader extended" option in Acrobat Pro 9.
Can this be done from this version?
Thanks again
Matt -
How to sign PDF with a smart card or USB token in C# through IAC ?
Hi,
My goal is to apply a certification signature (MDP) to a PDF document with a smart card (Belgium identity card) from a C# application.
I start Acrobat through IAC.
The JavaScript object apparently can only sign with PKCS12 file (.pfx)...
To sign a PDF with a smart card I need to develop a plug-in if I am right?
The samples in the SDK are to get a certificate from the windows certificate store or to write a Third party handler.
I already get the certificate context (an HCRYPPROV object from windows certificate store)
How can I create a signature field but mostly sign it? With DigSig I guess, but I’m lost in the API… does
I have to use DigSigSignDoc ?
Syntax : void DigSigSignDoc(PDDoc pdDoc, CosObj sigField, ASAtom filterKey)
The filterKey value for the windows certificate store is “Adobe.PPKMS” but how can I choose my certificate?
I also have to build a signature reference dictionary i guess?
What does i have to do and in which order? I can't find any documentation on this.
There is a more simple way?
Thank you,
Goffin
FabianHi,
-download the JDK sample "sdkAddSignature.js"
-change the sign methode like this :
Sign = app.trustedFunction (
function( sigField, DigSigHandlerName )
try {
app.beginPriv();
//the diSigHandler is "Adobe.PPKLite"
var myEngine = security.getHandler(DigSigHandlerName);
var ids = myEngine.digitalIDs;
//choose an id which is installed in the microsoft store
var oCert = ids.certs[3];
// for (var i=0; i<ids.certs.length; i++)
// console.println("certificat n°"+ i + " " +ids.certs[i]);
var oParams = {cPassword:"0000" , oEndUserSignCert:oCert }
if(myEngine.login({cPassword:"0000",oParams:oParams,bUI:false}))
console.println("OK");
else
console.println("Error");
console.println("sigfield :" + sigField);
sigField.signatureSign({oSig: myEngine,oInfo: { password: "0000",reason: ACROSDK.sigReason,location: ACROSDK.sigLocation,contactInfo: ACROSDK.sigContactInfo}});
app.endPriv
} catch (e) {
console.println("An error occurred: " + e);
-perform some test using the javascript debugger
-and finally use IAC to execute the script -
Form edit a signed pdf with Acrobat X
I would like to know how to convert an already signed pdf into a form and add more fields to it, please.
I know Acrobat 9 can do this, but X cannot.I'm afraid so. My best bet is to pdf-print it and insert fields again. The problem with this is that whatever other field/bookmark gets lost.
I find this puzzling because Acrobat 9 allows playing more with the fields, and if doubt arrises, then you can always highlight the fields. Anyhow, thanks for the reply and I hope the guys at Adobe get something effective for every instance.
cheers,
Alex -
Hello, does anybody know, how to create simple PDF and sign it with X509Certificate from .NET managed application? It seems to me, that it is not possible with Acrobat Interapplication Communication API. Do I really need LiveCycle for this operation?
Thank you for help.When you say "create", do you really mean "convert some other format to PDF" or did you want to start with a blank page and then do things like "draw string", "draw line", etc?
Will this be a desktop or server-based application? -
Ability to sign emails with certificates
Hi all,
I was just wondering if anyone had been able to setup their email on the iphone (I am using a mobile me account which syncs - I don't know the terminology) with digital signatures.
I have setup my macbook that, when I compose an email, I can sign it with a free certificate I got from Comodo.
I was wondering if there was a way of setting up the iphone so that I can also sign the messages I compose when I am about?
I had a look at the iphone configuration utility (briefly) but got scared that I might change some other setting and break my phone (everything else is working so nicely).
Is there any guides as to how set this up (am happy to look at the iphone utility if I could get all the current settings I have loaded onto it and then just change the required changes). I don't know if this is even allowed in the device...
Any information would be helpful
Cheers
AusQBallHi Sean,
Thanks for replying but I am not sure that the application does quite what I am after...
