Sign documents with GPG key?  SOLVED

Forum for the PDF-XChange Editor - Free and Licensed Versions

Moderators: Tracker Support, TrackerSupp-Daniel, Paul - Tracker Supp, Chris - Tracker Supp, Vasyl-Tracker Dev Team, Sean - Tracker, Tracker Supp-Stefan, Ivan - Tracker Software

Post Reply
sleipner
User
Posts: 6
Joined: Thu Jun 13, 2019 7:15 am

Sign documents with GPG key?

Post by sleipner » Thu Jun 13, 2019 7:19 am

Just wanted to ask if it is possible to sign pdf documents with keys generated by GPG, which we also use to sign e-mails?

User avatar
TrackerSupp-Daniel
Site Admin
Posts: 2247
Joined: Wed Jan 03, 2018 6:52 pm

Re: Sign documents with GPG key?

Post by TrackerSupp-Daniel » Thu Jun 13, 2019 4:54 pm

Hello Sleipner,

Thank you for the excellent question, we try to make our products compatible with as many certificates as possible, but it depends on the Certificate itself and its "intended purpose". As we do not have any GPG keys locally, I cannot guarantee this will work, but you will need to ensure that you signature certificate has an intended purpose of "document Signing", or it will certainly not work.

My suggestion would be to download the Free version of the software and test this, just to be certain of whether or not it will work personally.
https://www.tracker-software.com/product/downloads

Kind regards,
Daniel McIntyre
Support Technician
Tracker Software Products (Canada) LTD

Sales: +1 (250) 324-1621
Fax: +1 (250) 324-1623

sleipner
User
Posts: 6
Joined: Thu Jun 13, 2019 7:15 am

Re: Sign documents with GPG key?

Post by sleipner » Fri Jun 14, 2019 6:17 am

I do have the full version.

Just asking, because I couldn't find out how to do it.

User avatar
Will - Tracker Supp
Site Admin
Posts: 6673
Joined: Mon Oct 15, 2012 9:21 pm
Location: London, UK
Contact:

Re: Sign documents with GPG key?

Post by Will - Tracker Supp » Fri Jun 14, 2019 8:13 am

Hi sleipner,

Thanks for the post - You can create a new signature using an existing certificate, either from a certificate file or from the Windows Store:
image.png
If you do this using either method, is your certificate not available?

Thanks,
If posting files to this forum, you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded.
Thank you.

Best regards

Will Travaglini
Tracker Support (Europe)
Tracker Software Products Ltd.
http://www.tracker-software.com

sleipner
User
Posts: 6
Joined: Thu Jun 13, 2019 7:15 am

Re: Sign documents with GPG key?

Post by sleipner » Mon Jun 17, 2019 12:58 pm

I'm really a novice regarding encryption and signing, but in those times we are in now I think we can't efford not to find out.

In your screenshot, there are 2 options. The first one is from System Store, and I do have one that I can pick. This certificate seems to be issued by "Communications Server", which I believe would be Windows itself. It's valid for 6 months.


The other choice would be more interesting - from file. In that case you do allow .pfx and .p12 extensions. I've read a bit through the Kleopatra manual and it looks like that .p12 files can only be generated from S/MIME and not from OpenPGP certificates (https://docs.kde.org/stable5/en/pim/kle ... l#menufile). But here I might be wrong as well, so that probably should be verified by someone else.

What I can generate are .asc, .gpg or .pgp files.

User avatar
TrackerSupp-Daniel
Site Admin
Posts: 2247
Joined: Wed Jan 03, 2018 6:52 pm

Re: Sign documents with GPG key?

Post by TrackerSupp-Daniel » Mon Jun 17, 2019 4:08 pm

Hello Sleipner,

If you are able to see the one from the system store, than all should be in order for you to use that one there.

As for the "from file" option, at this time we do only support .pfx and .p12 formats, so if you cannot generate the certificate in one of these formats, we will not be able to make use of it under this selection.

Kind regards,
Daniel McIntyre
Support Technician
Tracker Software Products (Canada) LTD

Sales: +1 (250) 324-1621
Fax: +1 (250) 324-1623

sleipner
User
Posts: 6
Joined: Thu Jun 13, 2019 7:15 am

Re: Sign documents with GPG key?

Post by sleipner » Mon Jun 17, 2019 6:08 pm

I think the answer very much lies in that article.

https://security.stackexchange.com/ques ... te-manager

OpenPGP certificates can't be used as X.509 certificates, and apparently PD-XChange Editor uses those.

User avatar
Will - Tracker Supp
Site Admin
Posts: 6673
Joined: Mon Oct 15, 2012 9:21 pm
Location: London, UK
Contact:

Re: Sign documents with GPG key?

Post by Will - Tracker Supp » Mon Jun 24, 2019 9:11 am

Hi sleipner,

Thanks for that - It appears that you're correct and that OpenPGP certificates will not work with our software.
If posting files to this forum, you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded.
Thank you.

Best regards

Will Travaglini
Tracker Support (Europe)
Tracker Software Products Ltd.
http://www.tracker-software.com

sleipner
User
Posts: 6
Joined: Thu Jun 13, 2019 7:15 am

Re: Sign documents with GPG key?

Post by sleipner » Wed Jun 26, 2019 11:15 am

Sorry, but I have to take up that thread once again.

As we found out OpenPGP signatures apparently can't be used, and we can use certificate from System Store (I think those are generated by Windows).

My question is, what kind of procedure would be necessary to use certificates from a file. In that case I guess som kind of certificate authority would be issuing a certificate which we could use.

Any tips of where to start, would it be necessary to do that for each employee in the company?

User avatar
TrackerSupp-Daniel
Site Admin
Posts: 2247
Joined: Wed Jan 03, 2018 6:52 pm

Re: Sign documents with GPG key?

Post by TrackerSupp-Daniel » Wed Jun 26, 2019 5:13 pm

Hello Sleipner,

Whether you plan to use the windows system store, or a file based option, the Editor is capable of creating signatures that are "self signed". Alternatively, you would need to contact a signing authority for details on the process for their signature certificates.

Generally speaking, If yo are creating the certificates within the Editor, creating a System store certificate is more secure, but yes it would need to be done once per user across the board. If creating one of our .pfx or .p12 extension signatures, you could quite easily distribute these to your users, to make continued use of the same signature, please see this article for details on that process.

Beyond that, I would advise making use of web resources to research available signing authorities, their options, and the like, as we are not an "all knowing" entity, and can only provide advice regarding our own software.

Kind regards,
Daniel McIntyre
Support Technician
Tracker Software Products (Canada) LTD

Sales: +1 (250) 324-1621
Fax: +1 (250) 324-1623

sleipner
User
Posts: 6
Joined: Thu Jun 13, 2019 7:15 am

Re: Sign documents with GPG key?

Post by sleipner » Thu Jun 27, 2019 9:02 am

Thanks for the repy.

One final question, because I still don't fully understand the concept of signing.

If I understand the concept correctly, a self signed certificate states that the file has not been tampered with between the sender and the receiver.

But it doesn't proof that the sender is what he says he is.

I could sign a contract with a self signed certificate, that I, Bill Gates, hereby sell my car to you for 1 Dollar. This certificate neither proves my identity nor my e-mail address nor anything else. Just that the document itself hasn't changed.

lev
User
Posts: 96
Joined: Fri Apr 11, 2014 1:18 am

Re: Sign documents with GPG key?  SOLVED

Post by lev » Thu Jun 27, 2019 10:41 am

If I understand the concept correctly, a self signed certificate states that the file has not been tampered with between the sender and the receiver.

But it doesn't proof that the sender is what he says he is.
You do understand the concept correctly. Check what your client's requirements for digital signing are. IdenTrust, DigiCert and many other certification authorities (CA) will provide you with what you need.

User avatar
Will - Tracker Supp
Site Admin
Posts: 6673
Joined: Mon Oct 15, 2012 9:21 pm
Location: London, UK
Contact:

Re: Sign documents with GPG key?

Post by Will - Tracker Supp » Thu Jun 27, 2019 10:44 am

Cheers Lev!
If posting files to this forum, you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded.
Thank you.

Best regards

Will Travaglini
Tracker Support (Europe)
Tracker Software Products Ltd.
http://www.tracker-software.com

Post Reply