Open nichierichetti opened 1 year ago
williamdes
commented
1 year ago Can you open a PR for it? Not sure it will be accepted since tcpdf is in maintenance mode but it's worth contributing it back and having reviews Maybe have a look to #617 it may be related
nichierichetti
commented
1 year ago @williamdes sadly I don't know how to handle it. It was just a proposal, but I have no idea how to solve it at the moment :/
williamdes
commented
1 year ago Okay, do you use git? If not post here your files or changes and I will try to make a pull-request for them if I find time
pr-apes
commented
1 year ago @nichierichetti,
just in case it might help, allow me some comments.
I'm not a TCPDF user (but I have received PDF documents generated with TCPDF and they are problematic).
To your first issue, from the received PDF document metatada (which I cannot share):
Created: 20/10/2023 11:30:44
Modified: 20/10/2023 11:30:44
PDF Producer: TCPDF 6.4.4 (http://www.tcpdf.org)
PDF Version: 1.7Also https://tcpdf.org/files/examples/example_052.pdf seems to be PDF-1.7.
Sorry, but what you mean is that TCPDF does allow you to sign source documents up to version 1.4, don't you?
To your second issue, the requirement seems to be found on the first part of the PAdES specification and its second part (this is just for reference).
If I'm not wrong, TCPDF only provides a certification signature. According to the freely-accessible PDF specification, PDF documents may contain the following signature types:
Multiple signatures would require that signatures are approval signatures (the standard ones for the rest of us).
For some reason (unknown to me), @nicolaasuni seems to have explicitly avoided this.
For me, a single signature would be fine, but the problem is that the certification signatures generated by TCPDF cannot be correctly validated by Acrobat.
@williamdes, would you be so kind to check what might be wrong with #234?
Sorry, PHP is unknown to me and this is also the first time I'm confronted with a certification signature.
Many thanks for your help.
williamdes
commented
10 months ago Hi @pr-apes Thank you for this nice summary
@williamdes, would you be so kind to check what might be wrong with https://github.com/tecnickcom/TCPDF/issues/234?
I have very limited time nowdays, I can not search this subject. Maybe other users can do it
pr-apes
commented
10 months ago Hi @williamdes,
on further inspection, the PDF document that originated the report may have an issue with the signing certificate (there may be no issue with TCPDF).
But I have received a PDF document with undecidable validity for the certificate hierarchy, which I suspect it might be caused by the way TCPDF is writing the signature (I'm afraid I cannot share that document).
Maybe, a way to test the undecidable validity of certificates would be to generate a root certificate and another certificate signed by the first.
I will have to learn how generate both certificates, but I don't have access to any version of TCPDF. I cannot install it either.
If I provide both root and signing certificate, could you use them to sign with current TCPDF?
Many thanks for your help and best wishes for 2024.
pr-apes
commented
7 months ago @williamdes,
as already mentioned in https://github.com/tecnickcom/TCPDF/issues/234#issuecomment-2022613085, my previous comment makes no sense.
Certification signatures are fine (in regard to #234), although they are extremely tricky.
@nichierichetti,
please consider implementing just approval signatures, since they are way more usable for the rest of us.
I don't mean it in TCPDF, but in the new project (sorry, I cannot check its name now).
Many thanks for your help and your code.
I managed to built up a system to digitally sign documents using TCPDF, and it works great!
The problem is that:
it would be great if this could be implemented, as TCPDF is basically the only remaining free library that allows digital signature!