pfm: Printer Font Metrics file format, a binary version of afm(Adobe Font Metrics) file
pfa: Printer Font Ascii file format, the Ascii version of pfb file
pfb: Printer Font Binary format
[ref]
http://en.wikipedia.org/wiki/PostScript_fonts
Monday, November 29, 2010
Wednesday, June 9, 2010
Customized Security Envelope
Steps to Create Customized Security Envelope by Acrobat:
0. Use the editor you like to create an "template" file (no contents, just like the paper envelope)
[Word, Wordpad, Flash, Illustrator, PowerPoint, OpenOffice, Latex...]
["You can create the envelope template in any application"]
1. Convert it to pdf file, myTemplate1.pdf
[PDF creator/converter/printer/writer/ ..., e.g. eDocPrinter Pdf Pro, CutePdf Pro, ...]
2.
1. 將樣板檔轉成 myTemplate1.pdf
2.
[ref]
http://blogs.adobe.com/acrolaw/2007/04/custom_security_envelopes.html
0. Use the editor you like to create an "template" file (no contents, just like the paper envelope)
[Word, Wordpad, Flash, Illustrator, PowerPoint, OpenOffice, Latex...]
["You can create the envelope template in any application"]
1. Convert it to pdf file, myTemplate1.pdf
[PDF creator/converter/printer/writer/ ..., e.g. eDocPrinter Pdf Pro, CutePdf Pro, ...]
2.
- Use Acrobat to create a sample file of "Security Envelope" by "Advanced - > Security -> Create Security Envelope"
- Copy the desired "Form Fields" such as sender, recipient, date, ... from the sample file
by "Tools -> Advanced Editing -> Select Object Tool", - Open myTemplate1.pdf, paste the just copied "Form Fields"
- Adjustment
(The form field may be rotated by "right-click, properties, ...")
(Right-click -> Document properties -> Description -> ... ) - Save myTemplate1.pdf
3. myTemplate1.pdf is now available for Customized Security Envelope.
//===
0.用自己常用的圖文編輯器 產生信封的樣版檔
1. 將樣板檔轉成 myTemplate1.pdf
2.
- 用Acrobat 產生一個Security Envelope 範例檔 :
"Security Envelope" by "Advanced - > Security -> Create Security Envelope" ... - 將範例檔中需要的"Form Fields" 如日期/發信者/收信者等 拷貝到clipboard :
"Tools -> Advanced Editing -> Select Object Tool" - 打開 myTemplate1.pdf, 貼上剛才拷貝的 "Form Fields"
- 微調
(The form field may be rotated by "right-click, properties, ...")
(Right-click -> Document properties -> Description -> ... ) - 存檔 myTemplate1.pdf
[ref]
http://blogs.adobe.com/acrolaw/2007/04/custom_security_envelopes.html
Tuesday, June 8, 2010
Security and signature for Pdf document
[Q] Cannot encrypt/change security for the signed or certified pdf document?
[try] use external encryption instead,
e.g. Advanced-> Security-> Create Security Envelope in Acrobat
[Q] How about signing the encrypted pdf document?
//===
[try] use external encryption instead,
e.g. Advanced-> Security-> Create Security Envelope in Acrobat
[Q] How about signing the encrypted pdf document?
//===
Friday, May 28, 2010
Detached or Attached signature ?
[Q] How to detach signed data from pkcs7 ?
[try]
從要傳送的資料的角度來看 簽章(signature)一般是附隨(attached)的 也就是跟著要傳送的資料一起送出去
但是也可以將簽章與資料分開送 通常是因為原始資料已經擺在檔案的某個地方 經過簽章之後無須將資料與簽章一起打包 只要將簽章放進包包(PKCS7, S/MIME, ... )中即可
"...
Digital signatures are normally attached to the message. However, ...
A detached signature may be stored and transmitted separately from the message it signs.
...
In an S/MIME message with a detached signature, the signature is calculated over on the entire payload data, in addition to its MIME headers.
... detached signature
PKCS#7: Includes the signature and certificate without the signed data.
RNIF1.1: Uses PKCS#7 and a detached format.
S/MIME2: May include a MIME multipart message consisting of the original data in one segment
and a binary format signature or a base64-encoded signature in a second segment.
...
..."
pseudo code in C# :
public byte[] createPkcs7WithDetachedSig()
{
ContentInfo content = new ContentInfo(data);
SignedCms signedCms = new SignedCms(content, bDetached=true);
CmsSigner signer = new CmsSigner(...)
signedCms.ComputeSignature(signer);
//xxx signedCms.ContentInfo = null;
//xxx signedCms.Detached = true;
return signedCms.Encode();
}
[ref]
http://docs.sun.com/app/docs/doc/820-1228/6nctp1mqb?l=zh_TW&a=view
[try]
從要傳送的資料的角度來看 簽章(signature)一般是附隨(attached)的 也就是跟著要傳送的資料一起送出去
但是也可以將簽章與資料分開送 通常是因為原始資料已經擺在檔案的某個地方 經過簽章之後無須將資料與簽章一起打包 只要將簽章放進包包(PKCS7, S/MIME, ... )中即可
"...
Digital signatures are normally attached to the message. However, ...
A detached signature may be stored and transmitted separately from the message it signs.
...
In an S/MIME message with a detached signature, the signature is calculated over on the entire payload data, in addition to its MIME headers.
... detached signature
PKCS#7: Includes the signature and certificate without the signed data.
RNIF1.1: Uses PKCS#7 and a detached format.
