I have a Java EE app that needs to implement e-signing of PDF Files. The user needs to be able to click a link that will generate a PDF File based on data in the database and see the PDF in their browser. The use then needs to be able to "sign" the document using their private key stored on their smart card (which is plugged into a smart card reader on the PC that they're using). Users are using Windows 7 and JRE 1.6
I was hoping to use iText for the PDF generation, but it is unclear what solution I would use on the client-side for pulling information in from from the smart card and then for applying that information to sign the PDF and show the PDF as being signed (either showing the user's signature or updating the doc to say that it has been signed).
Has anyone done this before and has a solution?
It does not help reading a certificate from the smartcard, as you
need the private key.
You should not (and most often can not) read the private key from the smartcard
(that's the reason for using a smartcard)
To access the smartcard you need to interface one of the native
API's like plain PC/SC, PKCS#11 or CSP.
To do this from the browser you need either an ActiveX or an Applet.
Building this from scratch is very ambitious
Some critical information is:
- what reader
- what smartcard
- what browser
- what os
to select or develop a solution
We have a commercial product built using applet technology that does exactly what you requested (take a PDF, interface to the smartcard, sign the hash, insert the signature in any form supported by PDF, post the signed PDF). If you are interested, i will provide a contact.
Use PDF Studio. I had an issue with my CAC reader config.cfg file but after I deleted the "slot = 1" line it worked like a champ. My file now looks like this:
name = SunPKCS11
library = /usr/lib64/libcackey.so
For further info visit:
https://www.qoppa.com/pdfstudio/
Related
I want to replicate the core functionality of an e-signature software such as DocuSign, HelloSign or SignRequest.
Everything is clear to me, but I have a hard time understanding how does the software works itself. How does it render the boxes over the PDF, how does it place the signature over the PDF when I am done writing, how does that JS signature create a PDF on the server side?
How does these types of software work?
There is an abundance of technologies & tools available to develop such e-signature software. Let's take one example which is somewhat similar to the software you mentioned. The use-case to build such software can be realised using the front-end and back-end (server-side) technologies.
On the Client-side, you can use front end frameworks like Angular and React to develop an interface for the end-users using which they can upload the documents to the server-side. You can create signature block layouts and display them alongside the document.
Users can drop those blocks on specific locations and send the request for signing to the recipients. During the signing process, user details will be populated into the signature block and sent to the server for performing the signing process.
On the server side, the responsibility would be to take the appropriate information from the request and print/add those signature blocks to the document at the appropriate positions. On the server side, you need some library to process the documents for adding the signature blocks and signing the documents. If you're using java alongside the spring framework you can use pdfbox for doing such operations.
On server side the responisbility would be to take the appropriate information from the request and print/add those signature blocks to the document at the appropriate positions. On server side you needs some library to process the documents for adding the signature blocks and signing the documents. If you're using java alongside spring framework you can use pdfbox for doing such operations.
How does it render the boxes over the PDF, how does it place the
signature over the PDF when I am done writing, how does that JS
signature create a PDF on the server side?
The contract between client and server for the signature blocks could be a JSON object having the information about the coordinates where the request creator drops those blocks for recipients for signing. On the server side, you can manipulate the document to add those signature blocks at the mentioned coordinates in the request.
Currently I do this process:
I have pdf files I want to sign with a certificate that is installed in my PC
I do some checks about some data (not relevant) and if some conditions are fulfilled, I open the pdf file in the screen with a simple instruction like this:
FollowHyperlink (fichero_pdf_actual_temp)
And let windows10 deal with the application, it opens te file with acrobat reader and the user has it in his screen.
Then the user sees the pdf, signs manually with the installed certificate inside his pc with acrobat reader (inside acrobat going to tools, selecting certificates and signing, the saving) and that is pretty much all.
As often a lot of files have to be signed and I can do the needed checks myself with code (inside “normal” database tables, not relevant for the example) I wonder if there is some way to this signature with vba code.
Any orientation would be welcome. Even a partial idea that saves some "clicks" would be fine.
The certificate is provided by my company and asociated to my company email and user in the company network.
I am not an expert at all in this, but I hope the information is clear.
Thanks
my idea would be to use some commandline application like PDFSign CL and call it via
Shell "PDFSignCL.exe /src=""c:\temp\doc_in.pdf"" /profile=""MySignProfile"""
You can deploy the .exe alongside your application.
