Alfresco PDF Toolkit - Digital Signatures Written by Nathan McMinn Tuesday, 12 October 2010 18:35 If you work with

legal documents such as contracts, PDF document security is probably a part of your requirements. In previous releases of the Alfresco PDF Toolkit we have added text and image watermarks, document encryption and permission management. As of version 0.94, we can now add a basic digital signature capability to the list. Adobe PDF documents support a digital signature facility that uses a private key to add a verifiable signature to a document. This signing facility allows subsequent consumers to verify that the document was signed by a particular key, the trust chain of that key and whether or not the document has been modified since signing. Using iText, the Alfresco PDF Toolkit can take a JKS keystore stored in the Alfresco repository and use it to sign a PDF document. The signature can be applied as either a visible signature block or as an invisible signature. As usual, you can either download the AMP file (version 0.94) or grab the full source code from Google Code and build it yourself. The simplest way to try this out is to create a self-signed certificate. This can be done using the "keytool" command line application that is bundled with the JDK. A full explanation of the keytool and certificate chains is outisde the scope of this article, so please read up on how certificates and keytool work before you implement this on any kind of scale. To generate a simple keystore that can be used to sign a document, run keytool with the following options: 1 keytool -genkey -keyalg RSA -alias "Your Name" -keypass yourpass -keystore keystore.ks -dname "cn=Your Name, c=US" Dont' forget to substitute your name, new keystore password and country. Answer any questions that keytool asks and you will have a "keystore.ks" file created. To use this file to sign your PDF documents, add the key to a space in Alfresco. I store mine in my home space, but anywhere will do. Once you have the keystore uploaded to Alfresco, create a space to receive incoming PDF documents and add a content rule that is triggered when PDF documents are added. When you are prompted to select the action, select "Sign PDF" from the list.

Next, set your signature action parameters. First, the signature can be applied as a visible or hidden signature. If you select visible, a small text block will appear showing the name, location and reason for the signature. The location and size of this block is configurable by using the signature X/Y coordinates (coordinates of the top left corner of the block), height and width. Next, use the node selector to select the keystore file that you wish to use to sign the document. You also have to provide the keystore password. This is the same password you used when you created the keystore. The signing reason and location can also be provided. The text that is provided here will show up in the signature block, if it is visible. Finally, select a destination space where the signed PDF will be stored.

Once all of the signature options are set, finish adding the rule. Any PDF documents that are placed into the space will now be signed with the provided key and options, and will be stored in the selected destination. With a self-signed certificate you will see a warning in Adobe Acrobat stating that the certificate chain cannot be validated. This is expected. If you need a fully validated chain, you can request a certificate from a CA and import it into the keystore that is used to sign the document. This simple signing action covers most of my needs, hopefully others will find it useful as well. As usual, feature requests and bug reports are welcome! Enjoy! Last Updated on Wednesday, 13 October 2010 09:38 Comments 123 #26 Ashok Kumar Harnal 2012-05-12 20:00 It will be very useful, if at one go I can digitally sign all pdf files in a folder instead of signing them, one by one. Is batch mode possible?

#25 AB 2012-01-03 09:37 Any idea when this will work with 3.4d? When I try to create the rule, I can select the action, but then only see a list of input boxes with no titles in which to enter arguments. Rule cannot be saved. Looking forward to it!

#24 2011-06-13 11:11 Clay, What doesn't work? How does it fail? Do you have any more information? "This does not work" isn't very helpful in diagnosing a problem.

#23 2011-05-10 21:54 this does not work any other solution

#22 2011-03-24 10:36 Quoting Nathan: Jos, I originally developed this against Alfresco 3.1.0. I am currently using it with 3.3.3.

Hmmm... I'm using Alfresco 3.4 and I don't see this option available on my rules. Has anyone already tested PDF-toolkit with the latest version of Alfresco?

#21 2011-03-24 10:16 Jos,

I originally developed this against Alfresco 3.1.0. I am currently using it with 3.3.3.

#20 2011-03-22 17:44 What are the Alfresco versions supported for the last release?

#19 2011-03-03 11:27 Quoting yzhou: My guess is, two passwords are need, keystore pass, and your private key pass, and there is only one field for password. Maybe, just a maybe, you can try same password for keystore and key, see if it works ;-)

That was the ticket. The same password for both the cert and the keystore. Good catch thanks.

#18 2011-03-01 15:25 Quoting BenJamin: Quoting yzhou: i want use this one for a demo and after restart everything, when I tried to sign the PDF, I got a error complain password java.io.IOException: Keystore was tampered with, or password was incorrect at PDFSignatureAct ionExecuter.java:208 I import the ks file, password is 'password', i will dig more ...

yzhou, any luck? I am also getting this exception. Running v0.96 with Alfresco 3.4a.

My guess is, two passwords are need, keystore pass, and your private key pass, and there is only one field for password. Maybe, just a maybe, you can try same password for keystore and key, see if it works Description Alfresco PDF Toolkit adds additional functionality to Alfresco, enabling the manipulation of PDF files.

Current Functionality: Merge -- Append PDF to another PDF, generating a new PDF Split -- Splits a PDF at a specified interval, (ex. 2 pages, 3 pages, etc.), generating new PDFs for each section. Split At -- Split PDF into two PDFs at a specific page, generating two new PDFs. Insert PDF -- Insert PDF at a specific Page PDF Watermarking PDF Encryption Digital Signatures TIFF to PDF transformation All of the actions are available as actions that can be used in content rules, and as document library actions in the document browse and detail views. A teaser screencast is available here: http://www.youtube.com/watch?v=cJYpFgx037E Functionality in development: Extract Pages Delete Pages Transform to PDF/A Minimally requires Alfresco 3.2 Tags

PDF signature

encryption watermark merge split Technical Details Alfresco Product(s)

Repository Share Web Client Explorer Web Client Installation Method AMP Extension Point(s) Content Model Share Action Share Document Library Action Component Type(s) Action Content Model Document Library

Comments

somebody help me,what's the somebody help me,what's the next step after install AMP.. how to use Spilt Functionality.. Richa Fri, 07/27/2012 - 10:57

Hi It work in Alfresco Share 4.0? gaby_ag77 Wed, 08/15/2012 - 21:09

Now Works Against 4.0 We've just released Alfresco PDF Toolkit 0.98.28 which works against Alfresco 4.0 jottley Mon, 09/17/2012 - 21:19

PDF/A I'm in dire need of PDF/A functionality, is it something which is in progress and can I help? Niklas Ekman Wed, 11/14/2012 - 14:54

Can't set folder I've installed the pdf toolkit add-on but I can't set the destination folder when I try to create a new rule for a folder in Alfresco share. Hence the tool does not work. Are there any workarounds? Jared Ottley Technology | Fatherhood | Insanity Alfresco PDF Toolkit with 26 comments A few weeks ago I made my first release of what I am calling the Alfresco PDF Toolkit on Google Code. Alfresco PDF Toolkit, or as I originally named it, pdf-extension, has been around for a while. It was originally hosted on my SVN server and in then in my Alfresco SVN Repo. It was developed as a one-off side project at the request of an early Alfresco customer. The code has been sitting around with very few updates since

that time. An occasional rebuild to make sure it would work with a new release of Alfresco but that was it. (I think it was original built for 2.1 or 2.2) Why the update? Focused attention. It is a way to get my hands dirty and adding some new features that have been rattling around in my head for a while now. What can it do? This initial release has three functions: Split PDF This option allows you to split a PDF every specified number of pages Split at Page This option allows you to split a PDF at a specified page Merge PDF This options allows you to append a PDF to another PDF All three options generate new PDFs leaving the originals untouched. Where can I find these actions? The actions are available in the Run Action Wizard. They use the same names as above. What does the future hold? The current list of enhancements is as follows (bot not necessarily in this order): PDF Watermarks / Rubber stamping Digital Signatures TIFF to PDF transformation Extract Pages Delete Pages Transform to PDF/A Can I help? Yes! Im more than happy to accept code contributions or add features the list of enhancements. And of course, merit can make you a contributor. Where can I find the code or the AMP again? In the Google Code Project: Alfresco PDF Toolkit Chac chan rang ban da cai Alfresco community 4.0d vao may tinh, no nam o "./tomcat/webapps/" ghi nho mat khau cua admin Giai nen Alfresco-Encryption-Module version 1.0.zip duoc hai thu muc alfresco va share Copy va replace ca hai thu muc vao thu muc trong "./tomcat/webapps/" Khoi dong lai server, dang nhap tai khoan admin Vao dia chi: http://localhost:8080/share Upload thu mot file de thu ma hoa va giai ma

Please ensure that you have already installed Alfresco community 4.0d, it is in foler "./tomcat/webapps/"

Extract Alfresco-Encryption-Module version 1.0.zip to two folders "alfresco" and "share" Copy and replace both of them into folder installed alfresc: "./tomcat/webapps/" Restart server, log in admin account at http://localhost:8080/share upload a file, test encryption and decryption