Digital Signatures: how it's done in PDF
9 likes6,191 views
The document discusses the importance and mechanics of digital signatures in PDF files, emphasizing their role in integrity, authenticity, and non-repudiation. It outlines key concepts such as hashing, encryption, and the differences between electronic and digital signatures across jurisdictions, as well as the standards governing digital signatures like ISO and ETSI. Additionally, it covers various signing architectures (server-side vs. client-side), document workflow implications, and long-term validation strategies.
Digital Signatures: how it's done in PDF
- 1. Digital Signatures How it’s done in PDF
- 2. iText, an open source PDF library Java C#
- 3. Shareholders: -Ingeborg Willaert (50%) -Bruno Lowagie (50%) iText Group NV °2008 Belgium IP, TM, Development Marketing iText Software BVBA °2011 Belgium Sales EMEA/Asia iText Software Corp. °2009 USA (CA/MA) Sales Americas/Oceania Board of Directors: -Peter Camps (chairman) -Ingeborg Willaert -Bruno Lowagie Advisory Board: -Andrew Binstock -Mark de Visser -Bernard Slede iTextGroup Benelux: 10th place Belgium: 3rd place
- 4. Agenda •Why do we need digital signatures? •Basic concepts… •… applied to PDF •Architectures: server-side vs. client-side •Digital signatures and document workflow •Long term validation
- 5. Introduction Why do we need digital signatures?
- 6. Integrity I paid a forged invoice and lost 30K€!
- 7. Authenticity Why am I, Emperor Constantine I, in this picture? I never transferred authority to the Pope!
- 8. Non-repudiation I didn’t do it!
- 9. Three goals •Integrity —we want assurance that the document hasn’t been changed somewhere in the workflow •Authenticity —we want assurance that the author of the document is who we think it is (and not somebody else) •Non-repudiation —we want assurance that the author can’t deny his authorship.
- 10. Part 1 Basic concepts…
- 11. Concept 1: Hashing •Hashing algorithm: •a cryptographic hash function to turn an arbitrary block of data into a fixed-size bit string. •Available algorithms: •MD5: Ron Rivest •SHA: •SHA-1: NSA (Being phased out!) •SHA-2: NSA / NIST •NEW: SHA-3 contest winner “Keccak” •RIPEMD: KULeuven
- 12. Concept 1: Integrity check using hash Document Generate Hash AF1B4C...D34E Secure Server / Website Retrieve Hash AF1B4C...D34E Compare!
- 13. Concept 2: encryption •Assymetric key algorithms •Encryption •Digital signing
- 14. Some name dropping •Public Key Cryptography Standards •PKCS#1: RSA Cryptography Standard (Rivest, Shamir, Adleman) •PKCS#7: Cryptographic Message Standard (CMS) •PKCS#11: Cryptographic Token Interface •PKCS#12: PersonalInformation Exchange SyntaxStandard •PKCS#13: Elliptic Curve Cryptography Standard (ECDSA) •Federal Information Processing Standards (FIPS) •DSA: Digital Signature Algorithm (DSA) •European Telecommunications Standards Institute (ETSI) •CMS Advanced Electronic Signatures (CAdES)
- 15. Concept 1 + Concept 2 •Producer •Provides data as-is •Provides hash encrypted using private key •Provides public key •Consumer •Creates hash from data: hash1 •Decrypts hash using public key: hash2 •If (hash1== hash2) document OK!
- 16. Goals met? •Integrity: •hashes are identical •Authenticity: •identity found along with public key •Non-repudiation: •if hash can be decrypted with public key, the document was signed with the corresponding private key
- 17. Differences between EU and US •In the US, we make a distinction: •Electronic signatures don’t necessarily involve PKI •Digital signatures when a PKI infrastructure is involved •In Europe, we speak of electronic signatures •As a synonymfor digital signatures •All laws and regulations take this wording •There’s no sharp distinction between electronic and digital signatures (which leads to confusion) •I always speak of digital signatures
- 18. Part 2 … applied to PDF
- 19. Standards •ISO •ISO-32000-1 (2008) based on PDF 1.7 (2006) •ISO-32000-2 will define PDF 2.0 (2016) •ETSI: TS 102 778 (2009 -2010) •PAdES1: Overview •PAdES2: Basic –CMS based (ISO-32000-1) •PAdES3: Enhanced –CAdESbased (ISO-32000-2) •PAdES4: LTV –Long Term Validation •PAdES5: XAdESbased (XML content) •PAdES6: Visual representation guidelines •ETSI: TS 103 172 (2011 -2013) •PAdESBaseline Profile
- 20. Signatures in PDF •There are no bytes in the PDF that aren’t covered, other than the PDF signature itself. (*) •The digital signature isn’t part of the ByteRange. •The concept “to initial a document” doesn’t exist; you sign the complete document at once, not on a page per page basis. (*)
- 21. Some PDF terminology •Signature field: •Visualisation (onewidget annotation) •Extra info about signature (Lock, SV) •/V refers to the signature dictionary •Signing: •Creating an /APfor the widget annotation •Creating a signature dictionary for /V
- 22. What’s inside the signature? %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE •Signed Message Digest •Certificatechain •Revocation information •Timestamp ISO-32000-2: At minimum the PKCS#7 object shall include the signer’s X.509 signing certificate. This certificate shall be used to verify the signature value in /Contents. Best practices (“should” also have): •Full certificate chain •Revocation information (CRL / OCSP) •Timestamp
- 23. Part 3 Architectures: Server-side vs. client-side signing
- 24. Server-side signing <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest Application Device SERVER
- 25. Use cases server-side signing •Company signature •Invoices •Contracts •… •Signing services in the Cloud •Docusign •Echosign •… •Security management responsibilities!
