Sign documents with GPG key?  SOLVED

Forum for the PDF-XChange Editor - Free and Licensed Versions

Moderators: TrackerSupp-Daniel, Tracker Support, Paul - Tracker Supp, Vasyl-Tracker Dev Team, Chris - Tracker Supp, Sean - Tracker, Ivan - Tracker Software, Tracker Supp-Stefan

Post Reply
sleipner
User
Posts: 8
Joined: Thu Jun 13, 2019 7:15 am

Sign documents with GPG key?

Post by sleipner »

Just wanted to ask if it is possible to sign pdf documents with keys generated by GPG, which we also use to sign e-mails?
User avatar
TrackerSupp-Daniel
Site Admin
Posts: 8440
Joined: Wed Jan 03, 2018 6:52 pm

Re: Sign documents with GPG key?

Post by TrackerSupp-Daniel »

Hello Sleipner,

Thank you for the excellent question, we try to make our products compatible with as many certificates as possible, but it depends on the Certificate itself and its "intended purpose". As we do not have any GPG keys locally, I cannot guarantee this will work, but you will need to ensure that you signature certificate has an intended purpose of "document Signing", or it will certainly not work.

My suggestion would be to download the Free version of the software and test this, just to be certain of whether or not it will work personally.
https://www.pdf-xchange.com/product/downloads

Kind regards,
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD

+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
sleipner
User
Posts: 8
Joined: Thu Jun 13, 2019 7:15 am

Re: Sign documents with GPG key?

Post by sleipner »

I do have the full version.

Just asking, because I couldn't find out how to do it.
User avatar
Will - Tracker Supp
Site Admin
Posts: 6815
Joined: Mon Oct 15, 2012 9:21 pm
Location: London, UK
Contact:

Re: Sign documents with GPG key?

Post by Will - Tracker Supp »

Hi sleipner,

Thanks for the post - You can create a new signature using an existing certificate, either from a certificate file or from the Windows Store:
image.png
If you do this using either method, is your certificate not available?

Thanks,
If posting files to this forum, you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded.
Thank you.

Best regards

Will Travaglini
Tracker Support (Europe)
Tracker Software Products Ltd.
http://www.tracker-software.com
sleipner
User
Posts: 8
Joined: Thu Jun 13, 2019 7:15 am

Re: Sign documents with GPG key?

Post by sleipner »

I'm really a novice regarding encryption and signing, but in those times we are in now I think we can't efford not to find out.

In your screenshot, there are 2 options. The first one is from System Store, and I do have one that I can pick. This certificate seems to be issued by "Communications Server", which I believe would be Windows itself. It's valid for 6 months.


The other choice would be more interesting - from file. In that case you do allow .pfx and .p12 extensions. I've read a bit through the Kleopatra manual and it looks like that .p12 files can only be generated from S/MIME and not from OpenPGP certificates (https://docs.kde.org/stable5/en/pim/kle ... l#menufile). But here I might be wrong as well, so that probably should be verified by someone else.

What I can generate are .asc, .gpg or .pgp files.
User avatar
TrackerSupp-Daniel
Site Admin
Posts: 8440
Joined: Wed Jan 03, 2018 6:52 pm

Re: Sign documents with GPG key?

Post by TrackerSupp-Daniel »

Hello Sleipner,

If you are able to see the one from the system store, than all should be in order for you to use that one there.

As for the "from file" option, at this time we do only support .pfx and .p12 formats, so if you cannot generate the certificate in one of these formats, we will not be able to make use of it under this selection.

Kind regards,
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD

+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
sleipner
User
Posts: 8
Joined: Thu Jun 13, 2019 7:15 am

Re: Sign documents with GPG key?

Post by sleipner »

I think the answer very much lies in that article.

https://security.stackexchange.com/ques ... te-manager

OpenPGP certificates can't be used as X.509 certificates, and apparently PD-XChange Editor uses those.
User avatar
Will - Tracker Supp
Site Admin
Posts: 6815
Joined: Mon Oct 15, 2012 9:21 pm
Location: London, UK
Contact:

Re: Sign documents with GPG key?

Post by Will - Tracker Supp »

Hi sleipner,

Thanks for that - It appears that you're correct and that OpenPGP certificates will not work with our software.
If posting files to this forum, you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded.
Thank you.

Best regards

Will Travaglini
Tracker Support (Europe)
Tracker Software Products Ltd.
http://www.tracker-software.com
sleipner
User
Posts: 8
Joined: Thu Jun 13, 2019 7:15 am

Re: Sign documents with GPG key?

Post by sleipner »

Sorry, but I have to take up that thread once again.

As we found out OpenPGP signatures apparently can't be used, and we can use certificate from System Store (I think those are generated by Windows).

My question is, what kind of procedure would be necessary to use certificates from a file. In that case I guess som kind of certificate authority would be issuing a certificate which we could use.

Any tips of where to start, would it be necessary to do that for each employee in the company?
User avatar
TrackerSupp-Daniel
Site Admin
Posts: 8440
Joined: Wed Jan 03, 2018 6:52 pm

Re: Sign documents with GPG key?

Post by TrackerSupp-Daniel »

Hello Sleipner,

Whether you plan to use the windows system store, or a file based option, the Editor is capable of creating signatures that are "self signed". Alternatively, you would need to contact a signing authority for details on the process for their signature certificates.

Generally speaking, If yo are creating the certificates within the Editor, creating a System store certificate is more secure, but yes it would need to be done once per user across the board. If creating one of our .pfx or .p12 extension signatures, you could quite easily distribute these to your users, to make continued use of the same signature, please see this article for details on that process.

Beyond that, I would advise making use of web resources to research available signing authorities, their options, and the like, as we are not an "all knowing" entity, and can only provide advice regarding our own software.

Kind regards,
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD

+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
sleipner
User
Posts: 8
Joined: Thu Jun 13, 2019 7:15 am

Re: Sign documents with GPG key?

Post by sleipner »

Thanks for the repy.

One final question, because I still don't fully understand the concept of signing.

If I understand the concept correctly, a self signed certificate states that the file has not been tampered with between the sender and the receiver.

But it doesn't proof that the sender is what he says he is.

I could sign a contract with a self signed certificate, that I, Bill Gates, hereby sell my car to you for 1 Dollar. This certificate neither proves my identity nor my e-mail address nor anything else. Just that the document itself hasn't changed.
lev
User
Posts: 258
Joined: Fri Apr 11, 2014 1:18 am

Re: Sign documents with GPG key?  SOLVED

Post by lev »

If I understand the concept correctly, a self signed certificate states that the file has not been tampered with between the sender and the receiver.

But it doesn't proof that the sender is what he says he is.
You do understand the concept correctly. Check what your client's requirements for digital signing are. IdenTrust, DigiCert and many other certification authorities (CA) will provide you with what you need.
User avatar
Will - Tracker Supp
Site Admin
Posts: 6815
Joined: Mon Oct 15, 2012 9:21 pm
Location: London, UK
Contact:

Re: Sign documents with GPG key?

Post by Will - Tracker Supp »

Cheers Lev!
If posting files to this forum, you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded.
Thank you.

Best regards

Will Travaglini
Tracker Support (Europe)
Tracker Software Products Ltd.
http://www.tracker-software.com
Post Reply