LO 5 PDF export sign/timestamp
Version: 1:5.0.4~rc2-2
stretch amd64
i would like to make a couple of proposals
currently, this seems to work when exporting from writer:
* non PDF A/1a
* CA cert signed signature
* timestamped with non http AUTH based timestamp server
this produces a PDF:
sha1 hashed
document restrictions summary, not allowed:
changing the document
document assembly
i can't get a PDF A/1a timestamped, neither with a free timestamp server
https://tsa.safecreative.org/ nor one which requires http AUTH
a popup error window reports "PDF/A forbids transparency - a transparent
object was painted opaque instead"
< that seems like a warning only as a result of the green circle in
error window
but, signature generation fails when signing with a CA cert, and PDF
export aborts
does writer support AUTH to enter credentials over http[s]?
signing just with a CA valid cert does work to a non PDF A/1a, but
opening the PDF in a windows acrobat or reader shows a modification
warning after signing
suggest some things need to be looked into in terms of:
when signing/timestamping within Acrobat, and locking the document,
causes the following restrictions _in addition_ to above:
commenting
filling of form fields
signing of form fields
creation of template pages
once a PDF is signed, there should be an option to enable/disable future
signing
once it's timestamped, no further changes should be allowed, it should
be 'locked' similarly to how Acrobat changes restrictions
no idea what is/is not possible in terms of doing this outside of
Acrobat but an sha256 hashed doc should be considered do-able (default
in Acrobat with recent updates)
Reply to: