8

I am generating PDF's in my app. I want to give the best security to these pdf's generated through my app. I have added the default security options provided by Apple, like Owner password, allow copying, allow printing etc...

But I would like to add my certificate information or call it as Digitally sign the pdf's using the custom certificate(X.509 certificate) files.

Does security framework help in any way ? or How can this be achieved?

Jagadeeshwar
  • 863
  • 11
  • 25
  • Just search through for curiousity, is it something like this question: http://stackoverflow.com/questions/16100109/tcpdf-adding-digital-signature-to-the-created-pdf, it is generating from PHP, what kind of language your app is based on for development? – 西門 正 Code Guy Apr 21 '14 at 07:56
  • >what kind of language your app is based on for development? iOS (Objective-c) – Jagadeeshwar Apr 21 '14 at 12:13
  • There is already and application for mac https://itunes.apple.com/in/app/pdf-signet-digital-signatures/id615476224?mt=12 How can we do the same in iOS ?? – Jagadeeshwar May 31 '14 at 13:08
  • I'm wondering and struggling since a weak about how this can be achieved on iOS. If other languages like Java, C# , C and C++ can do it why can't this be possible in Objective-c? – Jagadeeshwar Jun 27 '14 at 05:36
  • U would expose your private key in app so it's kinda unsecure – ichaki5748 Jul 03 '14 at 13:26
  • Objective-C is a superset of C, so if you can do it in C then you can use that code in your iOS app. – James Jul 03 '14 at 18:17

1 Answers1

4

Unfortunately, iOS doesn't seem to provide this feature natively. Searching for a library that will apply a digital signature to a PDF is difficult, as many tools apply pictures of handwritten signatures. There doesn't seem to be any in C or Objective-C that you could use on iOS, most implementations are in Java or C#, or are not available for iPhone (e.g. Acrobat SDK or PLOP DS).

You can nevertheless implement the digital signature yourself, this is quite straightforward and documented. You will need to serialize your PDF as mentioned in this document, make some room for the signature object (this requires a minimum parsing of the PDF layout), then compute the signature and store it in the file.

For the cryptographic part, it seems that Security Framework does not provide an API to generate the required PKCS#7 signature. So you could use OpenSSL instead.

Paul Guyot
  • 6,257
  • 1
  • 20
  • 31
  • I believe one should sign something with private key. So if you want to do it in phone you'll expose it at least in operating memory – ichaki5748 Jul 04 '14 at 14:02
  • Indeed, this requires a private key. This is not a real issue if the application uses the user's private key like the MacOS X application OP referred to. The main problem would be how to get and how to store the private key on the iOS device. – Paul Guyot Jul 04 '14 at 15:33