Can PDF user password be used to remove encryption? - parsing

It seems that Portable Document Format (PDF) tools, even open-source software, require that the master password of an encrypted document be supplied to convert the PDF file to an unencrypted version. I am in a situation in which I have the user password but not the master password. Is there any particular reason (algorithmic or encryption-related) that the master password is technically required to convert the file and that the user password is not enough, or is this difference merely a policy enforced by the application itself? Common sense tells me that if the user password is enough for a program to parse and display the PDF file, then that should technically be enough to save the decrypted contents to a converted file as well. This makes me wonder if the third-party software enforces the master/user password difference just for the sake of principle or perhaps out of fear of lawsuits from Adobe...
Are there any applications that can convert a PDF file with only knowing the user password and not the master password? Am I missing something here?

ok. Here is the easy solution.
Open the PDF with Google chrome.
Enter the password.
Print document using Ctrl+p.
Choose Save as PDF option.
Done.
Since it's a copy of original PDF without any securities, you can try anything with the new PDF.

Yes, it's technically possible - indeed, easy.
Years ago, there was some language in the old PDF reference manual implying that, since the syntax of PDF operators was copyright Adobe, it would be illegal to ship software which allowed decryption against Adobe's wishes. Not being a lawyer, I don't know if that actually had any force.
I can't find any similar language in the new ISO 32000 standard, so I don't know what Adobe rely on now, other than goodwill.

Related

Delphi protecting your source code

i've created program that use FTP to upload some files. Now the problem is that someone can use simple decompiler to see source code (my ftp account details) , what is the best way to encript my program. Is it only possible to encrypt details of my login, or to prevent someone from decompiling my program ? Also I've though about getting data from external source with HTTP request. Would that work ?
The simple answer is that there is NO WAY to prevent someone decompiling your code.
You can hide embedded passwords using some simple tricks like XOR-ing them with a "key". Or complicated tricks ...
However, if the program is self-contained, then it must be able to recover the hidden password for itself when it runs. And if it can do that, then a hacker can figure out how it does that and do the same calculations hirself.

Signing a document using MS cryptoAPI with Delphi

I have tried to find some complete examples in Delphi of how to sign a piece of data using the Microsoft CryptoAPI. Online I find mostly snippets and pseudo-code, but no concrete examples of how to do this.
From what I understand, having spent a day hunting for code and info, you can create a hash of a document/file based on a public key (either if you self-generate a pair, or provided by a certificate on the keychain). This hash is then encoded into the encrypted output file (container section) and can be verified and decoded by the receiver holding the private key.
If a Delphi example doesnt exist, are there any free commanline programs I can use to sign a file/document?
I have found code for MD5/SHA1 hashing and also one that encrypts a file using a password string (deriving a hash from a keypar generated on the fly). But sadly no signing of a stream or a file.
The closest match on google is an older product by Turbopower (LockBox) but I have no idea if the generated output is compatible with MS cryptoAPI (?)
Update: This is something along the lines of what I am looking for, but written in C:
http://blogs.msdn.com/b/alejacma/archive/2008/01/23/how-to-sign-and-verify-with-cryptoapi-and-a-user-certificate.aspx
Also, when you downgrade a question - be good enough to describe why you do so. It is a perfectly valid question for Delphi regarding something you face in larger, corporate applications.
I know it's bad form to actually answere your own question, but since there seem to be little "hands on" examples for this under Delphi, I decided to post what I found here to help others.
Security, certificates and signatures is a massive and complex topic which requires serious study, so forgive me for the simplicity of this post. It is only meant to point people in the right direction.
Signing XML, what does it mean?
In very simple, hands-on terms this is what happens:
You generate a HASH of your XML document (MD5 for instance, or
SHA1)
You encrypt this HASH using the private key, either generated
by yourself or provided/derived by your certificate
A new XML node (DSIG signature) is inserted into the document which contains the encrypted hash (and more)
In order to verify that an XML document has not been tampered with, the reader must use the public key to decode the HASH value. So the reader-software must generate a hash of the same document (minus the appended XML) and compare that to the (decrypted) value embedded in the document. If these match, then we know the document is intact. And it will only match if you use a valid key to decrypt the appended hash.
Since this is tedious work (and it includes quite a few steps, like looking up providers in the keystore [in my case] and much, much more) I ended up buying ready-made VCL components from ELDOS (SecureBlackBox) which saved me a lot of time.
External references
ELDOS XMLBlackBox
XML DSIG Documentation
MSDN C# example for signing XML

