0

I would like to digital sign several times (twice would be fine) a PDF using Ruby on Rails.

I have tried using Origami Gem which works great for a single signature (thank you MrWater for your very helpful post: to Insert digital signature into existing pdf file)

However, I can't sign twice the document. When I do, using the same method, my pdf file displays a signature error (signature invalid).

Do you have any idea of how to make that work using Origami or any other Ruby Gem?

Thank you in advance for your help.

Update 2015-10-25:

You will find below my code to sign a document (maybe it can help to find a solution to the problem, and at least it shows you how to make a single signature, which works quite fine). In comment is my failing attempt for a double signature. I also tried to sign a first time doing the whole process, and sign a second time with the same process but without any success:

PDF_ORI = "contrat_old.pdf"
PDF_NEW = "contrat_new.pdf"

pdf = Origami::PDF.read(PDF_ORI)

# Open certificate files
key = OpenSSL::PKey::RSA.new 2048
cert = OpenSSL::X509::Certificate.new
cert.version = 2
cert.serial = 0
cert.not_before = Time.now
cert.not_after = Time.now + 10 * 365 * 24 * 60 * 60 # 10 years validity
cert.public_key = key.public_key
cert.issuer = OpenSSL::X509::Name.parse('CN=Test')
cert.subject = OpenSSL::X509::Name.parse('CN=test1 ESSAI1')

# Open certificate files
#key2 = OpenSSL::PKey::RSA.new 2048
#cert2 = OpenSSL::X509::Certificate.new
#cert2.version = 2
#cert2.serial = 0
#cert2.not_before = Time.now
#cert2.not_after = Time.now + 10 * 365 * 24 * 60 * 60 # 10 years validity
#cert2.public_key = key2.public_key
#cert2.issuer = OpenSSL::X509::Name.parse('CN=Test2')
#cert2.subject = OpenSSL::X509::Name.parse('CN=test2 ESSAI2')


sigannot = Origami::Annotation::Widget::Signature.new
sigannot.Rect = Origami::Rectangle[:llx => 89.0, :lly => 386.0, :urx => 190.0, :ury => 353.0]
pdf.get_page(1).add_annot(sigannot)

#sigannot2 = Origami::Annotation::Widget::Signature.new
#sigannot2.Rect = Origami::Rectangle[:llx => 89.0, :lly => 386.0, :urx => 190.0, :ury => 353.0]
#pdf.get_page(1).add_annot(sigannot2)

# Sign the PDF with the specified keys
pdf.sign(cert, key,
  :method => 'adbe.pkcs7.sha1',
  :annotation => sigannot,
  :location => "France",
  :contact => "tmp@security.org",
  :reason => "Proof of Concept"
)

# Sign the PDF with the specified keys
#pdf.sign(cert2, key2,
#  :method => 'adbe.pkcs7.sha1',
#  :annotation => sigannot2,
#  :location => "France",
#  :contact => "tmp@security.org",
#  :reason => "Proof of Concept"
#)

# Save the resulting file
pdf.save(PDF_NEW)

I know it is quite tricky, but no one can help me? Or using another solution maybe?

Community
  • 1
  • 1
Johnf39
  • 101
  • 5
  • I don't know ruby well, let alone origami. But it looks like you try to add both signatures in one PDF manipulation session, i.e. in the same document revision. That does not work, multiple signatures must be applied in different PDF revisions, and all but the first must be added as an incremental update. – mkl Oct 26 '15 at 07:37
  • Hi mkl, thank you for this interesting notice. Indeed, I do not know much about PDF signatures and it did not occur to me that the problem may be about PDF revisions. It is a good track, I will see if I can generate a new revision (as incremental update), and make a second signature on this revision. – Johnf39 Oct 26 '15 at 10:45
  • If you'd like some backgrounds, [this answer](http://security.stackexchange.com/a/35131/16096) and the documents it links to may be of interest. – mkl Oct 26 '15 at 11:20
  • I think you found the issue, it seems to be indeed a problem of PDF revisions. I think that the Origami Gem does not handle them well. For example, if I add a new revision to a PDF file and try to sign it, the file becomes invalid. When I will have the time, I will try to correct the Gem thanks to your link and the documents it includes. Thank you very much for your help. – Johnf39 Oct 26 '15 at 15:15

1 Answers1

0

you can use CombinePDF to add watermark to PDF i hve use it in the past and it works great:

To add content to existing PDF pages, first import the new content from an existing PDF file. After that, add the content to each of the pages in your existing PDF.

In this example, we will add a company logo to each page:

company_logo = CombinePDF.load("company_logo.pdf").pages[0]
pdf = CombinePDF.load "content_file.pdf"
pdf.pages.each {|page| page << company_logo} 
# notice the << operator is on a page and not a PDF object.
pdf.save "content_with_logo.pdf"

Notice the << operator is on a page and not a PDF object. The << operator acts differently on PDF objects and on Pages.

The << operator defaults to secure injection by renaming references to avoid conflics. For overlaying pages using compressed data that might not be editable (due to limited filter support), you can use:

pdf.pages(nil, false).each {|page| page << stamp_page}

You can see more details here:

https://github.com/boazsegev/combine_pdf

matanco
  • 2,096
  • 1
  • 13
  • 20
  • This answer does not deal with the OP's question which is about **integrated digital signatures**, not some funny images. – mkl Oct 23 '15 at 14:44
  • 1
    Hi matanco, thank you for your answer. I read quickly the link you gave me but it looks like combine_pdf does not add real pdf signatures. It seems to be a great tool though but so far I use prawn to modify my pdfs. What I am looking for is a tool that enables to add real digital-signatures to pdf files (that is to say that this signature proves that no modification has happened since the signature was added to the file) – Johnf39 Oct 23 '15 at 14:47