Hi Gökçen, let me chime in here - so barring any technical issues, or further insight, I'd love to have this result in something that can be used under European e-government regulations. Something to look into for guidance clearly is PortableSigner, which is maintained by the Austrian government AFAIK - with that:
* The signing method: What kind of signature handler we may use? ByteRange method is sufficient and for the SubFilter value of the signature dictionary, adbe.x509.rsa.sha is OK, right? In this case, Cert entry of the Signature dictionary will contain X.509 certificate chain and Contents key wil contain the byte range digest.
Yeah, filter something like PPKLite, subfilter adbe.pkcs7.sha1 or adbe.pkcs7.detached - ByteRange makes total sense, and so does X.509 certs - I'd be content if you can use PKCS#12 ones e.g. :)
* Is the MDP (modification detection and prevention) required? This is used for object signatures, right? But the byte-range based document signatures is more suitable. I think I must also investigate the status of the digital signature verification in Linux PDF readers and maybe poppler, so the users must be able to verify the signed PDF files :)
Right, not much insight into that - but I would suggest that, everything else being equal, do what signature laws require.
* Which PDF version should be preferred? As far as I can see, SHA256 digestion is introduced in PDF 1.6, so the decision of digest method may effect the minimum PDF version to be used, right?
1.5 should hopefully be enough. Random links: http://portablesigner.sourceforge.net/ http://en.wikipedia.org/wiki/EGovernment_in_Europe https://www.bsi.bund.de/cae/servlet/contentblob/487196/publicationFile/31102/esig_pdf.pdf HTH, -- Thorsten
Attachment:
pgp2jyU0QB2my.pgp
Description: PGP signature