Blogroll
A great source of information for Lotus Domino administrators
Jeff Potts' excellent ECM/Portal blog
Lots of very useful Alfresco articles
Looking for web hosting? I have been using DreamHost for years and have found them to be reliable, inexpensive and very good at what they do! Click below to sign up, use promo code 'unorganized' to get a free domain registration and 10 bucks off your first year of hosting!
Software and Tech Software Development Alfresco PDF Toolkit - Digital Signatures
| Alfresco PDF Toolkit - Digital Signatures |
 |
 |
 |
| Written by Nathan McMinn | ||
| Tuesday, 12 October 2010 18:35 | ||
|
If you work with legal documents such as contracts, PDF document security is probably a part of your requirements. In previous releases of the Alfresco PDF Toolkit we have added text and image watermarks, document encryption and permission management. As of version 0.94, we can now add a basic digital signature capability to the list. Adobe PDF documents support a digital signature facility that uses a private key to add a verifiable signature to a document. This signing facility allows subsequent consumers to verify that the document was signed by a particular key, the trust chain of that key and whether or not the document has been modified since signing. Using iText, the Alfresco PDF Toolkit can take a JKS keystore stored in the Alfresco repository and use it to sign a PDF document. The signature can be applied as either a visible signature block or as an invisible signature. As usual, you can either download the AMP file (version 0.94) or grab the full source code from Google Code and build it yourself.
The simplest way to try this out is to create a self-signed certificate. This can be done using the "keytool" command line application that is bundled with the JDK. A full explanation of the keytool and certificate chains is outisde the scope of this article, so please read up on how certificates and keytool work before you implement this on any kind of scale. To generate a simple keystore that can be used to sign a document, run keytool with the following options:
Dont' forget to substitute your name, new keystore password and country. Answer any questions that keytool asks and you will have a "keystore.ks" file created. To use this file to sign your PDF documents, add the key to a space in Alfresco. I store mine in my home space, but anywhere will do. Once you have the keystore uploaded to Alfresco, create a space to receive incoming PDF documents and add a content rule that is triggered when PDF documents are added. When you are prompted to select the action, select "Sign PDF" from the list.
Next, set your signature action parameters. First, the signature can be applied as a visible or hidden signature. If you select visible, a small text block will appear showing the name, location and reason for the signature. The location and size of this block is configurable by using the signature X/Y coordinates (coordinates of the top left corner of the block), height and width. Next, use the node selector to select the keystore file that you wish to use to sign the document. You also have to provide the keystore password. This is the same password you used when you created the keystore. The signing reason and location can also be provided. The text that is provided here will show up in the signature block, if it is visible. Finally, select a destination space where the signed PDF will be stored.
Once all of the signature options are set, finish adding the rule. Any PDF documents that are placed into the space will now be signed with the provided key and options, and will be stored in the selected destination. With a self-signed certificate you will see a warning in Adobe Acrobat stating that the certificate chain cannot be validated. This is expected. If you need a fully validated chain, you can request a certificate from a CA and import it into the keystore that is used to sign the document. This simple signing action covers most of my needs, hopefully others will find it useful as well. As usual, feature requests and bug reports are welcome!
Enjoy! |
||
| Last Updated on Wednesday, 13 October 2010 09:38 |
About Me
My name is Nathan McMinn. I'm a software engineer, beer geek, wannabe adventurer and genuinely curious guy. Find me on Facebook, Linkedin or Twitter
Latest Comments
- Storing and Retrieving Images ...
Hi, Thanks for your tutorial. it suggestion really... - Alfresco PDF Toolkit - Digital...
It will be very useful, if at one go I can digital... - Integrating Alfresco Content i...
Hola estoy trabajando con el módulo de drupal CMIS... - Integrating Alfresco Content i...
Hola estoy trabajando con el módulo de drupal CMIS... - Calling Web Services from the ...
Nvm - resolved it - needed to restart browser for ...
Comments
When I try to create the rule, I can select the action, but then only see a list of input boxes with no titles in which to enter arguments. Rule cannot be saved.
Looking forward to it!
What doesn't work? How does it fail? Do you have any more information? "This does not work" isn't very helpful in diagnosing a problem.
Hmmm... I'm using Alfresco 3.4 and I don't see this option available on my rules. Has anyone already tested PDF-toolkit with the latest version of Alfresco?
I originally developed this against Alfresco 3.1.0. I am currently using it with 3.3.3.
That was the ticket. The same password for both the cert and the keystore. Good catch thanks.
My guess is, two passwords are need, keystore pass, and your private key pass, and there is only one field for password.
Maybe, just a maybe, you can try same password for keystore and key, see if it works
sorry, typo, i mean, "I DO want" :)
RSS feed for comments to this post.