Home » forums » Imported debian.org Mailing Lists » Debian User

FLOSS support for signed PDFs

Tags:

Hi,

A financial institution refused to enable electronic delivery unless it
detected Acrobat Reader installed on my system. When I challenged it
on this, mentioning that I use non-proprietary apps for PDF reading,
the response was as follows:

> Due to the security placed on certain items, such as our online
> statements, the Adobe Acrobat Reader is required to sign up for the
> paperless services. [Our] statements are created using Adobe
> Acrobat software and a digital signature is added for security purposes.
> As the Adobe Acrobat Reader is currently the only PDF reader that fully
> supports digitally signed PDF files, this software is required to ensure
> that the document is genuine.
>
> We regret any inconvenience caused because the Adobe Acrobat Reader is
> required, and we appreciate that you contacted us for additional
> information. We do take customer feedback seriously, and your comments
> have been passed on to the proper parties for review when determining
> how we can best update our services in the future.

Is there really no FLOSS app that can handle PDF signatures? I suppose
the institution could use PGP or some other better supported
technology, but as long as they choose to use Acrobat's solution, do I
really have no choice?

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

--

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Newsvine
  • Furl
  • Google
  • Yahoo
  • Technorati
0
‹ URGENT: Intel Corporation Q963/Q965 : xorg problem Printer setup problem in Etch ›

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

FLOSS support for signed PDFs

Submitted by Ron Johnson on Sun, 2007-09-30 19:00.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/30/07 16:52, Celejar wrote:
> Hi,
>
> A financial institution refused to enable electronic delivery unless it
> detected Acrobat Reader installed on my system. When I challenged it
> on this, mentioning that I use non-proprietary apps for PDF reading,
> the response was as follows:
>
>> Due to the security placed on certain items, such as our online
>> statements, the Adobe Acrobat Reader is required to sign up for the
>> paperless services. [Our] statements are created using Adobe
>> Acrobat software and a digital signature is added for security purposes.
>> As the Adobe Acrobat Reader is currently the only PDF reader that fully
>> supports digitally signed PDF files, this software is required to ensure
>> that the document is genuine.
>>
>> We regret any inconvenience caused because the Adobe Acrobat Reader is
>> required, and we appreciate that you contacted us for additional
>> information. We do take customer feedback seriously, and your comments
>> have been passed on to the proper parties for review when determining
>> how we can best update our services in the future.
>
> Is there really no FLOSS app that can handle PDF signatures? I suppose
> the institution could use PGP or some other better supported
> technology, but as long as they choose to use Acrobat's solution, do I
> really have no choice?

Not at this time.

- --
Ron Johnson, Jr.
Jefferson LA USA

Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHAC7uS9HxQb37XmcRAnkiAKCuVwsXTbra4OLU+m8kN/WbfKajIQCgietH
bkkIFNtLnmVDWW8Tg1m1YQs=
=yPlC
-----END PGP SIGNATURE-----

--

»

FLOSS support for signed PDFs

Submitted by John Hasler on Sun, 2007-09-30 21:00.

Celejar writes:
> A financial institution refused to enable electronic delivery unless it
> detected Acrobat Reader installed on my system.

How are they doing this detection? Could you spoof it?

> [Our] statements are created using Adobe Acrobat software and a digital
> signature is added for security purposes. As the Adobe Acrobat Reader is
> currently the only PDF reader that fully supports digitally signed PDF
> files, this software is required to ensure that the document is genuine.

pdfinfo _might_ get you the signature if you want to verify it (but you'd
have to get their certificate somehow).

Or perhaps they are using PGP:

This looks interesting:

--
John Hasler

--

»

FLOSS support for signed PDFs

Submitted by celejar on Mon, 2007-10-01 13:00.

On Sun, 30 Sep 2007 20:01:01 -0500
John Hasler wrote:

> Celejar writes:
> > A financial institution refused to enable electronic delivery unless it
> > detected Acrobat Reader installed on my system.
>
> How are they doing this detection? Could you spoof it?

I don't know.

