PaulDotCom mailing list archives
Re: Digital Signature with internal CA
From: Matt Summers <matt () fireantsecurity co uk>
Date: Sat, 23 Mar 2013 18:03:01 +0000
Hi Marck, You have two options: 1 - Use encrypted email 2 - Use the built in PDF Signing capability within Acrobat (or other PDF writer/reader) The first option does not rely on any capability of the document software to validate the document but you could certainly sign and encrypt email and this would solve the problem. I would not recommend this as setting up an encrypted email system has all sorts of other issues. The second option is more than suitable. Check out http://helpx.adobe.com/acrobat/kb/certificate-signatures.html [1] for more information. In this scenario you would have your document signing certificate signed by your internal CA hierarchy. Then using the certificate and private key you would sign your PDFs using your chosen PDF writing software. To ensure that your users could validate the signature on the PDF you should install root and intermediate CA (if you have one) certificate into the users certificate store (CAPI store in Windows). Then when one of your users receives a PDF they can validate it. Now you can do the same thing with Office (http://office.microsoft.com/en-gb/excel-help/add-or-remove-a-digital-signature-in-office-documents-HA010099768.aspx). [2] I don't see that you need any other software or any cloud service. You can do everything you need with the tools you all ready have. I hope this helps. Cheers, Matt On Sat 23/03/13 13:49 , "marck e." marck.ernest () gmail com sent: Thanks for the link.I checked Microsoft RMS site, it aims to solve document protection problema.However I can't see -correct me if wrong- how it solves digital signature+digital encryption of documents. I need something like a app installed on client workstation (say, User A) that uses a certificate issued by our internal CA to sign the document (PDF,DOC,XLS) and send that document to User B , who will validate identity of sender checking signature on the received document. I know this is the basic concept of any digital signature solution but all i find is this kind of applications based on cloud or applications that use self-issued certificates which can't be used for my purpose. i would appreciate If anyone has advice on this. M.e. On Fri, Mar 22, 2013 at 12:45 PM, Carlos Perez wrote:
if you are in a Windows Only env have you looked at RMS http://technet.microsoft.com/en-us/library/cc771627%28v%3Dws.10%29.aspx
[4]">http://technet.microsoft.com/en-us/library/cc771627(v=ws.10).aspx
On Mar 22, 2013, at 12:09 PM, - wrote: Hi, Have a look here: http://joinup.ec.europa.eu/software/sd-dss/home
[6]">http://joinup.ec.europa.eu/software/sd-dss/home
It's a set of java modules/libraries (and a webapp) that offer a full implementation of CAdES, PAdES and XAdES signature creation and
verification
(with integrity and revocation checks). It also supports ECDSA algos, PADES-LTV formats,,....and even if intially it's a bit complex to use
it
works well. It's an project funded by the EU commission released under GPL license
and
also the sources are available. BR, D. On Fri, Mar 22, 2013 at 3:50 PM, marck e. wrote:Hi there. I've been tasked to look for a solution to digitally sign PDF documents.This solution would have to validate document signer identity with a certificate which would be issued by a Internal CA (we think Microsoft Certificate Services would do well). Almost every digital signing solution focus on cloud-based PKI infrastructure and I find almost no documentation for integrating internal PKI server with a on-premise software to digitally signing software. Can anyone provide insight about this particular scenario? Thanks M.E _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com [8] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
[9]">http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com [10]">http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com [11] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
[12]">http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com [13]">http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com [14] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
[15]">http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com [16]">http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com [17] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [18]">http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com [19]">http://pauldotcom.com Links: ------ [1] http://helpx.adobe.com/acrobat/kb/certificate-signatures.html [2] http://office.microsoft.com/en-gb/excel-help/add-or-remove-a-digital-signature-in-office-documents-HA010099768.aspx). [3] mailto:carlos_perez () darkoperator com [4] http://technet.microsoft.com/en-us/library/cc771627%28v%3Dws.10%29.aspx [5] mailto:mongiosan () gmail com [6] http://joinup.ec.europa.eu/software/sd-dss/home [7] mailto:marck.ernest () gmail com [8] mailto:Pauldotcom () mail pauldotcom com [9] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [10] http://pauldotcom.com [11] mailto:Pauldotcom () mail pauldotcom com [12] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [13] http://pauldotcom.com [14] mailto:Pauldotcom () mail pauldotcom com [15] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [16] http://pauldotcom.com [17] mailto:Pauldotcom () mail pauldotcom com [18] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [19] http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Digital Signature with internal CA marck e. (Mar 22)
- Re: Digital Signature with internal CA - (Mar 22)
- Re: Digital Signature with internal CA Carlos Perez (Mar 22)
- Re: Digital Signature with internal CA marck e. (Mar 23)
- Re: Digital Signature with internal CA Carlos Perez (Mar 22)
- <Possible follow-ups>
- Re: Digital Signature with internal CA Matt Summers (Mar 22)
- Re: Digital Signature with internal CA Matt Summers (Mar 23)
- Re: Digital Signature with internal CA Herndon Elliott (Mar 24)
- Re: Digital Signature with internal CA - (Mar 22)