MD5 in ActionScript

I am trying to build a web based flash application. I am quite new to flash. I would like to develop it in two forms - demo and paid version. For this application to act as a paid version I need to have some kind of serial key. In order to achieve this I googled and came across something like this
MD5(MD5(thisuri)+thisuri)
I think 'thisuri' points to the current url page but I don't know how to get that url and I don't know whether '+' acts as a character or an operator.
Can you please help me?
It seems that a library exists in AS3.0 : as3corelib
An ActionScript 3 Library that contains a number of classes and utilities for working with ActionScript? 3. These include classes for MD5 and SHA 1 hashing, Image encoders, and JSON serialization as well as general String, Number and Date APIs.
To use it, just download the zip file, decompress it and copy the contents of "src" directory to the root of your project.
Then in your actionscript code, simply do the following :
import com.adobe.crypto.MD5;
var hash:String = MD5.hash(”test”);
source in french
To add to #Julien's recommendation of using as3corelib, you will also need the advice from this post to get the current url: Get Current Browser URL - ActionScript 3
Somehow I think there's a more elegant way to get the url, but I don't remember it.
While this may provide you with some basic check for the paid version, a determined hacker will easily fool this algorithm. For example, I could fool the environment into thinking that its being served from a domain that you've registered as part of the "paid" version. Also, since the client has the flash code, they can decompile the binary and potentially see the algorithm you're using. Depending on what you're offering in the app, this extreme case may or may not be acceptable to you.
Look into more secure authentication mechanisms if you're serious about security.

