...but, at least it has helped to define the problem. Now, you need to create a bug report to catch the eye of a developer. It does seem that it should be simpler. At least setting passwords seems easy enough, although, I haven't tried cracking one with qpdf or crack.
On Wed, Dec 2, 2015 at 12:28 AM, Fulano Diego Perez < fulanope...@cryptolab.net> wrote: > FYI below and i would like to make a couple of proposals > > currently, this seems to work when exporting from writer: > > * non PDF A/1a > * CA cert signed signature > * timestamped with non http AUTH based timestamp server > > this produces a PDF: > > sha1 hashed > document restrictions summary, not allowed: > > changing the document > document assembly > > suggest these needs to be looked into in terms of: > > when signing/timestamping within Acrobat, and locking the document, > causes the following restrictions _in addition_ to above: > > commenting > filling of form fields > signing of form fields > creation of template pages > > once a PDF is signed, there should be an option to enable/disable future > signing > > once it's timestamped, no further changes should be allowed, it should > be 'locked' similarly to how Acrobat changes restrictions > > no idea what is/is not possible in terms of doing this outside of > Acrobat but an sha256 hashed doc should be considered do-able (default > in Acrobat with recent updates) > > > > -------- Forwarded Message -------- > Subject: RE: [tdf-discuss] LO 5 PDF export sign/timestamp > Date: Tue, 1 Dec 2015 12:18:01 -0600 > From: DigiStamp Support <supp...@digistamp.com> > Organisation: DigiStamp Inc. > To: 'Fulano Diego Perez' <fulanope...@cryptolab.net> > CC: 'Richard' <richard.h...@gmail.com> > > We appreciate your forwarding the information below. > > Note, you have the option of making a TSA request to DigiStamp and > skipping HTTP authentication and instead do authentication based on the > client's IP Address. This would allow you to test a DigiStamp timestamp > without AUTH. > > To use IP address authentication: > Configure your account here: > https://www.digistamp.com/account/view/authentication > Then send your request to address: https://www.digistamp.com/ipauth/tsa > > Or, using the DigiStamp test environment: > https://supporttest.digistamp.com/account/view/authentication > and: http://supporttest.digistamp.com/ipauth/tsa > > > -----Original Message----- > From: Fulano Diego Perez [mailto:fulanope...@cryptolab.net] > Sent: Monday, November 30, 2015 23:51 > To: discuss@documentfoundation.org > Cc: Richard <richard.h...@gmail.com> > Subject: Re: [tdf-discuss] LO 5 PDF export sign/timestamp > > short update > > i can confirm that this fails when exporting to PDF A/1a format > > i tried FDF and PDF submit format > > however, the following worked: > > *the free TSA https://tsa.safecreative.org > > *sign per usual CA cert > > > i then tried again to sign a non PDF A/1a with a timestamp server which > requires AUTH > > that failed again, did not prompt for credentials, PDF generation failed > > > > > > > Fulano Diego Perez: > > Hi, > > > > try these 2 > > > > https://www.comodo.com/home/email-security/free-email-certificate.php > > > > https://www.startssl.com/?app=1 > > > > i use paid timestamp service > > > > digistamp.com > > > > would be good to hear your experiences > > > > > > > > Richard: > >> Morning Diego, > >> I'm running 5.1.0.0.alpha1 but have 5.0.3.2-2 on another. > >> Point me to a link to create a certificate to sign with. > >> I've never tried to apply a timestamp to pdf. > >> Saludos. > >> > >> On Fri, Nov 27, 2015 at 1:45 AM, Fulano Diego Perez < > >> fulanope...@cryptolab.net> wrote: > >> > >>> > >>> Can anybody confirm the following work using: > >>> > >>> Writer Version: 1:5.0.3~rc2-1+b2 > >>> debian stretch amd64 > >>> > >>> *timestamp an ODF document exported to pdf where a http(s) timestamp > >>> server requires authentication? > >>> > >>> *ibid + sign the pdf with a commercial CA cert? > >>> > >>> *only sign a pdf with a commercial CA cert that does not produce a > >>> pdf altered after signing? > >>> > >>> please confirm how you did it........ > >>> > >>> > >>> > >>>> > >>>> > >>>> > >>>> hello > >>>> > >>>> anybody had luck time stamping a PDF exported from libreoffice 5? > >>>> > >>>> i tried on debian/stretch 5.0.2-1 with no useful error output > >>>> > >>>> the export process doesn't prompt for TSA credentials > >>>> > >>>> then, signing just with a CA valid cert works, but opening the PDF > >>>> in a windows acrobat or reader shows a modification warning after > >>>> signing > >>>> > >>>> does not seem thorough yet in the new libreoffice > >>>> > >>> > >>> -- > >>> To unsubscribe e-mail to: discuss+unsubscr...@documentfoundation.org > >>> Problems? > >>> http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe > >>> / Posting guidelines + more: > >>> http://wiki.documentfoundation.org/Netiquette > >>> List archive: > >>> http://listarchives.documentfoundation.org/www/discuss/ > >>> All messages sent to this list will be publicly archived and cannot > >>> be deleted > >>> > >> > > > > > > > > -- > To unsubscribe e-mail to: discuss+unsubscr...@documentfoundation.org > Problems? > http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ > Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette > List archive: http://listarchives.documentfoundation.org/www/discuss/ > All messages sent to this list will be publicly archived and cannot be > deleted > -- To unsubscribe e-mail to: discuss+unsubscr...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
