问题描述
我对iText中的LTV感到困惑。我已经阅读了论文,讨论但有一点仍然不清楚。 LTV和文档时间戳之间有什么联系?或者更准确地说,如何在不使用时间戳的情况下启用pdf LTV?
我肯定知道,要制作支持LTV的文档,我不需要时间戳。我尝试在acrobat中签署带有数字证书的文档,打开时说文档已启用LTV,我没有使用任何时间戳。
在Adobe Reader中启用LTV
我最后一次看到Adobe并没有在技术上公开定义启用LTV的含义。
Adobe的PDF传播者Leonard Rosenthol在今年1月的iText邮件列表中给出了这个定义:
已被澄清为
但是
他指出其中一个Adobe工程师
添加LTV信息在iText中
另一方面,使用iText添加LTV信息是尝试将此类信息添加到缺少所需信息的签名文档中。
虽然缺少Adobe的具体技术定义,但这基本上是一次尽力而为的尝试,而不是人们可以明确声称已经做过的事情。特别证明,添加这些信息的DSS部分规范的解释是不一致的。
也许Bruno可以报告当前的努力状态。
您的问题
文档时间戳和LTV信息最初是在相同的PAdES规范部分ETSI TS 102 778-4中定义的他们之间已经定义了乒乓球:
因此,有时假设每次添加DSS时,都必须添加文档时间戳。这反过来可能会引起一些鸡蛋问题,因为时间戳也与某些证书有关,可能需要额外的DSS信息。
正如伦纳德还写回来的那样1月份主题为启用LTV的DSS
因此回到你的问题,
为所有涉及的证书添加验证信息,但根证书除外,还包括验证信息中使用的证书。无论何时加盖时间戳,都要添加时间戳的验证信息。
I am confused about LTV in iText. I have read the paper, discussions but there is one thing still unclear. What is the connection between LTV and document timestamps? Or more precisely, how do I make pdf LTV enabled without using timestamps?One thing I know for sure, to make an LTV enabled document, I do not need timestamps. I tried signing a document with a digital certificate in acrobat and when opened it says the document is LTV enabled, I did not use any timestamp.
LTV enabled in Adobe Reader
The last time I looked Adobe had not publicly defined what they mean by "LTV enabled" technically.
Adobe's PDF evangelist Leonard Rosenthol gave this definition on the iText mailing list this January:
which has been clarified as
but as
he pointed out quoting one of the Adobe engineers
Adding LTV information in iText
Using iText to add LTV information, on the other hand, is an attempt to add such information to a signed document which misses the required information.
Missing a concrete technical definition by Adobe to go by, though, this essentially is a best effort attempt, not something one can definitively claim to have done. It especially turned out that the interpretation of the specification of the DSS sections to add these information was inconsistent.
Maybe Bruno can report the current state of the endeavor.
Your questions
Document time stamps and LTV information have initially been defined in the same PAdES specification part ETSI TS 102 778-4 and some ping-pong between them has been defined there:
Thus, it had been assumed sometimes that each time you add DSS you also have to add a document time stamp. This in turn may give rise to some hen-egg issue because the time stamp also relates to some certificate for which additional DSS information might be required.
As Leonard also wrote back in January on the topic of "DSS for LTV-enabled"
Thus, getting back to your questions,
Add validation information for all involved certificates except root certificates, also including certificates used in the validation information. And whenever you time stamp, add validation information for the time stamp, too.
这篇关于LTV和文档时间戳之间有什么联系?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!