I have a client that wants to store large PDFs (>700MB) on SharePoint 2013. The problem is that viewing the PDF is currently requiring the entire PDF to be download before displaying the first page. I need the browser to display each page of the PDF as it downloads, a feature I believe Adobe calls "Fast Web View" or "Byte Streaming". Here is what I know:
"Fast Web View" is enabled on the PDF document in the Document Properties window.
I can verify that the PDF is "Linearized" by reading the ASCII content.
I have checked the PDF reading options from the PDF Accessibility.
The client has SharePoint 2013 on premise installed.
SharePoint's File Handling is set to permissive.
I have verified PDF is an AllowedInlinedownedMinme type of the Web Application.
Anything else I should check or configure?
It is not enough if the PDF files are linearized (technical term in PDF parlance) or optimized for fast web view (marketing term for that feature).
There need to be two conditions met before taking advantage of fast web view working for the end user:
The PDF viewer needs to be able to make use of the linearized/optimized PDF file features.
The PDF serving remote host (in this case SharePoint) needs to be properly configured to honor 'byte range requests' by the viewer, so downloading chunks of the PDF file may be delivered "out of order".
However,...
...I do not know if SharePoint servers in general do support the second requirement;
...if SharePoint is not the problem, you may want to check which PDF viewer is actually in use in that environment (test it with Adobe Reader -- that one takes advantage of linearized PDF features for sure).
See also this answer to a question from today, which gives a few more technical details:
How are PDF files able to be partially displayed while downloading?
A co-worker identified the problem after comparing the download from SharePoint to that of a working site using WireShark. The SharePoint site didn't include "Byte ranging" in the response headers. In order to enable that feature in SharePoint, you have to enable BlobCache. Beware, BlobCache is not supported in SharePoint foundations.
Is there another tool I can use for this?
I have to fill out a PDF that has pre-defined text fields and a spot where you can sign (but I think you need to do one of those PDF electronic signatures), and then click Submit to send the form.
However I only have Adobe Reader which doesn't allow for me to sign the document, and I don't think I can install software on this computer due to rights privileges being tight. What can I do?
You have two options:
Make your PDFs Reader-enabled. A PDF that is Reader-enabled is signed using a private key owned by Adobe. When Adobe Reader can validate that signature, it unlocks functionality in Adobe Reader that is usually available in Adobe Acrobat only. Making a document Reader-enabled is (obviously) only possible if you have Adobe software (Adobe Acrobat, Adobe LiveCycle ES). You won't find any third party software that can do this, because no third party has the right to use Adobe's private key.
Use a third party viewer that is able to edit form fields. For instance: http://jpedal.org, http://www.foxitsoftware.com/, http://www.nitropdf.com/
Disclaimer: it isn't clear what you mean by signing. In Europe, you need a private key (on a smart card, an USB token,...) to create a digital signature. In the US, people call any scribble a digital signature. Some viewers will allow you to add some hand-written signature, but in Europe that isn't considered being a legally binding digital signature.
Checkout services like Docusign. If I am not mistaken, Docusign lets you upload a PDF and sign it using just your browser. They do have a free trial option.
I am exporting a document as a PDF. It is kept on a publicly accessibly website so that any users can download and read it. Now I want to track this. e.g. "How many times the PDF got opened."
Note that my question is not to track while I download, we need to track when the PDF is opened. Is there any kind of script that is invoked when the PDF is opened so that Adobe Acrobat Reader sends the details to my server?
These are the details I would like:
IP
Date/Time
Possbilly GEO Location.
Yes, you can probably do this. PDF includes a Javascript API, which some (but not all) PDF readers implement. I'm only certain of Acrobat and Foxit Reader doing this, and it can be turned off in both, for security and privacy reasons. That said, it's probably your best shot.
I glanced through the Javascript for Acrobat API Reference, and it looks like you could register for the "Page/Open" event (page 368 in my copy), and on receiving the first one of those, make a Net.HTTP call (page 548) to a web server you're running. That will get you the date/time and the public IP of the client reading the document, from which you can get a geolocation using a service like GeoIP.
I'm not sure this is possible. Although PDF can execute Javascript, reader software is naturally paranoid about malware being embedded in "benign" documents, so the execution context is quite restricted, with warnings shown about possible dangerous activity.
See previous SO question Can my PDF ping my server when it is opened?