> > [Our] statements are created using Adobe Acrobat software and a digital
> > signature is added for security purposes. As the Adobe Acrobat Reader is
> > currently the only PDF reader that fully supports digitally signed PDF
> > files, this software is required to ensure that the document is genuine.
>
>
>
> pdfinfo _might_ get you the signature if you want to verify it (but you'd
> have to get their certificate somehow).
>
> Or perhaps they are using PGP:
>
>
> This looks interesting:
>

Thanks for the links; I will take a look at them.

> John Hasler

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

--

»

FLOSS support for signed PDFs

Submitted by John Hasler on Mon, 2007-10-01 14:00.

I wrote:
> How are they doing this detection [of Acroread]?

Celejar writes:
> I don't know.

I suggest you concentrate your efforts on finding out (and publish your
results, of course). Once you can spoof their detection method you can get
them to send you the files which you should be able to read despite the
signature. Verifying the signature can come later.
--
John Hasler

--

»

FLOSS support for signed PDFs

Submitted by celejar on Tue, 2007-10-02 14:01.

On Mon, 01 Oct 2007 12:49:13 -0500
John Hasler wrote:

> I wrote:
> > How are they doing this detection [of Acroread]?
>
> Celejar writes:
> > I don't know.
>
> I suggest you concentrate your efforts on finding out (and publish your
> results, of course). Once you can spoof their detection method you can get
> them to send you the files which you should be able to read despite the
> signature. Verifying the signature can come later.

I installed the linux tarball (as a non-priveleged user, and to a
non-standard location under $HOME, to minimize pollution), and dropped
the plugin (nppdf.so) into $HOME/.mozilla/plugins (I'm using IW), which
was enough for the website to accept my system as having Acrobat
installed. I assume it was the plugin that did it, since I doubt there
were any heuristics that could have found the files I installed under
$HOME/some_location.

Oddly enough, when I try to download PDFs from the institution's site,
the plugin doesn't pick them up, although IW recognizes them as "PDF
documents", and "about:plugins" shows Acrobat as being installed. [IW
only offers to open the PDFs with the default app (Evince) or to save
them to disk].

pdfinfo gives:

> Producer: iText by lowagie.com (r1.02b;p128)
> CreationDate: Tue Oct 2 11:39:33 2007
> ModDate: Tue Oct 2 11:39:33 2007
> Tagged: no
> Pages: 4
> Encrypted: no
> Page size: 612 x 792 pts (letter)
> File size: 774826 bytes
> Optimized: no
> PDF version: 1.4

I haven't yet tried to open a downloaded PDF in Acrobat since I'm
reluctant to agree to the EULA.

> John Hasler

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

--

»

FLOSS support for signed PDFs

Submitted by Andrew Sackvill... on Tue, 2007-10-02 15:00.

On Tue, Oct 02, 2007 at 12:45:58PM -0400, Celejar wrote:
> On Mon, 01 Oct 2007 12:49:13 -0500
> John Hasler wrote:
>
> > I wrote:
> > > How are they doing this detection [of Acroread]?
> >
> > Celejar writes:
> > > I don't know.
> >
> > I suggest you concentrate your efforts on finding out (and publish your
> > results, of course). Once you can spoof their detection method you can get
> > them to send you the files which you should be able to read despite the
> > signature. Verifying the signature can come later.
>
> I installed the linux tarball (as a non-priveleged user, and to a
> non-standard location under $HOME, to minimize pollution), and dropped
> the plugin (nppdf.so) into $HOME/.mozilla/plugins (I'm using IW), which
> was enough for the website to accept my system as having Acrobat
> installed. I assume it was the plugin that did it, since I doubt there
> were any heuristics that could have found the files I installed under
> $HOME/some_location.
>
> Oddly enough, when I try to download PDFs from the institution's site,
> the plugin doesn't pick them up, although IW recognizes them as "PDF
> documents", and "about:plugins" shows Acrobat as being installed. [IW
> only offers to open the PDFs with the default app (Evince) or to save
> them to disk].
>
> pdfinfo gives:
>
> > Producer: iText by lowagie.com (r1.02b;p128)
> > CreationDate: Tue Oct 2 11:39:33 2007
> > ModDate: Tue Oct 2 11:39:33 2007
> > Tagged: no
> > Pages: 4
> > Encrypted: no

they're not encrypted, so can you open them with evince/xpdf? I'm not
sure what the problem is, I thought you were just trying to cross the
hurdle of getting them to allow d/l. Or do you need to confirm the
signatures?

