Log of #ghostscript at irc.freenode.net.

 <<<Back 1 day (to 2020/08/02)Fwd 1 day (to 2020/08/04) >>>20200803 
hyper_ch2 hi there, I know I'm wrong here but I don't know where else to ask: how can I insert the responst from a timestamp server into a pdf, so that viewers like acrobat reader will show that timestamp?14:37.14 
Robin_Watts hyper_ch2: You'd need to add it as an annotation, I guess.14:42.40 
  Although, I don't really understand what you're asking.14:42.58 
chrisl hyper_ch2: Or do you mean creation date and/or modification date metadata?14:43.09 
Robin_Watts You want to be able to take an existing PDF, and just add a visible timestamp to it?14:43.23 
  or you want to 'alter' a timestamp (creation or modification or something) within a PDF so that Acrobat can display it in some sort of documentation information window?14:44.03 
  (I dunno if Acrobat has such a window, but it might have something to display document metadata)14:44.28 
kens You can display document metadata, and the creation date and modification date are in there.14:44.56 
  But altering the document metadata is kind of bad14:45.04 
  You might not unreasonably make it the modification date I suppose, since you'll be modifying the PDF after creation14:45.47 
hyper_ch2 no, adding a digital signature and a timestamp form a timestamp server14:45.52 
Robin_Watts Ah, buring the lead :)14:46.13 
kens Be careful with 'digital signature' that has a specific meaning in PDF14:46.17 
  hyper_ch2: I'm still not clear on exactly what you want to do14:46.40 
Robin_Watts Are you saying you want to be able to digitally (cryptographically) sign a PDF?14:47.01 
hyper_ch2 bascially create a timestamp request for a document, ask an accredited timestamp server for a reply to my request, attach that reply to a pdf.... in acrobat reader (and other tools) "digitally signed by timestamp server.....)14:47.06 
kens DO you want to:14:47.15 
  1) sign the PDF file with a PDF digiatl signature and14:47.15 
  2) alter teh creation date in the document metadata14:47.15 
  OK so sounds like you want to add an annotation14:47.33 
Robin_Watts kens: I was reading it the other way :)14:47.47 
kens Hmmm14:47.52 
  Well many tools won't even show you the creation date, Ghostscript won't for example14:48.04 
hyper_ch2 creation date is irrelevant14:48.14 
  you can set anything you want there14:48.19 
  that's why you need a timestamp server14:48.24 
  it will sign your request which is the hash of the file14:48.35 
Robin_Watts hyper_ch2: Is your intention that this should be a cryptographically secure thing?14:48.45 
hyper_ch2 that way you can show a document has existed at that point in time and wasn't tampered with14:48.53 
  Robin_Watts, yes14:48.56 
kens hyper_ch2: if you change the PDF rile it will have a different hash14:49.06 
hyper_ch2 openssl ts -query -data file.pdf -no_nonce -sha512 -cert -out file.tsq14:49.14 
Robin_Watts hyper_ch2: Right, so mechanisms exist within PDF to allow for cryptographic signing, but it sounds like you're asking for something else.14:49.32 
hyper_ch2 curl -H "Content-Type: application/timestamp-query" --data-binary '@file.tsq' http://tsa.pki.admin.ch/tsa > file.tsr14:49.35 
  now I have the timestamp server reply as file.tsr and need to add it somehow14:49.52 
Robin_Watts Suppose I have foo.pdf now, and want to 'sign' that using your mechanism.14:50.12 
  You can generate a hash for foo.pdf, and get your timestamp server to give you a 'reply' based upon that information.14:50.42 
  But when you put that reply into the PDF, you'll alter the hash of the file.14:51.03 
hyper_ch2 there's a special way on how to do that with pdfs and I haven't been lucky to find out how14:51.29 
  been googling all day14:51.37 
kens THis is what Robin_Watts was referring to earlier, you can 'digitally sign' a PDF file14:51.59 
Robin_Watts You could do that using an incremental update to the file, whereby the increment would basically say "the non-updated version of this file existed at time t..." etc.14:52.00 
hyper_ch2 there seems to be some kind of "signature" section in a pdf and you need to hash everything before that14:52.14 
Robin_Watts hyper_ch2: Hold on...14:52.23 
kens Its more complicated than that, see chapter 8 of the PDF 1.7 reference manual14:52.36 
hyper_ch2 the reason is: I used to use a software provided by the governement14:52.38 
