TechNote 0006: Digital Signatures in PDF/A-1

More documents

Recommendations

Info

PDF/ACompetence Center3 Recommendations for Signatures inPDF/A-1The following recommendations apply to public key signature handlers only andare addressed to writers of vendor specific signature handlers. Although theserecommendations are not part of the PDF/A-1 standard, implementers are encouragedto follow them in order to avoid security issues, obtain upward compatibilitywith PDF Reference 1.5–1.7 and maximize interoperability between securityhandlers from different vendors.3.1 Signature InteroperabilityThe SubFilter entry in the signature dictionary specifies the encoding of thesignature value and key information, and the Filter entry specifies the preferredhandler to use to validate the signature. For maximum interoperability betweensignature handlers from different vendors, only the SubFilter valuesadbe.pkcs7.detached and adbe.pkcs7.sha1, as defined in PDF Reference1.5, should be used.3.2 Contents StringThe Contents entry should contain the signature as a hex string, starting with< and ending with >.3.3 Visual AppearanceIt is highly recommended to structure the appearance streams according toAdobe’s technical note Digital Signature Appearances, version for Acrobat 6(see Bibliography). For security reasons only the layers n0 and n2 as well asthe DSz entry in XObject dictionary of the AcroForm’s resources (DR) shouldbe used. Specifically the n1, n3 and n4 layers as well as the DSx and DSy entries,as described in Adobe’s earlier technical note Digital Signature Appearances,version for Acrobat 5, must not be used.3.4 Cryptographic Message SyntaxOnly a DER-encoded PKCS#7 binary data object, conforming to RFC 3852,should be used as the value of the signature dictionary’s Contents entry thusmaking the PKCS#1 binary data object and the X.509 certificate chain stored inthe Cert entry obsolete.2008-03-14 Recommendations for Signatures in PDF/A-1 page 6
PDF/ACompetence Center3.5 Digest AlgorithmDue to known security weaknesses the MD5 algorithm should not be used tocalculate the digest of the signed part of the document. SHA-1 should be usedinstead.3.6 Time stampThe time of signing, if it is generated in a verifiable way from a secure timeserver, should be included in the signature value, i.e. embedded in the PKCS#7binary data object. The time stamp token must conform to RFC 3161 and mustbe computed and embedded into the PKCS#7 object as described in Appendix Aof RFC 3161. A normal unverified computer time should preferably be embeddedinto the PKCS#7 object or can alternatively be stored in the M entry of thesignature dictionary.3.7 Revocation InformationIf needed, only Online Certificate Status Protocol (OCSP) responses, describedin RFC 2560, X.509 Internet Public Key Infrastructure Online Certificate StatusProtocol (OCSP) should be included in the PKCS#7 object. Creators should refrainfrom embedding certificate revocation lists (CRLs) into the PKCS#7 objectin order to keep file sizes small.3.8 Trust ChainThe PKCS#7 object should contain the signer’s certificate and all issuer certificatesfrom the signer’s trust chain. The signer’s certificate should be the firstcertificate in the PKCS#7 object.3.9 Document XMP MetadataPDF/A conformant signature tools should record the signing process as an actionin the xmpMM:History entry in the document's XMP metadata. The softwareAgentfield should be specified, and the action field should be specified assigned.2008-03-14 Recommendations for Signatures in PDF/A-1 page 7
Page 3 and 4: PDF/ACompetence Centersigned for do
Page 5: PDF/ACompetence Center2.4 Visual Ap
Page 9 and 10: PDF/ACompetence CenterBibliography[

TechNote 0006: Digital Signatures in PDF/A-1

Create successful ePaper yourself

Delete template?

Save as template?