A

»

FLOSS support for signed PDFs

Submitted by celejar on Tue, 2007-10-02 16:01.

On Tue, 2 Oct 2007 11:13:12 -0700
Andrew Sackville-West wrote:

> On Tue, Oct 02, 2007 at 12:45:58PM -0400, Celejar wrote:
> > On Mon, 01 Oct 2007 12:49:13 -0500
> > John Hasler wrote:
> >
> > > I wrote:
> > > > How are they doing this detection [of Acroread]?
> > >
> > > Celejar writes:
> > > > I don't know.
> > >
> > > I suggest you concentrate your efforts on finding out (and publish your
> > > results, of course). Once you can spoof their detection method you can get
> > > them to send you the files which you should be able to read despite the
> > > signature. Verifying the signature can come later.
> >
> > I installed the linux tarball (as a non-priveleged user, and to a
> > non-standard location under $HOME, to minimize pollution), and dropped
> > the plugin (nppdf.so) into $HOME/.mozilla/plugins (I'm using IW), which
> > was enough for the website to accept my system as having Acrobat
> > installed. I assume it was the plugin that did it, since I doubt there
> > were any heuristics that could have found the files I installed under
> > $HOME/some_location.
> >
> > Oddly enough, when I try to download PDFs from the institution's site,
> > the plugin doesn't pick them up, although IW recognizes them as "PDF
> > documents", and "about:plugins" shows Acrobat as being installed. [IW
> > only offers to open the PDFs with the default app (Evince) or to save
> > them to disk].
> >
> > pdfinfo gives:
> >
> > > Producer: iText by lowagie.com (r1.02b;p128)
> > > CreationDate: Tue Oct 2 11:39:33 2007
> > > ModDate: Tue Oct 2 11:39:33 2007
> > > Tagged: no
> > > Pages: 4
> > > Encrypted: no
>
> they're not encrypted, so can you open them with evince/xpdf? I'm not

Yes.

> sure what the problem is, I thought you were just trying to cross the
> hurdle of getting them to allow d/l. Or do you need to confirm the
> signatures?

The main hurdle was indeed getting it to just give me the PDFs, but if
they are indeed signed, I'd certainly like to be able to verify
the signatures, and I'm also just curious now as to why the plugin isn't
being called for these PDFs as it is for others.

> A

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

--

»

FLOSS support for signed PDFs

Submitted by Andrew Sackvill... on Tue, 2007-10-02 17:00.

On Tue, Oct 02, 2007 at 04:18:13PM -0400, Celejar wrote:
> On Tue, 2 Oct 2007 11:13:12 -0700
> Andrew Sackville-West wrote:
>
> > On Tue, Oct 02, 2007 at 12:45:58PM -0400, Celejar wrote:
> > >
> > > Oddly enough, when I try to download PDFs from the institution's site,
> > > the plugin doesn't pick them up, although IW recognizes them as "PDF
> > > documents", and "about:plugins" shows Acrobat as being installed. [IW
> > > only offers to open the PDFs with the default app (Evince) or to save
> > > them to disk].
> > >
> > > pdfinfo gives:
> > >
> > > > Producer: iText by lowagie.com (r1.02b;p128)
> > > > CreationDate: Tue Oct 2 11:39:33 2007
> > > > ModDate: Tue Oct 2 11:39:33 2007
> > > > Tagged: no
> > > > Pages: 4
> > > > Encrypted: no
> >
> > they're not encrypted, so can you open them with evince/xpdf? I'm not
>
> Yes.
>
> > sure what the problem is, I thought you were just trying to cross the
> > hurdle of getting them to allow d/l. Or do you need to confirm the
> > signatures?
>
> The main hurdle was indeed getting it to just give me the PDFs, but if
> they are indeed signed, I'd certainly like to be able to verify
> the signatures, and I'm also just curious now as to why the plugin isn't
> being called for these PDFs as it is for others.

with the binary in another location, maybe the plugin is failing and
control passes on to another mechanism within iceweasel. Try running
iceweasel from the command line (or check ~/.xsession-errors) to see
if anything pertinent shows up. also, I don't know how iceweasel
handles these things, but if there is a mime entry for .pdf that
points to evince, maybe those get called before the plugins? heck,
maybe the pluginb just doesn't work, too...