- 26. Client-side signing <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Signed Message Digest Application Device CLIENT
- 27. Use cases client-side signing •Desktop applications •Adobe Acrobat Pro •Adobe Reader (only for Reader-enabled documents) •Home made, e.g. using iText •In a web context •The PDF software runs on the client, e.g. using Java Web Start •Access to the token or smart card through •MSCAPI •PKCS#11 •Custom smart card library •Security •User has smart card and PIN or USB token and passphrase
- 28. Deferred signing Signed Message Digest App Device CLIENT <</Type/Sig/ /Contents < %PDF-1.x ... ... %%EOF >>> Application SERVER
- 29. Use cases deferred signing •Signing on an iPad / Tablet •App on the device has low footprint •Easy to link to integrate into a document management system •Disadvantage •You need to trust the server that the hash you receive is actually the hash of the document you want to sign •Common Criteria •a framework in which computer system users can specifytheir security functionaland assurancerequirements (SFRs and SARs respectively) through the use of Protection Profiles (PPs), vendors can then implementand/or make claims about the security attributes of their products, and testing laboratories can evaluatethe products to determine if they actually meet the claims.
- 30. Part 4 Digital signatures and document workflow
- 31. Digital signatures: types •Certification (aka author) signature •only possible for the first revision (*) •involves modification detection permissions: •No changes allowed •Form filling and signing allowed •Form filling, signing and commenting allowed •Approval (aka recipient) signature •workflow with subsequent signers •New in PDF 2.0: modification detection permissions •Usage Rights signature •involving Adobe’s private key to Reader enable a PDF
- 32. Other possible icons •Signer’s identity is unknown •Document has been altered or corrupted
- 33. Serial signatures %PDF-1.x %Originaldocument % Additional content 1 ... ... %%EOF DIGITAL SIGNATURE 1 ... %%EOF DIGITAL SIGNATURE 2 % Additional content 2 ... ... %%EOF DIGITAL SIGNATURE 3 Rev1 Rev2 Rev3 A PDF document can be signed more than once, but parallel signatures aren’t supported, only serial signatures: additional signatures sign all previous signatures.
- 35. Read and approved by Bob
- 36. Signed by Bob
- 37. Bob’s signature invalidated by Chuck
- 38. Read, approved and signed by Carol
- 39. Read, approved, and signed by Dave
- 40. Signature and lock broken by Chuck
- 41. Part 5 Long-term validation
- 42. Certificates expire Expiration date 2012 2013 2014
- 43. Certificates get revoked Expiration date Revocation date 2012 2013 2014
- 44. How to survive revocation / expiration? 2012 2013 2014 Expiration date Revocation date
- 45. Timestamps
- 46. What to do when: •There’s no CRL/OCSP/TS in the document? •The certificate is about to expire in one of your documents? •The hashing / encryption algorithm is about to be deprecated?
- 47. Document Security Store %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DIGITAL SIGNATURE •Signed Message Digest •Certificate %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DIGITAL SIGNATURE •Signed Message Digest •Certificate
- 48. Document-level timestamp %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 ETSI.RFC3161 DIGITAL SIGNATURE •Signed Message Digest •Certificate DIGITAL SIGNATURE •Signed Message Digest •Certificate
- 49. Repeat as soon as needed %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 %PDF-1.x ... /ByteRange ... /Contents< >... %%EOF DSS for DIGITAL SIGNATURE •VRI, Certs, OCSPs, CRLs DOCUMENT TIMESTAMP TS1 DSS for TS1 DOCUMENT TIMESTAMP TS2 DIGITAL SIGNATURE •Signed Message Digest •Certificate DIGITAL SIGNATURE •Signed Message Digest •Certificate
- 50. Q & A EMEAKerkstraat 1089050 GentbruggeBELGIUME: sales.isb@itextpdf.com T: +32 92 98 02 31F: +32 92 70 33 75 Americas, Oceania1 Broadway, 14th floorCambridge, MA 02142USA E: sales.isc@itextpdf.comT: +1 617 982 2646 F: +1 617 982 2647 iText HQAdolf Baeyensstraat 1219040 Sint-AmandsbergBELGIUM Asia71 Ayer Rajah Crescent #05-04139951SINGAPOREE: sales.isa@itextpdf,com T: tel: +65 31 58 39 47 http://itextpdf.com