I am not trying to add an image with my signature on it but rather add a cryptographic signature which allows the recipient to know that it came from me. My knowledge on this topic is a little sketchy but I think that, for it to work, a hash of the entire message would need to be calculated and then encrypted with a private key found in my signature certificate (which only I have). The recipient can then check that the message has not been altered using the public key (provided in the email and signed by a certificate authority) to confirm that the hashes match.
Please reply if I have misunderstood something with the application.
Also thank you for looking into this for me. Any help is appreciated.
Cheers
AusQBall -
Encrypt PDF with certificate (alternative to Acrobat?)
Hi,
we need to encrypt PDF document with a certificate of our company.
We already worked with Acrobat's feature to do this, but we need to offer the possibility to encrypt documents to many of our employees.
But only for this reason we don't want to buy licenses of Acrobat, so do you no alternative software that provides this feature?Hi,
we need to encrypt PDF document with a certificate of our company.
We already worked with Acrobat's feature to do this, but we need to offer the possibility to encrypt documents to many of our employees.
But only for this reason we don't want to buy licenses of Acrobat, so do you no alternative software that provides this feature? -
Signing message with certificate: JCE, IAIK or similar in IBM SDK 5.0
So, I'm in a very difficult problem.
Using Java:
I've an enterprise certificate (in .p12 format) altogether with its public key ("password" string). Also I've a text message which I've to sign in PKCS7 format. I've been reading a lot and I've realized that there's no STANDARD implementation to do what I want to do. There is the JCE/JCA API and the Certification API, but they are just API's, no implementation. Here are the facts:
-I've to run the application in the IBM JDK 5.0 (AS400 system).
-My application actually works in the SUN JDK 6.0 using the IAIK security provider, but not using JCE, its a very ugly code which I dont know really what it does, but it works. When I put it on the IBM JDK 5.0 it fails (java nullpointer blah blah).
-IAIK Documentation says that it works on JDK 5.0. Yeah, it works, but in SUN implementation, not in IBM's.
Today I don't know what the heck to do, really. What do you think it's the best solution?
-Trying to make the IAIK code work in IBM SDK 5.0 by test-and-error method.
-Trying to sign the message using JCE and the IBM JCE provider (this is what I'm actually trying to do). It would be very nice if somebody provides something to read about (I've read lot of IBM/SUN documentation and I couldnt find anything useful for now.
-Trying to put the SUN JDK 6.0 in the AS400. This would be the easy solution but my bosses said that this is impossible and very dangerous, and additionally this wouldn't work.
-Also I've another code which uses the BouncyCastle provider but this doesn't work. Would this be better to learn how to use? I prefer using standards, though.
In conclusion:
I've 4 security providers: IBM, SUN, IAIK and BouncyCastle (just IAIK works, and I need IBM), and
I've 4 SDK's: IBM 5.0, IBM 6.0, SUN 5.0 and SUN 6.0 (just SUN/IBM 6.0 works, and I need IBM 5.0).
I would like any documentation useful to read. I would provide any information which could be important to answer my question.But I hope this could fix it :(
My last code:
public static String firmar(String contenido, String certificado, String password)
throws Exception {
System.out.println(new Date() + ":: Signing using IAIK provider.");
boolean dettached = true;
boolean attributes = true;
boolean CRLF = true;
IAIK iaik = new IAIK();
Security.addProvider(iaik);
byte aByteInfoToSign[] = contenido.getBytes("UTF8");
if(aByteInfoToSign == null)
throw new IOException("Empty message.");
byte digest[] = SHA1(aByteInfoToSign);
String digestHEX = toHexString(digest);
KeyStore keystore = KeyStore.getInstance("PKCS12");
FileInputStream fileinputstream = new FileInputStream(certificado);
keystore.load(fileinputstream, password.toCharArray());
String alias = null;
Enumeration enumeration = keystore.aliases();
if(enumeration.hasMoreElements())
alias = enumeration.nextElement().toString();
else
throw new KeyStoreException("Firmador IAIK: Empty Keystore.");
Certificate certificate = keystore.getCertificate(alias);
PrivateKey privatekey = (PrivateKey)keystore.getKey(alias, password.toCharArray());
* Declared absolutely to avoid incompatibilities betwenn IAIK and Sun classes.
