Language

English
Digital Signature and Signing PDF Documents with Visual Mark Print E-mail
Written by myOltrans    Sunday, 01 March 2009 17:43    Last Updated on Wednesday, 15 July 2015 07:04

Digital signature allows you to sign different documents and transfer them electronically.

System - Ubuntu 8.10, Card Reader - Omnikey CardMan 6121-USB Dongle, Smart Card - Siemens CardOS V 4.3 B, SIM Card size.

Digital signature provider: Infonotary

InfoNotary is a Bulgarian digital signature provider. They provide thorough installation manuals for Windows, Linux, and Mac. Thanks to their excellent customer care service I succeeded to install and started signing documents.

Installation

1. Install Card Reader driver, in terminal run:

sudo apt-get install libccid

This will also install pcscd.

The library libccid supports only certificates with up to 1024 bytes key. If your certificate has 2048 bytes key you need to:

  • remove the description of  your card reader - open with text editor /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist and delete lines containing under title - with the text: ifdVendorID - 076b, ifdProductID - 6622, ifdFrendlyName - OmniKey CardMan 6121.
  • download the up-to-date Omnikey card driver and install it - extract the archive and copy the folder ifdokccid_lnx-3.5.1.bundle in to /usr/lib/pcsc/drivers/.
  • restart the pcsc deamon - sudo /etc/init.d/pcscd restart

2. Install Smard Card driver, in terminal run:

sudo apt-get install opensc

Note: Per instructions from InfoNotary, first, I installed Siemens driver. But after adding the PKCS#11 Module to Firefox, the latter does not want to start any more. InfoNotary adviced to install OpenSC and it worked as expected.

3. Check that your PC can see your card. Connect the Card Reader to you PC and run in terminal:

opensc-tool -l

This will list available card readers.

opensc-tool -n

This will list the name of your card:

CardOS M4

If your card is shown, then you can continue with setings.

Setting up Firefox

1. Add PKCS#11 Module. Open Edit/Preferences/Advanced/Encryption/Security Devices and click on Load  button. Click on Browse and find the /usr/lib/onepin-opensc-pkcs11.so and click OK. Log in using your signature password.

2. Add Certification Chain. Open Edit/Preferences/Advanced/Encryption/View Certificates/Authorities and click on Import button. Find the InotaryCertChain.p12 and click OK. Leave Password field empty and cklick OK to import. Go to Authorities tab, find InfoNotary PLC and set up the different classes:

  • i-Notary TrustPath Validated E-mail CA - select This certificate can identify mail users.
  • i-Notary Personal Q Sign CA - select This certificate can identify mail users.
  • i-Notary Company Q Sign CA - select This certificate can identify mail users.
  • i-Notary TrustPath Validate Domain CA - select This certificate can identify web sites.

3. Check your that your digital signature is recognized. Install InfoNotary Mozila Configurator Add-on and in Preferences click on Signature Test. If everything is OK you will see the notion: Signature is valid, certificate is correctly configured.

Setting up Evolution

1. Add PKCS#11 Module - ...

2. Add Certification Chain - ...

3. Check your settings - create new message, sign it and send it to yourself. You will see that the email is signed and you can read the signature information.

Signing Documents

1. Install Cryptonit:

sudo apt-get install cryptonit

Cryptonit - this program can digitally sign PDFs, but with no visual mark.

2. Add PKCS#11 Module - ...

3. Add Certification Chain - ...

4. Sign document - add it to the queue and sign. This will create a new file with extension .pcsc7 . If you will send your documents to Windows users you must rename the extension to .p7s or they will not be able to read the signature.

Signing PDF Documents with a Visual Mark

Signing with Adobe Reader

You can visually sign PDF documents with Adobe products. You need either Adobe Acrobat 8.0 or later and use it on Windows (never tested it under Wine) or extend the PDF document features for Adobe Reader in Acrobat Pro 8.0 or later and then sign it with AdobeReader for Linux.

1. Install acroreader:

sudo apt-get install acroreader

2. In order to make a pdf "reader enabled" you must have a Acrobat Professional 8.0 or later - open the file and from Advanced menu click on Extend Features in Adobe Reader. Now you can sign this PDF in Adobe Reader.

Signing with OpenSignPDF

OpenSignPDF is an open source program for Linux for visually signing PDF files. It is part of the Open Signature - an open source project for the digital signature of documents.

Installation

Download the opensignpdf_installer.jar file of OpenSignPDF installation files from OpenSignature at SourceForge.net.

Install Sun Java(TM) Development Kit (JDK), run in terminal:

sudo apt-get install sun-java6-jdk

Go to the folder where you downloaded the installation file and double click on it. This will install OpenSignPDF into your home directory.

To start OpenSignPDF run the sign.sh file in terminal:

cd /home/yourusername/OpenSignPDF && sh sign.sh

You can create a custom application launcher to ease opening the OpenSignPDF. Open text editor and open new file. Paste in to it the following code:

#!/bin/bash

cd /home/yourusername/OpenSignPDF && sh sign.sh

Save it to the root directory of the project as "runsign".

Right-click on the panel you want to add launcher to and click on Add to Panel and select Custom Application Launcher. Fill the Launcher Properties as following:

Type - Application

Name - OpenSignPDF

Command - /home/yourusername/OpenSignPDF/runsign

Comment - you can leave it empty

Now test the new launcher - click on it and OpenSignPDF should start.

Configuration

Save a copy of the root certificate of the authority that issued your signing certificate, rename it as CA.cer, and put it in the root directory of the project.

In text editor open Resources.properties file from the root directory of the project and edit default values as appropriate. At least you should edit default.cryptoki value. Put here the path to your PKCS#11 Module:

default.cryptoki=/usr/lib/onepin-opensc-pkcs11.so

You may also edit the default.timestampserver or if you will not use it, leave it empty so that you do not have to empty its field every time when signing a document.

Signing PDFs

Open OpenSignPDF, select the file to sign, enter your PIN, and click on SIGN button. A new file will be created in the same location of the original file begginning with the name of the original file and ending with ".firmato.pdf".

To put a signature into a specific field:

In the original document create a textbox and name it - signature1. Export the documents as PDF. Open OpenSignPDF and open the PDF to sign. Enter your PIN, select signature type Author, type the name of the textbox in the next field - signature1 and check the box With OpenOffice fields. Click SIGN button.

Putting Signature into a Specific Field

You can handle where the visual mark appears on the page. This can be done with OpenOffice.org.

Open the orginal file with one of the tools of OpenOffice.org before exporting it to PDF.

Enable the Form Controls toolba - View > Toolbars > Form Control.

Enabel the Design Mode, if it is disabled - click on the Design Mode On/Off button.

Click on Text Box button and draw the textbox where you want to see your digital signature.

Change the name of the Textbox to "signature" - right-click on the textbox and select Control. In the newly opened window in General tab enter the name of the textbox in the Name field. Close the Properties:Text Box window.

Export the file into PDF.

Open OpenSignPDF and upload the PDF. Enter your PIN, enter the name of the signature textbox into Name of Signature Field field and check With OpenOffice Fields option. Click on the Sign button.

 

So far i did not find any other way to visually sign a PDF document on Ubuntu. If you have any ideas, do not hesitate to share them with us. Thank you.


blog comments powered by Disqus
 

© Copyright 2008-2015 Oltrans. Translation Agency Recourse Portal.
All rights reserved. Various trademarks held by their respective owners.

Oltrans, 152, 6-ti septemvri Bul., Plovdiv 4000 Bulgaria
General Inquiries: (Bulgaria) +359 32 511 272 | skype: Oltrans.org My status