iOS: Convert data into string and emailing it

I've encountered an interesting solution to importing/exporting data through email. This particular solution doesn't involve attaching any files and also "encrypts" the information, such that it's not easy to decipher.
I'd like to know if anyone has an idea about how this is done.
Basically, this app allows you to export a custom-selected set of data by emailing you a link. The link is a URL scheme that opens the app and asks if you want to import the data. The data looks like it's encrypted, but I'm not sure. Below is an example of a link that the app generates. Does anyone know how this is accomplished?
Thank you!:
appofinterest://#;;bmFtZQ==;TmV3IFByb2ZpbGU=;;cHJvZmlsZVBob3Rv;/9j/4AAQSkZJRgABAQAAAQABAAD/4QBYRXhpZgAATU0AKgAAAAgAAgESAAMAAAABAAEAAIdpAAQAAAABAAAAJgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAAAVKADAAQAAAABAAAAVAAAAAD/2wBDAAICAgICAQICAgICAgIDAwYEAwMDAwcFBQQGCAcICAgHCAgJCg0LCQkMCggICw8LDA0ODg4OCQsQEQ8OEQ0ODg7/2wBDAQICAgMDAwYEBAYOCQgJDg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg4ODg7/wAARCABUAFQDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDtvKfBEiO0TEMhkIIx9OmSfX2q+0Aa2JNwLpOPLjD5A/PB/LPNdAlksdrtAiLDlAyEkj3/AM4/Kqt3YllCshgiZuEC7SW7k9P1r+QsLi04n7C8Nqc9ceVbWj3c7G2REJ+ST92oAyckk4Ax96vhD4p/tdaXp2tXGhfDLSJfFWrROY5b6fc1qh5BCgfM5B7jAr6P8d2F/wDFPxJefD3S9Z/sHwxbssXiPV4HPnTHqLWE+uPvHoM49a9n+G/wZ+FHgfwzb6X4X8N6dlABJczRCWaZv7zO3JNevHijLMst7eDqVHtBaJecn+i+Z6uB4OxuYx54yVOHdq7fov1Px4u/i/8AtO6+T9nutTs4WfiKx0tEC5PT7pPp1NXrfxd+1fZyR3Mtr4g1GFcMY7jSFdWHbOEBx9DX9Engzwb4Ss3EkmjWBU8lhAo7jvXS6xZ+GDFI5soIo1boIxnj6e1eq/E6Kj7mBh9//AOOXA9CNf2cq835pL/M/BLwh+0HZ32pR6T8QdFuvBmsEBI5Jo28iZ84OMjKc885HvXujojxGUFJY2Tcrrghgecj619mfFPwn8PPFPh2603W9B0fVLOXO6Oe2U/iGxkH3GK/PLVND/4UtrqWy6lc3/wzvrkx2k877pdJkbpG7dTEegY9O9epkHGeAzWr7JU3Sm9le6fo+/k/vM+IOBMXl2H+sRnzw66Wa9V2819xv3cWWB25b0PasC4twAAYxnnt3rrJhHLEZYvmicZVwQQV9fpWNNGXXr07mvt1Qsj86qHMNAQ5CqSB35oq9JFulJwPxNFH1c5+c/fLWv2c7KcSPoutywkjiO6iDD8x/hXx/wDtHeFPEfwY/Z81rxXeR2sjM0dhYSxSrte4mby4+Ovct07V+rBfivy7/wCCpmvpon7Kfwza5EzWH/CaLcXCRjO8xWszIv8A30RX49HI8JKtBUr3bWl9/L5n0+U53ip1o06jTT622+4+N/BOIntLC1V5ERcyu3Jd25dmPckkmvrTwhYWEd5bia9BmJy0ZYD3xX4map+1R4wt9PWx8OaTYaSq9ZApd2+rGp/C/wC1L8UbbxLBe6ldpcoDyqnbx9KK/hfmtS9eSj6X1/y/E/a8FxzlSthoN9r20R/QlJAlrCrLcMuRuUxyVp6nq3hS18Fu99qFhHdH7xmuQNv4Zr8dLb9sfVG8PGL/AElX2Y69D7e1fK/xI+NnjjxpqpkOtXdlbrkKkch6H6VjlvA2Nr1PZzXIu7/Q2zSvhaNNVPaOTWto9fU/X3xdLo2uzTJoev6ZM7n7ouB/jXyx8R9Ckm8A6lpOpxx3VjNGysjHcPUH86/MXStU8bxax5+k6pqkrI25/LdsV7f4J+JniR/EUGm6xq9xJbzv5U9rcElDnoeehB7jFe6/Dqrlz9tRrqXLra1npr5nnrjSGNg6NWi4p6Xvc9d+E2uS6l8MbrSryd5b3R7prRpW5Zo85jJJ77ePwr0GcgRkA7eO9fPXwtvP7M+OfxG0xn2qXjkReo6nkfn+te3z6gmDlsjHrX61GzhGXdJ/ej8ExtHkrTguja+5kEpXzjkUVkS3+JjiRR+NFV7NHBZn9SqsGXggj2r4B/4KR+EIvFH/AATou9QMRkn0LWIb1W252KyvEx+n7wV6T+y78eLj4y/BG813UJLOTU7b7Ot+1vKuxbl4t0saRglkjU4CsxO7nBIXJz/2w7ttc/YT8V+GYJFjm1uSCyRz2zKHJ/JDX8//ANoSwuJjGp7soyV/v/yPpMqy2s8dTjFX1X4n8pms3Wn6ZHcRQ2Md5KmN7u33SfQVzemS3uo6vBaWdjPNdzyBYYYULM5PQAdTX6OJ+yho76jb/wBpatLKueViVQSOvoTXtXhP4U/Dz4abNR0rSbQ60fljvrob5VJ/u56fhzX6TiPErK8Ph2qUXUn9y/H9D9PwXhxmeIrqc6ipw9NS9+zj+yToV7+zhrdx8RLCG41y+sDMIiSHtBgbVz/eGc59a/Pr40fArx38MfiTd2lvpF/rmgMxNjqFtA0iMpPAfH3WHev3S+Fs93d+ANfZXJYaa7PkgfKCOleWz+Jv7J8VbLpY7m1mbAjlTI+nNfmeV8dZjhcXLETXOp3vF7eVu1tvzP0XE8I4fGU6mGjLl5LWa321v3ufh1p/h34uaNEt9pNrfaXbuoL+bKkJ5/2WYEj8K6fw94D+JHjXxkLwaJcXQSRfOvo0XZkdcsvGeK/b690jwrr+im6vtKsp4icNDLaq6g+wINNgg8NaT4fks9K062sbcjKxxxhR+lfUYjxLnUg3DDRUn1Pn6fh1GlK7xE5Ls2rH47Xeiax4X+Pnip7a1llBtLUOehzs5/UGrE3jCeBStyksDDs4Ir6P+MunXrfGmG80aWJdGngJ1W3AGXZciNx34LY/EV4LrGlRTwyKygj6V9TlWeSr0acpW2S+5W/ryPyziXJIYXFzjfdt/e2cbcfEPTorkpLeRRtj7pYUV4T4u8H6x/wms5srJ5rcqCCnQdeKK++oYfDTpxk6qV/NH59VlUjNxUL2P6jvgH8DfD37PCfEDRvBkzQeDdb1WG90rTJJHlksAsASRWkclnLPuYEngYFcN+2P4muNE/Zt0XVFd/s0WvRicg9AY5AP1r3mO9it7OC3gysMaBI1yTgDgcnk188/tWacPEX7CHjuErvls7dL2L1BidST/wB8lq/k6liJ4zMYTxEuZyaTfV7I/WcBCOFqRnBbHx34V8a6TqdktwZDJL1X5881x/xI+Idt4CFt4x1DR5das4naOzhY7Y1mIJDEd8AHFfM3wq1O6HikWkkxW3zy2eAK98+LfhdPih8MtE8MaHqEEN1bXPnFXO5X+Xbzj619NPJsNhMzhTrv923q+y+R+u4PPqlfLZzpfxEtF5nhVr+2N44DyTWJhgheQkxE7Sg9CPSuz8C/tU6h408QQeDtZ8PpqFzf6hHHb3SkIUdmAUr7jNeK3/7JPxlj1yzg0vw1HrNndS7I720u4/KQ995LZT8a98+HX7Llr8NfH2h+LPHmuLPqGn3K3C2NjtaJZFOQDJn5gD6Cvtc1wvCVLCScGnJr3Um27/L9T5rKs34oqYqEaqtFP3m0lp5f8A+3jrN34diaxvXIdF4J7j1rwL4jfGG20LTp8TIshXaAG6+9dr4x8c+GtfjlEV7G1wqHaQ+MHpX52fEx7vUPFkyPO0sKMdrA18Rwxk6xdZKsrJH1vEmffV6HNSd2z6w/Z/1rRfij8X/E+i+Lxe23hu70ofbtTtYxI+nRrIJPNAI5yyIuB2YntXvevfsn+ANSjkn8GfHTwbeKVzHBqIa1lPoDkkZ/KvO/+CbPgbSPGXiT46W+oWv2rVLXwSW01mkYeVI7shbaDhjjgZBxk49ai1SFoLqWJvldGKtnsRX7Tg8uwmAwt5UVJTbtq01ZJH818RZhXxuNajUcZQSvomndt3PLvFf7MvjvQ/FrWUUNjrkRiWRLvT7yGSFgc8A7+cY9BRXWtJNvOJJAPTcaKvmwb2pv/wAC/wCAeGniUtai+7/gn6sreZIJ/LvWD4w05fE3wp8SeH3wV1HTJ7UDtl4yo/UikNwdgIGV9aT7Rzkk1/MVGSi1LqfpcZH8/E11feFLvW7Yq8N7aSPHIp4IZSVIP4ivOLjx98R9Qt54bS+l0y1nODOH8rj03dfyr9Kv2qf2Y/FufEPxs8FaLLq3gye4x4his490mnTFQWmZByYWyCWH3WJzgHNfmldabquoWbWMNs0iDPlYHFf0bkssNXoQr1Ka95J3kv66nmTxNZycKdRq3SLNrQpviRZ6b/ZmnfEq0sNNvz/pTf2yyInqWH3vyHNXLm58aeG9TeDSPi1pusoeq/aJjG3pw4615Wvg3xVc3Rhg0LVZJAcbRA1eieHfhH4yhb+1dY0s6fYwjcouGBZ27DaDn8TXr4uGDpRcpzhr05Y6ndh8yrVkqUadT19pKy/BL7y0urfEnSLwXmryQy2MzB3eKRSp9/XvT9R8Qi+Bm8wSs3B+vcmp9Xs9e1DTJUuT9k02AHLeuPSvMhOIFZFZXjUnLmubC4eniFz8qTX8uxjjcVPDe7zNp/zbn7mf8EhdGnvvGXxq8QmImyTTLPTmfb8peR5JNv1wv6iuI+K+ktoPxz8VaWybPI1KZAPbecfpX6J/8E3/AAf8PvCn/BLvwbc+CPEGl+JdR10f2r4mu7WRS8V9Kq7raRQco0KhY9p/uk/xV8e/tdaSdK/a/wDEZRNqXRScYH94c19FmeC5Msh/df53/wCAfmU8e6uaTl0kvyt/wT5PkYeac4H1FFUp3H2lskUV8qqjOxn6dFzsx71VaRiTzjvxRRX82WVz9KPsX9niGKX4HasJY0kWXVZFkV1BDDyo+CPTk1+Ff/BSj4ZeD/gp+25or/DnTF0Gy8U6S2qX+nxkfZobjzWRjCmB5atjJXJAJOABxRRX9P5XCL4bwl10R8Lg6klnVVJ9/wBD8908feJba/EcV4ojH8JX2/8ArVdj+I3iq5K2816rROTkbP8A69FFefVwlC1+Rfcj7mlXqpfE/vOd8T+J9Xv7RLOeZRbgfdRcZ+teX3srmVYs4T0HeiivpMmpxjSVlY+VzicpVXdn6b/sEeP/ABX8PPFGlav4Y1a4tPtV61re2TuWtbuPMWBJHnBI3HBGCM9elfoX+20iS/G7RdQKKlxc6PHJLt6ZyelFFY4WcpYLGJu6U9P/AAI+dzmEVj8K0t4/ofB00KGck5Jooor5467H/9k=;;c3R5bGU=;MA==;;dXNlc1NJVW5pdHM=;MA==;;QXBwb2ludG1lbnQ=;;ZGF0ZU9m;MjAxMi0wMS0xNSAxMDowMA==;;TGFiUmVzdWx0;;cmVzdWx0;NTY=;;dGVzdFR5cGU=;VGVtcGVyYXR1cmU=;;ZGF0ZU9mVGVzdA==;MjAxMS0xMi0xMyAwMDowMA==;;TGFiUmVzdWx0;;cmVzdWx0;NzQ=;;dGVzdFR5cGU=;VGVtcGVyYXR1cmU=;;ZGF0ZU9mVGVzdA==;MjAxMS0xMi0yOSAwMDowMA==;;TGFiUmVzdWx0;;cmVzdWx0;MzUgwrBD;;dGVzdFR5cGU=;VGVtcGVyYXR1cmU=;;ZGF0ZU9mVGVzdA==;MjAxMS0xMS0xMCAwMDowMA==;;TGFiUmVzdWx0;;cmVzdWx0;ODU=;;dGVzdFR5cGU=;VGVtcGVyYXR1cmU=;;ZGF0ZU9mVGVzdA==;MjAxMi0wMS0wMyAwMDowMA==;;TGFiUmVzdWx0;;cmVzdWx0;NjQ=;;dGVzdFR5cGU=;VGVtcGVyYXR1cmU=;;ZGF0ZU9mVGVzdA==;MjAxMS0xMS0xMCAwMDowMA==;;TGFiUmVzdWx0;;cmVzdWx0;NDYgbmcvbWw=;;dGVzdFR5cGU=;UHJvc3RhdGUgU3BlY2lmaWMgQW50aWdlbiAoUFNBKQ==;;ZGF0ZU9mVGVzdA==;MjAxMS0xMC0xMCAwMDowMA==;;TGFiUmVzdWx0;;cmVzdWx0;NjM=;;dGVzdFR5cGU=;VGVtcGVyYXR1cmU=;;ZGF0ZU9mVGVzdA==;MjAxMi0wMS0wNiAwMDowMA==;;TGFiUmVzdWx0;;cmVzdWx0;NTg=;;dGVzdFR5cGU=;VGVtcGVyYXR1cmU=;;ZGF0ZU9mVGVzdA==;MjAxMS0xMi0xMyAwMDowMA==;;TGFiUmVzdWx0;;cmVzdWx0;OTQ=;;dGVzdFR5cGU=;VGVtcGVyYXR1cmU=;;ZGF0ZU9mVGVzdA==;MjAxMS0xMi0yMiAwMDowMA==;;TGFiUmVzdWx0;;cmVzdWx0;NTk=;;dGVzdFR5cGU=;VGVtcGVyYXR1cmU=;;ZGF0ZU9mVGVzdA==;MjAxMS0xMC0xMCAwMDowMA==;;TGFiUmVzdWx0;;cmVzdWx0;OTkuOCDCsEY=;;dGVzdFR5cGU=;VGVtcGVyYXR1cmU=;;ZGF0ZU9mVGVzdA==;MjAxMS0xMi0xMCAwMDowMA==;;TGFiUmVzdWx0;;cmVzdWx0;NjU=;;dGVzdFR5cGU=;VGVtcGVyYXR1cmU=;;ZGF0ZU9mVGVzdA==;MjAxMS0wNy0xMCAwMDowMA==;;TGFiUmVzdWx0;;cmVzdWx0;OTc=;;dGVzdFR5cGU=;VGVtcGVyYXR1cmU=;;ZGF0ZU9mVGVzdA==;MjAxMS0wNy0xNSAwMDowMA==;;TGFiUmVzdWx0;;cmVzdWx0;MzIgwrBD;;dGVzdFR5cGU=;VGVtcGVyYXR1cmU=;;ZGF0ZU9mVGVzdA==;MjAxMi0wMS0wNSAwMDowMA==;;TWVkaWNhdGlvbg==;;ZnJlcXVlbmN5;b25jZSBwZXIgZGF5IChxLmQuKQ==;;cm91dGU=;SW50cmF2ZW5vdXMgKEkuVi4p;;ZHJ1Z05hbWU=;TXR4;;aXNDaGVtb0RydWc=;WWVz;;dG90YWxMaWZldGltZURvc2U=;ODUgbWc=;;c3RhcnREYXRl;MjAxMi0wMS0xNSAwMDowMA==;;c3RvcERhdGU=;MjAxMi0wNS0xMCAwMDowMA==
You could just convert your data to base64 (which is the case here*). Remember that URI are not (practically) unlimited in length and might, like the link you posted, be a little meaningless for your users.
(*) in the case you posted, the data is separated by semi-columns, for example "TmV3IFByb2ZpbGU=" is base64 for New Profile, and the big chunk in the middle is a base64 encoded PNG. Absolutely not secure - since it's not encrypted in any way, but could be fairly easily

