Metadata in signature dictionary

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Metadata in signature dictionary

Petras

I have a question to PDF experts regarding placing metadata in signature dictionary.

 

Our national PDF-based electronic document specification defines metadata which may be included into signature dictionary. ISO 32000-1 section “14.3.2 Metadata Streams” states, that “Metadata, both for an entire document and for components within a document, may be stored in PDF streams called metadata streams”. Therefore as a component, signature dictionary may contain metadata entry. Section “7.3.8 Stream Objects” states, that “All streams shall be indirect objects”, but this requirement clashes with the requirement for signature dictionary entries in “12.8 Digital Signatures”, which states: "When a byte range digest is present, all values in the signature dictionary shall be direct objects."

 

I looked at the earlier (2014) draft of ISO 32000-2 and those requirements were not changed, probably this contradiction will remain unchanged in the final version.

 

Does that mean that metadata stream may not be included in signature dictionary?

 

Thank you in advance for any input.


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. http://sdm.link/zohodev2dev
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Metadata in signature dictionary

Leonard Rosenthol-3

That is correct – you cannot place a metadata stream in a Signature Dictionary.

 

Can you point us to this “national PDF-based electronic signature spec”?  Seems like it may not be valid…

 

From: Petras Petkus <[hidden email]>
Organization: UAB "Mit-Soft"
Reply-To: Post here <[hidden email]>
Date: Friday, August 12, 2016 at 7:41 AM
To: Post here <[hidden email]>
Subject: [iText-questions] Metadata in signature dictionary

 

I have a question to PDF experts regarding placing metadata in signature dictionary.

 

Our national PDF-based electronic document specification defines metadata which may be included into signature dictionary. ISO 32000-1 section “14.3.2 Metadata Streams” states, that “Metadata, both for an entire document and for components within a document, may be stored in PDF streams called metadata streams”. Therefore as a component, signature dictionary may contain metadata entry. Section “7.3.8 Stream Objects” states, that “All streams shall be indirect objects”, but this requirement clashes with the requirement for signature dictionary entries in “12.8 Digital Signatures”, which states: "When a byte range digest is present, all values in the signature dictionary shall be direct objects."

 

I looked at the earlier (2014) draft of ISO 32000-2 and those requirements were not changed, probably this contradiction will remain unchanged in the final version.

 

Does that mean that metadata stream may not be included in signature dictionary?

 

Thank you in advance for any input.


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. http://sdm.link/zohodev2dev
_______________________________________________
iText-questions mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/itext-questions

iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
mkl
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Metadata in signature dictionary

mkl
In reply to this post by Petras
Petras,
Petras wrote
Our national PDF-based electronic document specification defines metadata which may be included into signature dictionary.
Can you share (a link to) that specification, so we are sure what we are talking about? Given that there is an English version of that document, that is...

The national specification probably overrides certain parts of ISO 32000-1. This would not be a wise thing to do (interoperability-wise) but would not be unheard of either...

In the following text I answer in a way favoring ISO 32000-1 conformance.

ISO 32000-1 section "14.3.2 Metadata Streams" states, that "Metadata, both for an entire document and for components within a document, may be stored in PDF streams called metadata streams". Therefore as a component, signature dictionary may contain metadata entry.
Section "7.3.8 Stream Objects" states, that "All streams shall be indirect objects", but this requirement clashes with the requirement for signature dictionary entries in "12.8 Digital Signatures", which states: "When a byte range digest is present, all values in the signature dictionary shall be direct objects."
So you have essentially found all the relevant information yourself: The signature dictionary itself is not allowed to reference indirect objects. In particular, therefore, it is not allowed to reference metadata streams. Thus,

Does that mean that metadata stream may not be included in signature dictionary?
Indeed, no metadata stream can immediately be attached to a signature dictionary with a byte range digest (i.e. any interoperable signature dictionary) in a completely ISO 32000-1 conform way.

But the specification in section 14.3.2 also says "When there is ambiguity about exactly which stream or dictionary may bear the Metadata entry, the metadata shall be attached as close as possible to the object that actually stores the data resource described." As close as possible in the case at hand may be the signature field dictionary the signature dictionary is the value of.

Regards,

Michael

PS: You had better ask on stackoverflow tagging your question with pdf and digital-signature tags; this mailing list is pretty inactive...
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Metadata in signature dictionary

Petras
Thank you Leonard, thank you Michael for your responses, you confirmed my doubts.

In Lithuania we have specification "PDF-LT", here are links to English version of the document and its appendixes with technical details:
http://www.archyvai.lt/download/10484/pdf_lt_specification.doc
http://www.archyvai.lt/download/10483/pdf_lt_apend.doc

The appendixes document describes the technical details of the specification. Specification does not seek to override any part of ISO 32000-1 or ISO 19005-2. It defines new XMP metadata, adds few dictionary entries  with specific developer prefix "LTUd" registered by Adobe, defines restrictions for document content and requirements for signatures.

Section II in appendixes document defines optional metadata in XMP format that may be added to signature dictionary Metadata entry, which placement in signature dictionary raised my doubts about validity of such approach. There shouldn't be any other points in specification that would be conflicting with the standards. Specification defined document format being fully conformant to PDF/A-2 and signed with PAdES Baseline format signatures.

Entering of EU eIDAS Regulation into force and approval of the new PAdES Baseline signatures formats will require to make amendments into PDF-LT specification to be aligned with new EU requirements. Thus it will also be a good opportunity to resolve this issue with metadata in signature dictionary. I hope it won't be a big issue for current implementations, as specification was not widely endorsed since it has not been fully entered into force. Besides, those metadata were optional and included only in specific scenarios (when public institution registers a document).

To shift the metadata to signature field dictionary probably would be the best solution. I also considered this option. Once again, thank you for your responses.
mkl
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Metadata in signature dictionary

mkl
Petras wrote
In Lithuania we have specification "PDF-LT", here are links to English version of the document and its appendixes with technical details:
http://www.archyvai.lt/download/10484/pdf_lt_specification.doc
http://www.archyvai.lt/download/10483/pdf_lt_apend.doc
Thanks for sharing the document links. Good to know in advance what kind of documents and signatures one may have to get along with...

At first glance I couldn't spot any other issues either.

Regards,   Michael
Loading...