A

»

FLOSS support for signed PDFs

Submitted by celejar on Tue, 2007-10-02 21:00.

On Tue, 2 Oct 2007 14:26:14 -0700
Andrew Sackville-West wrote:

> On Tue, Oct 02, 2007 at 04:18:13PM -0400, Celejar wrote:
> > On Tue, 2 Oct 2007 11:13:12 -0700
> > Andrew Sackville-West wrote:
> >
> > > On Tue, Oct 02, 2007 at 12:45:58PM -0400, Celejar wrote:
> > > >
> > > > Oddly enough, when I try to download PDFs from the institution's site,
> > > > the plugin doesn't pick them up, although IW recognizes them as "PDF
> > > > documents", and "about:plugins" shows Acrobat as being installed. [IW
> > > > only offers to open the PDFs with the default app (Evince) or to save
> > > > them to disk].
> > > >
> > > > pdfinfo gives:
> > > >
> > > > > Producer: iText by lowagie.com (r1.02b;p128)
> > > > > CreationDate: Tue Oct 2 11:39:33 2007
> > > > > ModDate: Tue Oct 2 11:39:33 2007
> > > > > Tagged: no
> > > > > Pages: 4
> > > > > Encrypted: no
> > >
> > > they're not encrypted, so can you open them with evince/xpdf? I'm not
> >
> > Yes.
> >
> > > sure what the problem is, I thought you were just trying to cross the
> > > hurdle of getting them to allow d/l. Or do you need to confirm the
> > > signatures?
> >
> > The main hurdle was indeed getting it to just give me the PDFs, but if
> > they are indeed signed, I'd certainly like to be able to verify
> > the signatures, and I'm also just curious now as to why the plugin isn't
> > being called for these PDFs as it is for others.
>
> with the binary in another location, maybe the plugin is failing and
> control passes on to another mechanism within iceweasel. Try running
> iceweasel from the command line (or check ~/.xsession-errors) to see
> if anything pertinent shows up. also, I don't know how iceweasel
> handles these things, but if there is a mime entry for .pdf that
> points to evince, maybe those get called before the plugins? heck,
> maybe the pluginb just doesn't work, too...

The plugin is working; when I access a PDF at another site, the Acrobat
EULA comes up (and I decline). The other site's url ends in '.pdf',
while my FI's has some parameters after the filename; I don't know
whether that could have anything to do with it.

> A

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

--

»

FLOSS support for signed PDFs

Submitted by John Hasler on Tue, 2007-10-02 17:00.

Celejar writes:
> I installed the linux tarball (as a non-priveleged user, and to a
> non-standard location under $HOME, to minimize pollution), and dropped
> the plugin (nppdf.so) into $HOME/.mozilla/plugins (I'm using IW), which
> was enough for the website to accept my system as having Acrobat
> installed.

So the first thing that is needed for outfits like you bank is a plugin
that causes Firefox/Iceweasel to lie and say that Acroread is available.

> I haven't yet tried to open a downloaded PDF in Acrobat since I'm
> reluctant to agree to the EULA.

What happens when you open them with Evice or Xpdf? Should work.
--
John Hasler

--

»

FLOSS support for signed PDFs

Submitted by celejar on Tue, 2007-10-02 21:00.