Digitally sign a pdf document in iOS

Recently I was assigned an iOS project, where I need to digitally sign a pdf document using a key that the application will download from a server.
I don't yet have a clear idea of the process involved in signing documents, what I know until now is that I will be signing my pdf using a private key file provided to me, and then the verification will be done using the public key version of the same file.
I have seen that digital sign can be achieved using libraries like iText for Java or iTextSharp for C#. That's why I would like to know if there is something similar for iOS?. And if not, what would be the process to achieve this using Quartz abilities to manage pdf documents?
Well... I have been checking the Apple docs, and I found this:
https://developer.apple.com/documentation/security/certificate_key_and_trust_services
I think this is supposed to support the X.509 format... which I could use to sign the pdf as an instance os CFData I guess. Also I have been checking the CryptoExercise sample code, but I am not 100% sure if this is what I am looking for.
Other suggestions have told me to check Adobe documentation, but haven't found yet a C api to sign documents using certificates.
If somebody has used the certificate services provided by Apple... it would be great any suggestion or more sample codes to understand the process.
Pablo,
signing PDF documents is a tough task (my company is doing this in the windows world in Pascal).
In general, I can tell you that you probably will not find usable source code you can just incorporate into you project. To see how it is done, the iText source is a good starting point, cause everything is in there.
In objective-c you are on the right path. Using X.509 certificates with functions like SecKeyRawSign is the right way (cause the actual given paddings are to old, you need to create your own padding for supporting e.g. SHA256. You can see here, how this is done: What is the difference between the different padding types on iOS?).
The 'dataToSign' is nothing else than the hash of PDF Content (e.g. SHA256) you want to sign.
To find out which part of the PDF source you have to sign exactly, you must check the adobe PDF 1.6 documentation, or do some searches in groups talking about that. It makes no difference in which language you are going to sign the PDF.
In the end, you will embed the signature and some information about the signature in the predefined portion of the PDF document (look out to not break the valid hash by doing that ;) ) and it could be seen and verified with any other PDF signature/verification software.
I'm sorry that I can't provide you with relevant code, but you'll find enough samples around the X.509 certificates - e.g. creating a SSL/SSH connection. And if you search for SecKeyRawSign, you'll even find some samples for signing (at least with other patterns). That's all you need, if you find the PDF Syntax for taking the content portion to sign and to embed the signature into the final PDF.
I hope this was of help for you
Jimmy

Resources