Digitally signing a PDF with the Cloud Signature Consortium
One of the unmistakable trends with digital signatures is the move towards network-based signing services. Signing remotely is not difficult - upload a hash, download a signature - so there has been a proliferation of these services from vendors. The BFO PDF Library has support for the API from GlobalSign (we've blogged about that here and here).
The Cloud Signature Consortium is, unsurprisingly, a consortium of cloud-based signature providers, and they have published a standard API which we hope will be adopted by vendors rather than rolling their own. BFO is not a member of this consortium but their API is public, and we've now written an implementation of it in Java
We've also made the decision to publish this API as open-source at
https://github.com/bfocom/netkeystore, for several
reasons: partly because as it presents as a standard java.security.KeyStore
it can be used with any Java
signing process, not just our PDF API, but also because with many vendors we antipate
this may grow beyond
something we want to maintain ourselves.
It's trivial to use: after creating a YAML configuration file describing your Cloud Signature Consortium-based key, signing simply looks like this
import com.bfo.netkeystore.client.NetProvider; import java.security.*; import java.io.*; import org.faceless.pdf2.*; Provider provider = new NetProvider(); provider.load(new FileInputStream("config.yaml")); KeyStore keystore = KeyStore.getInstance(NetProvider.KEYSTORE_TYPE, provider); keystore.load(null, password); PDF pdf = new PDF(new PDFReader(new FileInputStream("input.pdf"))); FormSignature sig = new FormSignature(); SignatureHandlerFactory sigfactory = new AcrobatSignatureHandlerFactory(); sig.sign(keystore, alias, password, sigfactory); pdf.getForm().getElements().put("Sig", sig); pdf.render(new FileOutputStream("signed.pdf"));
More details are at the project page: https://github.com/bfocom/netkeystore