PAdES (PKCS11) and Zend_Pdf

Similar to my last post about Zend_Mail S/MIME class, this one allows to digitally sign and even add TSA (timestamping) support to your PDF documents generated using Zend_Pdf. There is a standalone ASN1 parser included that can be used for other projects that require ASN1 data interchange. See https://en.wikipedia.org/wiki/PAdEShttps://www.ietf.org/rfc/rfc3161.txt for reference. The challenge was to add the BytesRange element with right byte bounds of the signed document. How to use it:

<?php ini_set('include_path',ini_get('include_path').PATH_SEPARATOR.realpath('./'));   require_once('Zend/Loader/Autoloader.php');   $loader = Zend_Loader_Autoloader::getInstance();   $pdf = Zend_Pdf::load('35232018_Summary(2).pdf');   $signature = new Zend_Pdf_Signature('self_key_cert.pem','','tmp',true); $signature->setSigParams(array(
    'Name' => 'Someone',
    'Location' => 'Kharkov, UA',
    'Reason' => 'I'm approving this document',
    'ContactInfo' => 'someones@email.com'
));
$signature->setTSAParams(array(
    'TSA_username' => '',
    'TSA_password' => '',
    'TSA_url'      => 'https://timestamping.edelweb.fr/service/tsp',
    'TSA_cert'     => '',
    'TSA_algorithm' => 'sha1'
));
 
$pdf->setSignature($signature);
 
$fp = fopen('tmp3.pdf','w');
$pdf->render(false,$fp);
fclose($fp);

Note, that you need a writeable by php user directory (tmp in the example above). See attached Zend_Pdf modified class + Zend_ASN1 parser.

Zend_Pades_TSA

  • Podolinek

    Hi, thanks a lot for the script. I was looking PDF digital certification for weeks. I am not using Zend, but it was quite easy extract necessary libs and voila, it running. Well done:)

    • admin

      Hi, glad it helped!

Leave a Reply

Your email address will not be published. Required fields are marked *