On Tue, 02 Oct 2007 13:17:30 -0500
John Hasler wrote:

> Celejar writes:
> > I installed the linux tarball (as a non-priveleged user, and to a
> > non-standard location under $HOME, to minimize pollution), and dropped
> > the plugin (nppdf.so) into $HOME/.mozilla/plugins (I'm using IW), which
> > was enough for the website to accept my system as having Acrobat
> > installed.
>
> So the first thing that is needed for outfits like you bank is a plugin
> that causes Firefox/Iceweasel to lie and say that Acroread is available.
>
> > I haven't yet tried to open a downloaded PDF in Acrobat since I'm
> > reluctant to agree to the EULA.
>
> What happens when you open them with Evice or Xpdf? Should work.

It does indeed; I am just interested in a way to check the signature,
although I'm not actually sure that the statement I downloaded is
signed.

> John Hasler

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

--

»

FLOSS support for signed PDFs

Submitted by Kevin Mark on Mon, 2007-10-01 01:00.

On Sun, Sep 30, 2007 at 05:52:51PM -0400, Celejar wrote:
> Hi,
>
> Is there really no FLOSS app that can handle PDF signatures? I suppose
> the institution could use PGP or some other better supported
> technology, but as long as they choose to use Acrobat's solution, do I
> really have no choice?
>
Have you tried using a WINE with adobe? Or is it that you are looking
for a FLOSS solution?
-K
--
| .''`. == Debian GNU/Linux == | my web site: |
| : :' : The Universal |mysite.verizon.net/kevin.mark/|
| `. `' Operating System | go to counter.li.org and |
| `- http://www.debian.org/ | be counted! #238656 |
| my keyserver: subkeys.pgp.net | my NPO: cfsg.org |
|join the new debian-community.org to help Debian! |
|_______ Unless I ask to be CCd, assume I am subscribed _______|

--

»

FLOSS support for signed PDFs

Submitted by celejar on Mon, 2007-10-01 10:00.

On Mon, 1 Oct 2007 01:24:28 -0400
Kevin Mark wrote:

> On Sun, Sep 30, 2007 at 05:52:51PM -0400, Celejar wrote:
> > Hi,
> >
> > Is there really no FLOSS app that can handle PDF signatures? I suppose
> > the institution could use PGP or some other better supported
> > technology, but as long as they choose to use Acrobat's solution, do I
> > really have no choice?
> >
> Have you tried using a WINE with adobe? Or is it that you are looking
> for a FLOSS solution?

I don't think I'd need WINE; there's a Linux version of Reader
available [0]. But yes, I'd like a FLOSS solution.

[0]
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=unix

> -K

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

--

»

FLOSS support for signed PDFs

Submitted by celejar on Tue, 2007-10-02 21:00.

On Tue, 02 Oct 2007 05:36:58 +0530
Raj Kiran Grandhi wrote:

> > I wrote:
> >> How are they doing this detection [of Acroread]?
> >
> > Celejar writes:
> >> I don't know.
>
> I suspect they rely on internet explorer being the browser, install some
> sort of activex control and retrieve whatever information they can about
> the users' computer. (This can potentially include sensitive information)
>
> If it is not a requirement for you to deal with this particular
> financial institution, I recommend switching to someone else having
> better standards support (and inform the original institution about it
> and your reasons for the change).
>
> Otherwise, try the version of adobe reader that is available for linux,
> though I guess they won't be able to detect that it is installed if you
> access their site using linux. If this check for 'reader' is a one time
> process, you can probably try connecting to their site from a trusted
> windows machine with adobe reader installed, get through with the
> verification step and then continue your transactions from your normal
> machine.

The detection was apparently through the browser, as per my other posts
in this thread. Installing the linux Reader made them happy.

> HTH,
> rajkiran

Thanks,
Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

--

»

FLOSS support for signed PDFs

Submitted by celejar on Wed, 2007-10-03 10:00.

On Tue, 2 Oct 2007 10:50:58 -0700
Amit Uttamchandani wrote:

> Hey there,
>
> Just came across this small utility. It might help. Install 'pdftk' from aptitude or apt-get. I was using it this morning to combine pdf files. It has a 'decrypt' option. I am not sure if this is for passwords or it can work for the signed pdfs. Hopefully it works. Check it out.

I can't install pdftk due to a missing dependency. I'll try when it
gets resolved.

> Amit Uttamchandani

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator

--

»
Syndicate content