How to implement digital signature - pdf

We are building a web application(Java). Could anybody help brief me what we need to realize the following business scenario ?
An user access our web site
He inputs some data
He generate a PDF file from the data he input and export it
He digitally sign this PDF file
He then upload this PDF file to our web site
The system can parse the PDF file to know who signed this file and be sure it is of integrity and Non-repudiation and to some post-processes.
My questions are:
What products/libraries(commercial or free opensource) should I need to implement the above ?
Do those products provide API for developers to programmatically operate the signing process and retrieve information from a signed documents ?
Is it a reasonable or proper way to do the digital signature in the above 3~5 steps ? could the user sign the data online in one step(e.g., without export a PDF file) ?

iText is a java library which, amongst other things, enables you to sign and verify signatures on pdf documents. This would enable your users to sign a pdf online. A good example of using iText for signing and verifying signatures in pdf documents can be found here
The library's licence is AGPL i.e. you need to release your software under AGPL or buy a commercial licence.
It used to be under the LGPL so you can work with iText 2.1.7 under the terms of LGPL and not need to buy a commercial licence.

If the data is located on the client, then your easiest option is to create a Java applet which will be executed in browser, and which will sign the data. Any data can be signed, and you don't need PDF just for signing. Generic binary data can be signed using PKCS#7/CMS format or using XMLDSig (less widespread option).
For signing data in Java applet you can use BouncyCastle or our SecureBlackbox (Java edition). BouncyCastle is open-source and SecureBlackbox comes with support, documentation and samples.

Related

How to setup an open source USB token for testing iText 7 digital signature feature?

So basically the feature is to digitally sign a PDF using a USB token.
Digitally signing code is present on Page 96 in this iText guide.
Also, this iText repo.
How can I setup an open source USB token on Mac OS for testing.
Would I have to buy any of the USB token which are compatible with OpenSC mentioned here?
Below link assumes that .so file is already present.
https://developers.yubico.com/YubiHSM2/Usage_Guides/OpenSSL_with_pkcs11_engine.html

Encrypt Adobe PDF On Client End

We're building an Adobe PDF form that will be downloaded from our website, filled out by clients, and then emailed back to us. We need each PDF sent back to us from email to be encrypted. And when we receive it on our end we need to use C# to read the decrypted PDF. I know there's a way for the user to add a password within the UI of Adobe PDF. Is there a way to add the password within the Adobe PDF code?
On the Adobe website the only options I can find are to use external tools or Adobe's cloud platform.

Should I keep my client_secret.json hidden from user?

I have created a desktop .NET C# application, which utilizes Google API (particularly Google Drive) through official .NET library and OAuth 2.0.
According to the official example, I use GoogleWebAuthorizationBroker with client_secret.json file, downloaded from the Google Developer Console for my project. It is stated in the docs that I should keep my developer's secret private (which seems logical to me), but in the following examples, it is saved to a plain file, which is copied to application build directory during build. So application user is able to open my file and grab my secret.
Question: should I place client_secret.json content in a protected place (like maybe just hardcode its values in the most naive case), or am I missing something and a plain file is not insecure in this case?

How to retrieve certificate and signature from app bundle in osx?

I would like to know how to read an app bundles signature and the certificate which comes with the signature. I have been using the codesign tool so far. However I would like to retrieve these information in a more programatic manner. In the man pages is written that the codesign tool is just a shell wrapper of the codes signing api. The Code Signing Guide in the apple developer library says that the signature itself is stored in the binary file. Now my question is how do I get these information from the binary file?
Ok I found a solution with the help of this post and the Security Transforms Programming Guide I am able to solve this problem.

Is It Possible to Sign a tiff file using CoSign

We are trying to sign a Tiff file using CoSign but it is showing error: "File is not supported".
Is it possible to Sign a Tiff using CoSign via web-agent API or via back-end.
Or please suggest if any alternate is there.
The CoSign Web Agent doesn't sign tiff files. It can be used to sign PDF, Word, and Excel files in their native formats. It can also automatically convert Word and Excel files to pdf format.
Tiff files can be signed via CoSign in any of three ways:
CoSign Signature API
Docs. This is a new API and there are some issues with the documentation. Please see other questions about this API and ask additional questions if you have a problem.
CoSign Signature SOAP API
Docs This API's Sign method can sign tiff files.
CoSign Signature Local API
Docs This is a Windows local API. It can also be used to sign tiff files.