XMLMill - convert xml to pdf with java. Generate PDF from xml/xsl.

XMLMill User Guide

Version: 3.00 Date: January 2nd, 2008
This tutorial is opened in a separate window in order to maximize the legibility of this tutorial.
To return to XMLMill, close this browser window

This page as PDFPrinter friendly pageThis guide (!) as PDF

Digital Signatures

Description

XMLMill can sign pdf documents during the generation of a PDF document (one step generation).

The signing of documents is done in one-pass, without the need to first generate the document, save it on disk and then to reread the document to sign it.

This is an important feature for High-Performance Web Applications using XMLMill with the Java Servlet API, where the signing of PDF documents should be done as fast as possible without the need for diskspace (in memory only, zero disk base use).

Furthermore, as the signing is done during the generation of the PDF document, no valuable time is lost (as there is no need to reread the document to sign it).

The signatures produced can be verified using the freely available Adobe Reader 6.0+, therefore ensuring embedded signatures have the widest possible reach and can be verified by any recipient.

Digitally signing PDF documents serves two purposes:

  • Identify the author of the document
  • To ensure the document has not been modified after it was signed.

This is done by calculating a checksum of the document and then encrypting that checksum with the "private key" of the author, which can later be verified by a user, by comparing it with the corresponding public key.

  • It is assumed that the reader has some basic knowledge of public/private key cryptography.
  • It is advised to use at least Acrobat Reader 6.0 or later if you want to verify the digitally signed documents.
  • A PDF document can only contain one signature.
  • Please consult also the DigitalSignatures.pdf document contained in the downloas or online.

Supported Crypto-systems

Currently only RSA is supported, not DSA (Digital Signature Algorithm). This has to do with the fact that XMLMill needs to know what the length of the generated key will be before generating the document.

Some online explanations of encryption:

  1. What is a digital signature (http://www.youdzone.com/signature.html)
  2. Public Key Cryptograpy explained (http://www.ccs.neu.edu/home/tdunn/honors/)
  • The RSA public-key cryptosystem is the most popular form of public-key cryptography. RSA stands for Rivest, Shamir, and Adleman, the inventors of the RSA cryptosystem.
  • The Digital Signature Algorithm is also a popular public-key technique, though it can only be used only for signatures, not encryption.

Supported Handlers

XMLMill supports following handlers:

  • Self signed (Adobe.PPKLite)
  • VeriSign plug-in (VeriSign.PPKVS)
  • Windows Certificate Security (Adobe.PPKMS)

Signing and verifying with XMLMill is easy, as the signing is done during the generation process. The difficult part comes with the key and certificate generation, as you need to have a (basic) understanding of using private/public keys and certificates with Java.

Visible and invisible signatures

Visible signature

A visible signature will add an icon (and some user-defined text) on a page (the page that is generated on the moment the ml:signature element is executed.

In following example the signature is added at the bottom of the page:

images/signature_whole-page.gif
Select to enlarge

Invisible signature

An invisible (blind) signature does not add an icon (or user-defined text) on a page. It can only be seen in the Signatures pane. The list of information includes following elements:

  • Signer's name
  • time of signing
  • signature validity
  • reason for signing
  • location of signing
  • document's revision number

images/signature_pane (285 x 176).jpg
Select to enlarge

Configuration

In order to sign documents XMLMill must be configured so it knows where to get the private key and certificate to sign the document(s).

Consult the cryptographic-service-provider section in the configuration chapter for more information.

Element: ml:signature

To digitally sign a pdf document the ml:signature element is used.

It will define which alias to use to sign the document and describe the location and visual layout of the signature (if the signature should be visible).

The element has following attributes:

[001] 
[002] <!ELEMENT ml:signature (%basic-inlines;)*>
[003] <!ATTLIST ml:signature 
[004]   %absolute-position-properties; 
[005]   %common-border-properties; 
[006]   %common-line-height-properties; 
[007]   %common-inline-properties; 
[008]   %common-keeps-and-breaks-properties-block; 
[009]   %common-margin-properties; 
[010]   %common-padding-properties; 
[011]   %relative-position-properties; 
[012]   background-color CDATA #IMPLIED
[013]   background-grayscale CDATA #IMPLIED
[014]   hanging-indent CDATA #IMPLIED
[015]   height CDATA #IMPLIED
[016]   id CDATA #IMPLIED
[017]   link-id CDATA #IMPLIED
[018]   text-align (start | center | end | justify | inside | outside | left | 
        right | inherit) #IMPLIED
[020]   text-indent CDATA #IMPLIED
[021]   text-valign (top | center | bottom) #IMPLIED
[022]   width CDATA #IMPLIED
[023]   wrap-option (no-wrap | wrap) #IMPLIED
[024]   visible CDATA #IMPLIED
[025]   name CDATA #IMPLIED
[026]   reason CDATA #IMPLIED
[027]   location CDATA #IMPLIED
[028]   alias CDATA #IMPLIED
[029]   image CDATA #IMPLIED
[030] >

The ml:signature element behaves the same as the ml:textbox element, but with following specific attributes:

[001] 
[002]   alias CDATA #IMPLIED
[003]   image CDATA #IMPLIED
[004]   location CDATA #IMPLIED
[005]   name CDATA #IMPLIED
[006]   reason CDATA #IMPLIED
[007]   visible CDATA #IMPLIED

Below only the attributes are defined which are specific for the <ml:signature> element. For the other attributes please consult the DTDGuide document.

Attribute: alias

Value:

<name>

Initial:

an empty name

Required:

Yes

Description:

The alias attribute defines which alias name to use to locate the corresponding private key and certificate(s) in the keystore as defined in the configuration file (config.xml).

  • If this attribute is not defined the first alias as defined in the keystore is used.

Attribute: image

Value:

<name>

Initial:

an empty name

Required:

Yes

Description:

The image attribute defines if an image should be part of the visible signature.

Attribute: visible

Value:

on | off

Initial:

on

Required:

Yes

Description:

The visible attribute defines whether or not the signed document should bear a visible signature on the page.

Attribute: name

Value:

<value>

Initial:

an empty name

Required:

Yes

Description:

The name attribute defines the value of the /Name key in the internal /Sig object of the PDF document.

Attribute: reason

Value:

<value>

Initial:

an empty value

Required:

Yes

Description:

The reason attribute defines the value of the /REason key in the internal /Sig object of the PDF document.

Attribute: location

Value:

<value>

Initial:

an empty value

Required:

Yes

Description:

The location attribute defines the value of the /Location key in the internal /Sig object of the PDF document.

Examples

Visible signature (text only)

Following example generate visible signature with only text:

[001] 
[002] <ml:signature text-align="left" 
[003]               text-valign="top" 
[004]               font-size="12pt"
[005] >
[006]   <ml:inline font-weight="bold">Mr. John Smith</ml:inline>
[007]   <ml:break/>
[008]   <ml:inline font-style="italic">(President & Chief Executive 
        Officer)</ml:inline>				
[010] />					
[011] 					

Copyright © 2001 - 2012. All rights reserved. XMLMill and XMLMill logo are trademarks of Pecunia Data Systems, bvba.
Powered by Apache CocoonPowered by XMLMill