OpenESignForms / openesignforms

Open eSignForms is the first open source SaaS web contracting platform
https://open.esignforms.com
107 stars 50 forks source link

Allow PDF files exported from system to be digitally signed #73

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Create a transaction.
2. In reports/general tran search, find the transaction and click to bring up 
the details.
3. Download a document in PDF format.

What is the expected output? What do you see instead?
The PDF document should include a digital signature so it cannot be tampered 
with. The PDF currently has no digital signature.

Note that this isn't truly a defect in that the PDF is just an alternative 
format and the original is in fact digitally signed. But it would be nice if 
the PDFs also included a digital signature to prevent them from being modified 
outside of the system as well.

Original issue reported on code.google.com by yoz...@gmail.com on 28 Aug 2012 at 2:04

GoogleCodeExporter commented 9 years ago
Fixed in 12.8.29 release. All exported PDFs are not digitally signed using the 
self-signed cert associated with the deployment's signature keys. It's easy to 
accept the cert in Adobe Reader to avoid the "at least one signature is not 
valid" issue, but even with it, it still allows us to determine if the PDF is 
an original PDF created by Open eSignForms.

In Adobe Reader, if it shows the warning about the signature and you are sure 
you have a validly downloaded PDF from your deployment, you can accept the 
self-signed cert as follows:

1) Click on the Signature Panel button.
2) Open the "Rev1: Signed by..." link.
3) Open the "Signature details" link.
4) Click the "Certificate Details..." link.
5) Click the "Trust" tab.
6) Click the "Add to Trusted Identities" button.
Then click OK buttons until done.

Original comment by yoz...@gmail.com on 30 Aug 2012 at 11:48