iaik.x509.X509Certificate ax509certificate[] = new iaik.x509.X509Certificate[1];
ax509certificate[0] = new iaik.x509.X509Certificate(certificate.getEncoded());
IssuerAndSerialNumber issuerandserialnumber = new IssuerAndSerialNumber(ax509certificate[0]);
SignerInfo asignerinfo[] = new SignerInfo[1];
asignerinfo[0] = new SignerInfo(issuerandserialnumber, AlgorithmID.sha1, AlgorithmID.rsaEncryption, privatekey);
Attribute aattribute[] = new Attribute[4];
aattribute[0] = new Attribute(ObjectID.contentType, new ASN1Object[] {
ObjectID.pkcs7_data
aattribute[1] = new Attribute(ObjectID.signingTime, new ASN1Object[] {
(new ChoiceOfTime()).toASN1Object()
ObjectID oid = new ObjectID("1.2.840.113549.3.2");
SEQUENCE seqRC2 = new SEQUENCE();
seqRC2.addComponent(oid,0);
seqRC2.addComponent(new INTEGER(40));
SEQUENCE seqEncrypAlgoritmos = new SEQUENCE();
seqEncrypAlgoritmos.addComponent(seqRC2);
Attribute atributo = new Attribute(ObjectID.symmetricCapabilities,
new ASN1Object[] {seqEncrypAlgoritmos});
aattribute[2] = atributo;
aattribute[3] = new Attribute(ObjectID.messageDigest, new ASN1Object[]{ new OCTET_STRING(digest) });
if(attributes)
asignerinfo[0].setAuthenticatedAttributes(aattribute);
byte byte0;
if(dettached)
byte0 = 2;
else
byte0 = 1;
SignedData signeddata = new SignedData(digestHEX.getBytes(), byte0);
signeddata.setCertificates(ax509certificate);
signeddata.addSignerInfo(asignerinfo[0]);
ContentInfo contentinfo = new ContentInfo(signeddata);
if(!contentinfo.hasContent())
throw new Exception("Couldn't create the sign");
ByteArrayOutputStream result = new ByteArrayOutputStream();
ByteArrayOutputStream source = new ByteArrayOutputStream();
contentinfo.writeTo(source); // <-- here is the error (line 136)
Base64OutputStream base64outputstream = new Base64OutputStream(result);
base64outputstream.write(source.toByteArray());
base64outputstream.flush();
base64outputstream.close();
String resFinal;
if(CRLF)
resFinal = result.toString();
else
resFinal = result.toString().replaceAll("[\r\n]+","");
// resFinal = sinCRLF(result.toString());
if(resFinal.equals(""))
throw new Exception("Couldn't create the sign");
* Restore the Security variable.
