![]() Since Letsencrypt requires certificate renewal every three months, there will be lots of fullchain.pem and privkey.pem files in the same directory and they are numbered. Once you have your Let's Encrypt certificates, this is the process to "misuse" them for signing documents: from the Let's Encrypt people themselves or from Digital Ocean). This is out-of-scope for this blog post, but there are several good tutorials (e.g. How to misuse the Letsencrypt certificateįirst, you need a web server, that uses Letsencrypt certificates to verify the web site identity. It can still be used, but it will display that it is not valid because it has expired (or is not valid yet). However, the maximum lifetime of such a certificate is 3 months, after which it becomes invalid. That is more than a self-signed certificate (and if the website is trusted, this is arguably also more than buying a subscription from DocuSign), but the re-purposed Letsencrypt certificate is not being trusted by Adobe since obviously the Letsencrypt endeavor was never meant for document signing ("Signer's identity is unknown because it has not been included in your list oif trusted certificates and none of its parent certificates are trusted certificats"). This signature certifies that the author of the document controls a specific website (in my case ). To increase the trust in the signing, one can use a Letsencrypt certificate for signing. Since you have no idea what viewer your target will use to display your signed PDF, you are anyway in a bad situation (even if you subscribe to a document signing service). the Chrome Browser's PDF viewer and Ubuntu's default PDF viewer Evince). Other PDF viewers will display the signature, but NOT indicate, that it is not trusted (e.g. the inbuilt PDF viewer from Firefox does not display anything). Interestingly many PDF Viewers do anyway ignore the signing (e.g. StartSSL used to give out free certificates, but they do not exist anymore (they were seriously challenged with their own security). There used to be, but to my knowledge, all browsers have removed the CAcert certificates and the same is likely true for Acrobat. Technically you can created your own signatures (self-signed certificates), but if such PDFs are viewed with Acrobat Reader, the signature will be flagged as invalid and the fact of self-signing is displayed. HelloSign (, now owned by DropBox) has also a free tier (allowing to sign 3 documents/month) and when signing, it embeds an invisible signature (which was invalid for some strange reason when I tested it even though HelloSign is in Adobe's approved trust list). ![]() DocuSign has a 30-day free trial, but I do not know whether the certificats that you generate during the trial with continue to be valid after the end of the trial. ![]() a PDF and you have no means or do not want to subscribe to one of the document-signing certificate service like DocuSign? Even with DocuSign's budget plan a single digital signing costs $2. ![]() So what do you do if you need to sign e.g. Anybody figured this out? Until somebody shows me how to sign with LibreOffice, I use the very good, but proprietary software PDFStudio to import my GPG keys and sign my PDF files. Ubuntu 19.10 has fixed at least the invokation of the key manager from LibreOffice and I can invoke SeaHorse from the document signing dialog, but I still have no clue how to make my gpg keys visible to LibreOffice. However one does it, something's not right. In fact, I still do not have a satisfactory way to do this. I am using the default Ubuntu 18.04 installation and it was quite an odyssey to get a document signed. The scdaemon gives smartcard support (which I do not have, but without the scdaemon the Kleopatra key manager refuses to run). Debian removed scdaemon from the gnupg2 package and as usual, one needs to be a command line ninja to fix this. This experience shows, that despite Edward Snowden most people do not proactively care about security and privacy. I still have to find the person that managed to digitally sign a LibreOffice document. When you belive the internet, document signing is inbuilt into LibreOffice. The whole story started when I tried to sign a LibreOffice document.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |