TBSSignaturePDFVerify checking tool
Case in general
This tool checks the validity of the signature appending on a PDF document. It also displays information about the certificate subject and issuer and about timestamping.
This verification checks:
- the signature significance (all the document?)
- the integrity of the signed document
- the certificate used to sign (approved by the certification authority? expired? revoked?...)
Usable with command lines, it does not require any installation. Developed in a Java 1.6 environment, it is available for Linux and Windows platforms.
here is the launch command:
java -jar TBSVerifySignaturePDF.jar -in xxx
Parameters
Tool argument of an essential parameter:
-in PDFfile
Optional parameters:
-ks keystore.p12 -pwd password -out revisionfile -proxyHost proxy -proxyPort numner -crl crl_file -proxyLogin login -proxyPasswd s3cret
Parameters details
-in PDFfile: the PDF file that is being checked.
-ks: a verification keystore (containing trusted root certificates). If not specified, the tool uses an internal keystore validated by TBS.
-pwd password: keystore password
-out revisionfile: create a revision_number.pdf file, with a number matching the revision number of the signature.
-proxyHost proxy: proxy alias or ip address
-proxyPort number: proxy port number
-proxyLogin: proxy connection login
-proxyPasswd: proxy connection password
-crl crl_file: if you specify an other crl file name
Example
Verification of the PDF document: mydoc.pdf
java -jar TBSVerifySignaturePDF.jar -in mydoc.pdf
Signature of the PDF document mydoc.pdf with proxy information
java -jar TBSVerifySignaturePDF.jar -in mydoc.pdf -proxyHost 192.168.2.3 -proxyPort 8080 -proxyLogin login -proxyPasswd s3cret
Signature of the PDF document mydoc.pdf with a keystore user
java -jar TBSVerifySignaturePDF.jar -in mydoc.pdf -ks myKeystore.jks -pwd s3cret
Nota: for files names, indicate absolute paths.
Application process
When launching the application you'll see 4 steps:
- Step 1: displays the signature and revision number significance. Displays the subject and the issuer of the certificate and the lsit of CRLs found.
- Step 2 : Indicates if the document has been modified.
- Step 3: Downloading of CRLs and confrontation with the certificate.
- Step 4: Displays information linked to timestamping.
- Display of potential errors.
Error cases
java.io.FileNotFoundException
java.lang.NoClassDefFoundError
java.io.FileNotFoundException
You may have forget to specify the absolute path to the PDF file (or to the pkcs12 one) that you want to sign.
java.lang.NoClassDefFoundError
You may have forget the " -jar " expression before the jar file.
Credits
We'd like to thank Bruno Lowagie and Paulo Soares for the classes they publicly released under GPL license and that eased this tool development.