Security.removeProvider(iaik.getName());
return resFinal;
private static byte[] SHA1(byte abyte0[])
try
MessageDigest messagedigest = MessageDigest.getInstance("SHA-1");
byte abyte1[] = messagedigest.digest(abyte0);
messagedigest.reset();
return abyte1;
catch(NoSuchAlgorithmException nosuchalgorithmexception)
throw new Error("Configuration error", nosuchalgorithmexception);
private static String toHexString(byte abyte0[])
StringBuffer stringbuffer = new StringBuffer();
int i = abyte0.length;
for(int j = 0; j < i; j++)
byte2hex(abyte0[j], stringbuffer);
return stringbuffer.toString().toUpperCase();
private static void byte2hex(byte byte0, StringBuffer stringbuffer)
char ac[] = {
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
'a', 'b', 'c', 'd', 'e', 'f'
int i = (byte0 & 0xf0) >> 4;
int j = byte0 & 0xf;
stringbuffer.append(ac);
stringbuffer.append(ac[j]);
}Using the IBM SDK 5.0, the error:iaik.pkcs.PKCSException: iaik.asn1.CodingException: iaik.asn1.CodingException: Unable to encrypt digest: No installed provider supports this key: (null)
at iaik.pkcs.pkcs7.SignedData.toASN1Object(Unknown Source)
at iaik.pkcs.pkcs7.SignedDataStream.toASN1Object(Unknown Source)
at iaik.pkcs.pkcs7.ContentInfo.toASN1Object(Unknown Source)
at iaik.pkcs.pkcs7.ContentInfo.writeTo(Unknown Source)
at aeat.FirmadorIAIK.firmar(FirmadorIAIK.java:136)
... more irrelevant data... -
Permissions with problem when encrypting pdf with certificate
I am using the following javascript code to encrypt a pdf using a certificate:
var thePermissions = {
allowAll: false,
allowAccessibility: false,
allowContentExtraction: false,
allowChanges: "none",
allowPrinting: "none"
var theCertificate = security.importFromFile(
"Certificate",
"/c/user.cer"
var theUserEntity = {
firstName: "The",
lastName: "User",
fullName: "The User",
certificates: theCertificate,
defaultEncryptCert: theCertificate
var theGroup = { userEntities: [ theUserEntity ], permissions: thePermissions };
encryptForRecipients( { oGroups: [ theGroup ] } );
saveAs("encrypted.pdf");
The file "encrypted.pdf" resulting is in fact encrypted, but the permissions doesn't seem to be correct. For instance, the Document Properties show that there are no document restrictions (DocumentProperties.PNG), but when the details are shown, it seems that the correct restrictions apply (DocumentSecurity.PNG). As can be seen in the permissions variable, there should be no permissions to the pdf generated. Can someone possibly help me with this?
Additional info: there should have no human interaction in the process, the certificate is not fixed (preventing using encryptUsingPolicy), and will be selected based on the file name of the original pdf.Hi Leonard,
I see the same thing executing the script from the JavaScript console. There is a slight wrinkle in the steps to reproduce. Even if everything worked as it's supposed to, you would still need to close and then reopen the file in order to get the perm restrictions to take effect. This is because when you initially encrypt the file you are still the document owner, and thus none of the perms have yet taken effect. However, once you do close and then reopen the file (thus forcing an authentication), the file should open with the perms being enforced, but alas, they are not.
Interestingly, if you go into the Document Properties and then select the Security tab (or just click the Permissions Details button in the DMB) you see that the Restriction Summary shows that everything is allowed, but when you click the Show Details button, which just displays the restrictions applicable to the encryption handler, it shows the correct settings. Of course the real bug isn't that the restriction summary is incorrect, but rather that it is correct and all of the supposedly restricted operations are allowable.
I'll enter this as a bug against 10 along with the ER to add the encryption algorithm as an option to the encryptForRecipients JS function.
Steve -
Error signing pdf with Reader XI
When I sign a pdf using Acrobat Reader XI, I get the error The Windows cryptographic service provider reported an error: Object was not found Error code: 2148073489. Is there a way to fix this?
Any update on this issue. I have several people having this issue and would like to know if anyone has been able to locate a resolution.
-
Hello everyone,
I'm on a Mac OSX 10.8.5 and I am trying to follow these instructions: AMS Financial Aid Forms by Rachael Arestad on Prezi using Adobe Reader 11.0.10. However, there are a couple problems that come up.
1) I can't print the PDF as a PDF like the tutorial wants me to, I can only save. Why it wants me to print as PDF is beyond me.
2) If I try to add an image as a signature, Reader tells me to save a copy. Okay so I click save a copy, and I try again... and it tells me to save another copy! (ad infinitum)
What's happening here? Sorry if I come off as snarky, but this is a surreal and frustrating problem.The author of the piece was, frankly, misinformed.
