On Thu, Aug 6, 2015 at 12:39 PM, Carlos E. R.
And you as the creator of this document shouldn't send one that isn't editable, and is digital signed in such a way that at least it's provable that the document has been altered since it was signed. So if some company asks for a PDF with a handwritten signature, you should still digital sign it with at least your own self-signed cert, to encrypt it, prevent it from being edited, and thus able to prove whether it's been modified since signing.
Ah. Didn't think of that.
How would you create such a signature in Linux? :-?
I've been too lazy to try to figure it out. I've used self-signed certificates generated in Acrobat to do this. The document is not encrypted, but it is hashed, the hash is signed, and the signed hash and public key go into the PDF. So at the other end they can confirm/deny if it's been tampered with since signing. It doesn't conclusively prove I signed it though, since it's self-signed. Of course, there's some chance it's intercepted. Modified. And then resigned with a faked self-signed key in my name. And sent from an account with a spoofed email address. So, it's like - next to b.s. I think the recipient would need a policy that requires DMARC/DKIM emails from source to accept such PDFs, and then archive the entire email original source. But really we need a better way to do this with verifiable keys rather than self-signed.
You can also disallow printing and copying of such a PDF (within the limits of software honoring this policy, obviously the fact it's being displayed at all means anyone could do an end run around the no printing policy).
Why? They may have need to print in order to file in paper. :-?
Just to hassle them for having asked for a digital document only to (try and) print it out at their end. You know, mind game. "Oh you were planning on printing a paper copy on your end? Huh, that's weird. OK fine I'll send another PDF you can print." And then at least I know I'm dealing with a crackpot, with email record of the clueless. The thing is, I've never been asked. So these PDFs just seem to vanish into the digital equivalent of paper filing cabinets where documents are buried. Until there's a lawsuit no one cares I think. But honestly if they're that antiquated they want to print a PDF on paper, why not just ask for a fax in the first place? (I haven't been asked for a fax in ~2 years in my business, and it's was probably 1-2 years before that for the time before. I always get a chuckle when it happens though. "Yes, here is the fig leaf...") -- Chris Murphy -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org