S/MIME2: May include a MIME multipart message consisting of the original data in one segment
and a binary format signature or a base64-encoded signature in a second segment.
...
..."
pseudo code in C# :
public byte[] createPkcs7WithDetachedSig()
{
ContentInfo content = new ContentInfo(data);
SignedCms signedCms = new SignedCms(content, bDetached=true);
CmsSigner signer = new CmsSigner(...)
signedCms.ComputeSignature(signer);
//xxx signedCms.ContentInfo = null;
//xxx signedCms.Detached = true;
return signedCms.Encode();
}
[ref]
http://docs.sun.com/app/docs/doc/820-1228/6nctp1mqb?l=zh_TW&a=view
Pdf signature
0. Signature appearance add/edit by "Edit -> Preferences-> Security -> Appearance" in Acrobat
1. Filter/subfilter of signature dictionary in pdf file :
pkcs#7: adbe.pkcs7.detached , adbe.pkcs7.sha1,
pkcs#1: adbe.x509.rsa.sha1
adbe.x509.rsa.sha1 is not recommended?
"detached" means signature value and data are separated?
".sha1" is not required to be SHA1!?
"...
The SHA1 in the name is misleading as you can use other hash functions, depending on ....
For example, for true PDF/A-1 compatibility you should not use SHA256 since it didn't exist in PDF 1.4 (on which PDF/A-1 is based)
..."
2. 針對同一份文件同一個版本 賦予多個簽章 e.g. 股長 主任 處長 協理 ...
"...
The normal way to do this would be to have multiple SignerInfo's inside a single signature - this is called parallel signatures. PDF, however, does not support this - and in fact, ETSI TS 102778 (PAdES) explicitly forbids it.
..."
"...
Parallel signatures in the PDF context are realized using serial signatures, an acceptable solution as long as the document isn't to be signed sumultaneously at the same time by different persons.
..."
"...
ETSI/ESI STF364 is going to be working on the “parallel signatures problem” during Phase 3 of their work. The current thoughts to address the problem revolve around the use of multiple signerInfos inside of a single PKCS#7 block, just as it is done in CAdES.
..."
"...
Instead of inventing the wheel time and time again, simply reserving enough space for a signature container containing multiple signerInfo blocks sounds most reasonable.
..."
[ref]
http://learn.adobe.com/wiki/download/attachments/52658564/samplesignatures.pdf?version=1
http://forums.adobe.com/thread/530277?tstart=0
http://stackoverflow.com/questions/1807432/signing-pdf-multiple-signatures-with-a-single-revision
http://itext-general.2136553.n4.nabble.com/Uncommon-ByteRange-entry-in-signature-dictionary-td2168822.html#a2168822
http://itext-general.2136553.n4.nabble.com/Multiple-signatures-and-multiple-revisions-td2171996.html#a2171996
1. Filter/subfilter of signature dictionary in pdf file :
pkcs#7: adbe.pkcs7.detached , adbe.pkcs7.sha1,
pkcs#1: adbe.x509.rsa.sha1
adbe.x509.rsa.sha1 is not recommended?
"detached" means signature value and data are separated?
".sha1" is not required to be SHA1!?
"...
The SHA1 in the name is misleading as you can use other hash functions, depending on ....
For example, for true PDF/A-1 compatibility you should not use SHA256 since it didn't exist in PDF 1.4 (on which PDF/A-1 is based)
..."
2. 針對同一份文件同一個版本 賦予多個簽章 e.g. 股長 主任 處長 協理 ...
"...
The normal way to do this would be to have multiple SignerInfo's inside a single signature - this is called parallel signatures. PDF, however, does not support this - and in fact, ETSI TS 102778 (PAdES) explicitly forbids it.
..."
"...
Parallel signatures in the PDF context are realized using serial signatures, an acceptable solution as long as the document isn't to be signed sumultaneously at the same time by different persons.
..."
"...
ETSI/ESI STF364 is going to be working on the “parallel signatures problem” during Phase 3 of their work. The current thoughts to address the problem revolve around the use of multiple signerInfos inside of a single PKCS#7 block, just as it is done in CAdES.
..."
"...
Instead of inventing the wheel time and time again, simply reserving enough space for a signature container containing multiple signerInfo blocks sounds most reasonable.
..."
[ref]
http://learn.adobe.com/wiki/download/attachments/52658564/samplesignatures.pdf?version=1
http://forums.adobe.com/thread/530277?tstart=0
http://stackoverflow.com/questions/1807432/signing-pdf-multiple-signatures-with-a-single-revision
http://itext-general.2136553.n4.nabble.com/Uncommon-ByteRange-entry-in-signature-dictionary-td2168822.html#a2168822
http://itext-general.2136553.n4.nabble.com/Multiple-signatures-and-multiple-revisions-td2171996.html#a2171996
Thursday, April 15, 2010
Pdf certificate encryption
- Pdf certificate encryption can only be used with AESV2/AESV3 rather than RC4?
- Pdf certificate encryption need "Digital ID"
- Register existing "Digital ID" by Adobe Acrobat/Reader
- Create new self-signed "Digital ID" by Adobe Acrobat/Reader
[ref]
http://www.pdfzone.com/c/a/Document-Management/PDF-Security-Part-II-Creating-a-Digital-ID
http://forums.adobe.com/community/acrobat/acrobat_windows
http://forums.adobe.com/message/2130804#2130804
http://help.adobe.com/en_US/Acrobat/9.0/Standard/WS58a04a822e3e50102bd615109794195ff-7d95.w.html
Subscribe to:
Comments (Atom)