Robin_Watts There is a mechanism within PDF where you can have a 'form' with various fields.14:52.51 
hyper_ch2 but it stopped working and isn't being maintainted anymore14:52.52 
  and now I'm looking for an alternate solution14:53.05 
  I signed all important documents that way14:53.14 
Robin_Watts One of those fields (or one of those types of fields rather) can be a digital signature field.14:53.16 
  You can 'sign' such a document by putting a digital signature into that field. That signature will, as you say, certify that the document was in a certain state at the point it was signed (and that will include a hash etc).14:54.11 
  The standard way of working doesn't involve a timestamp server.14:55.01 
hyper_ch2 well, an accredited timestamp server is important14:55.17 
Robin_Watts And you can only sign documents in this way that have the forms in.14:55.25 
kens Robin_Watts: I don't think you need a for14:56.03 
hyper_ch2 thanks for the pointer with the pdf reference manual14:56.24 
Robin_Watts I think you do, cos otherwise you have nowhere to put the digital signature.14:56.36 
kens Section 8,7 suggests that you can use pretty much anything as teh signature information14:56.40 
  It goes in a signature dictionary, though to be fair I haven't found out where that is refrenced from14:57.07 
hyper_ch2 section 8, 7? I find signatures in 12.814:57.25 
kens MDP signatures don't xseem to require a form14:57.41 
  Oh good grief, don't use the ISO spec unless you need version 214:58.08 
Robin_Watts kens: When you CREATE a document, you can sign it to say that someone created it in such and such a state.14:58.20 
hyper_ch2 I searched for pdf reference manual 1.7 and that came up14:58.26 
Robin_Watts when you come to sign an already created document, you need a signature field to insert stuff into.14:58.36 
kens hyper_ch2: look for the Adobe one, its easier to use14:58.54 
Robin_Watts (Such is my memory of it anyway, dating from about 6 months ago, when I was doing all this stuff with mupdf)14:59.02 
  hyper_ch2: https://ghostscript.com/~robin/pdf_reference17.pdf14:59.36 
hyper_ch2 ah, found it14:59.37 
kens Robin_Watts: Well section 8.7 says the permissions dictionary may contain a DocMDP dictionary which may contain a signature14:59.44 
hyper_ch2 I'll have a look at it... my wife will soon be here14:59.57 
kens The Perms entry is referenced from teh document Catalog, so it doesn't need a form15:00.21 
  hyper_ch2: to be clear, you can't do *any* of this with Ghostscript, you may be able to do some or all of it with MuPDF15:00.41 
Robin_Watts kens: yeah, so put there at creation time.15:01.01 
kens Why can't you modify the file to add a Perms and/or DocMDP ?15:01.31 
  Not that I know anything about signatures really :-)15:02.16 
Robin_Watts Can't be done with Acrobat or MuPDF. There may be a technical reason why too.15:02.35 
kens Oh I've no doubt you can't with Acrobat15:02.50 
  But then you can't make a dashed cloud annotation with Acrobat either :-)15:03.06 
hyper_ch2 preferrebly I'd achieve it with bash ;)15:03.19 
kens You won't be able to do it with a shell script I wouldn't think15:03.33 
  You're going to need to modify a binsty file which has offszets stored within it, which will need to be identified and modified15:03.57 
Robin_Watts hyper_ch2: This is hard stuff. If you can do it at all, I reckon a mutool run script may be the best way.15:04.04 
kens This is definitely non-trivial stuff to do15:04.10 
hyper_ch2 and it seemed to easy to query timestamp server and the reply15:04.31 
Robin_Watts kens: Nooo... you definitely want to do it through an API. You don't want to be fiddling in the file yourself.15:04.35 
kens I agree, I was justr trying to point out why it wasn't going to be easy15:04.57 
Robin_Watts hyper_ch2: I suspect it's possible to do SOMETHING using the mupdf API. Whether that's by coding in C or java or python or javascript is up to you.15:05.22 
hyper_ch2 never used mupdf15:05.36 
  pdftk and ghostscript has been my go to for all pdf relatd stuff15:05.53 
Robin_Watts but it's not going to be a simple "sign this with this" utility at the moment.15:05.55 
hyper_ch2 this also looks interesting https://www.adobe.com/devnet-docs/etk_deprecated/tools/DigSig/Acrobat_DigitalSignatures_in_PDF.pdf15:06.53 
  gotta go now15:09.41 
 <<<Back 1 day (to 2020/08/02)Forward 1 day (to 2020/08/04)>>> 
ghostscript.com #mupdf