1. They say use Adobe Acrobat Reader. It hasn't been called that in over 10 years. It's Adobe Reader now. But this isn't important. But I mention it because the names of products are critical here.
2. They say to use the "Adobe PDF" printer. But this is not and never has been part of the free Adobe Reader. It is included in the product Adobe Acrobat ($$).
3. This option is no longer available on Mac OS even if you buy Acrobat.
Now, the save a copy thing. If you save a copy, you must save with a new name. THEN you must close the document you are working on and OPEN THE COPY. -
How Sign Message with Certificate (public key)?
Hi, I need to to send Sign xml message by Certificate file (public key) and read sign message
so how can i do it ??
and i should have 2 public key ?? or what ??
please help :)
Thanksejp has answered your question, but it seems you did not understand. This forum is not a good place to learn about public key cryptography and message encryption. You should already understand these fundamentals before asking questions here. This forum is about how to implement these crypto operations in the Java programming language. If you are cheap or poor, you can try googling for the more information; wikipedia is good starting point also. If you can afford it, I recommend you buy Practical Cryptography_ by Schneier.
-
Adobe open encrypted PDF with expired certificate
Hi,
I encrypt and sign documents with certificates. To do this I use a script and the little program "jsignpdf". The certificates are stored in windows certificate store on the client.This works fine!
The problem is that Adobe Reader (10/11) open the encrypted PDF also when the certificate is expired. I don't find any option to change that.
Has anbody an idea to solve my problem?
The clients have windows vista and Adobe Reader 10. But Adobe Reader11 have the same problem.
Thanks
StevenIf you are signing with Acrobat, you have the choice of whether to include revocation information. See Establish long-term signature validation in http://helpx.adobe.com/acrobat/using/validating-digital-signatures.html.
-
Can we sign a PDF with AD ID & date & time stamp?
Can we sign a PDF with AD ID & date & time stamp?
So what you really want is for your signature's appearance to contain user's ID and signing time. To do that you sign PDF with a regular digital signature and apply custom appearance to it. The "Sign" dialog contains "Appearance" field that has a drop-down list on the right which lists all available appearances and a "Create New Appearance" button. The standard/default signature appearance already contains signing time. You can create a custom appearance that includes additional information that you want to appear there. If you want your username to appear in the signature appearance you create an image file that contains your username and add this image to your custom appearance.
Multiple users can definitely sign the same PDF. Usually the signing certificate owner's name appears in the certificate itself and is included in the standard/default signature appearance. This is not Windows username but still identifies the signer, IMO better than Windows username. I do not think you want to disclose your password by placing it in the signature appearance.
You keep mixing two completely different and unrelated concepts: authentication and signing. I still do not understand what exactly you mean by "authentication". It has nothing to do with signature.
Maybe you are looking for
-
Safari starts but no window opens, then crashes. Help!
My Safari starts up but doesn't even open a window, then it will "quit unexpectedly". I've been using firefox eversince but I really miss using Safari. Please help I don't know what to do Process: Safari [337] Path: /Applications/S
-
Screen sharing and "command tab"
Hi, is there a way to "command tab" within a Screen sharing screen. When I use "command tab", it's doing this on the host, and not on the remote machine... Or is there another way to jump from application to application? Cheers, Roger
-
How to get the current PDF filename?
Hi everyone, I know this might be a question that has been asked millions of times but I couldn't find a direct answer. I'm using a work flow that comes with a Content Manager Solution so it is not Adobe this WF will generate a very long file name (a
-
When I'm on a Skype, Mac Air display won't sleep?
I often have a Skype call connected as my boyfriend and I are having a long distance. The display would sleep when I was having a call and out of the room when I was using OS X 10.6.8 but since I've changed to use mountain Lion 10.8.2, It won't sleep
-
Licence file is not being uploaded to NX 9k ?
Trying to upload the licence file to a bootflash: via tftp, but keep getting TFTP get operation failed: connection time out; Any link/method than normal upload file to Cisco switches ? Rgds