[HN Gopher] Sign a PDF document client-side with no data leaving...
___________________________________________________________________
Sign a PDF document client-side with no data leaving the computer
Author : tlarkworthy
Score : 84 points
Date : 2021-05-31 13:51 UTC (9 hours ago)
(HTM) web link (observablehq.com)
(TXT) w3m dump (observablehq.com)
| lopatin wrote:
| FYI for anyone on a Mac: The Preview App has a feature to sign
| any PDF or image using your trackpad.
| Wowfunhappy wrote:
| And if you don't have a trackpad, it instructs you to sign a
| blank piece of paper and hold it up to the webcam!
| joppy wrote:
| Which usually turns out a lot better - I tried signing on a
| trackpad but it looked like a preschooler signing their name
| :P
| mtmail wrote:
| https://seedlegals.com/ asked me to use my mouse for an
| online signature. In their FAQ they say I can't upload an
| existing one, quote "This is for security reasons, so that
| we know it is really you signing. [...], you might find it
| easier to perfect that sign on your phone / tablet with a
| touchscreen." I borrowed an iPad+Pencil from a friend and
| signed it with the pen, that kind of worked.
| joppy wrote:
| Yeah, tablet and stylus is one of the best solutions for
| this. Even finger-on-iPhone is pretty janky-looking.
| [deleted]
| Wowfunhappy wrote:
| This is going to sound really weird, but I was able to
| create a decent trackpad signature once I got into the
| right mental state.
|
| I held my pointer finger between my thumb and middle
| finger, and made myself really think of it as a pencil. I
| looked down at the trackpad as I wrote (rather than at the
| screen), and tried to visualize the trail it would leave on
| the surface.
| joppy wrote:
| That does sound super weird but I can see how it would
| work! I'd probably still prefer a stylus though :P
| tlarkworthy wrote:
| I wish I had known that!
| divbzero wrote:
| Another useful trick is opening Preview's thumbnails sidebar
| to edit PDFs. You can command-delete to remove PDF pages, and
| drag-and-drop to reorder or copy pages between different
| PDFs.
| sp332 wrote:
| I've seen people complain that Preview can be inaccurate and
| shouldn't be trusted for important legal documents (like the
| ones you might want to sign).
| https://mobile.twitter.com/sunshowers6/status/13930051073739...
| Anyone else have experience with this?
| traceroute66 wrote:
| Preview shouldn't be trusted for legal documents ?
|
| I would call that Apple bashing nonsense.
|
| Mac, Windows, Linux, BSD ... if you're going to go signing
| legal documents (a) with a self-signed certificate (b)
| without an independently traceable timestamp .... then
| frankly don't expect it to hold up for long in a law court.
| sp332 wrote:
| How is "the wrong checkbox being selected" related to
| certificates and timestamps?
|
| And the signatures we're taking about are an image of a
| signature, not a cryptographic one.
| traceroute66 wrote:
| How do we know "the wrong checkbox being selected" was a
| Preview problem and not something to do with non-standard
| PDF construction ?
|
| Also, I don't know about you, but AFAIK pretty much all
| software these days (whether closed-source or open) comes
| with a great big disclaimer attached effectively saying
| "you're on your own" if the software functions in an
| unexpected manner.
| jokethrowaway wrote:
| That depends on how the file is delivered. Drawing your
| signature is not even needed.
|
| That said, most of the times I need a signature is some
| bureaucratic useless form and the signature is just a pro-
| forma - and you can be sure if I don't have a signature
| (and maybe if I didn't pass my form through a filter to
| make it look like it was scanned) some government employee
| in some office will reject my form and I'll have to do
| another one and fork out even more money.
| ezfe wrote:
| Any document that's just text or a scan won't have an issue.
| Preview (and many others!) can have some problems with
| complex fancy fillable forms (such as tax forms).
|
| I've never seen an instance where it wasn't immediately
| obvious whether there was a problem though.
| doomrobo wrote:
| Yes I've had a large number of issues around annotations in
| Preview. I use PDFExpert for annotations now
| [deleted]
| unfocused wrote:
| I worked in this space and personally digitally signed
| hundreds of documents, using Entrust and FoxIT (Adobe Pro
| could be used too).
|
| I've found sometimes that Preview mangles some PDFs created
| in Adobe. In addition, there are many cases FoxIT
| (PhantomePDF) also mangles or can't even open PDFs that are
| *complex in nature that were created in Adobe Pro.
|
| To be fair, I just signed some bank documents, and it was all
| inside their system and it just consisted of me checking a
| checkbox. It was their system, so it was considered a
| signature, since I logged into their system first.
|
| Once you get into power usage, such as redaction in the legal
| world, Adobe is the only product that doesn't have bugs. I've
| tried. It's a sad state of affairs, but yeah that's the
| world.
|
| *And by complex, I mean 1GB pdfs with 1000s in pages that
| have Adobe's embedded audio/video as well as scanned
| handwritten notes and photos., not 1 or 2 simple pages.
| the_arun wrote:
| I think e-signatures with strong auth will make it valid. Not
| sure signing a doc on preview will make it legal. I mean,
| could anyone sign my sign using preview and get the contract
| done? Who ensures the signature belongs to me?
| joppy wrote:
| During my time I spent in the USA (I'm from Australia), I
| was very surprised at the way money and transactions
| worked. This was 2014/2015 - in Aus pretty much every
| consumer bank already had paywave (or whatever compatible
| technology) cards, which either paywave or also ask you for
| a PIN if the transaction is large, and here I was in the
| USA being asked to swipe my card and sign for things.
|
| In small transactions (say, less than $100), no-one really
| cared - I would scribble my signature on a docket, no-one
| would double-check it with my card, everyone went on their
| way. Signatures were required but not respected or checked.
| In large transactions (I bought a MacBook, for example),
| the staff could not care less about my card or the
| signature scrawled on the back, but they would only take my
| money after I could produce some photo ID (a passport in my
| case) showing that the name on the card correlated to my
| face. In this case signatures were technically required but
| totally ignored because they're easily forgeable. (A fact
| I've always been bemused by is that the signature is on the
| card - if you drop your card or something the signature is
| right there).
|
| End of long story - how valid are "just signatures"
| legally? As someone with zero legal experience (clearly
| qualified to comment) I feel like other evidence showing
| that someone received and signed the document would be much
| more valid than just "the signature" by itself.
| maxerickson wrote:
| The signature pretty much only gets checked if it is
| contested. As much as anything, the act of signing is a
| demonstration of intent (and in cases of fraud, it's a
| demonstration of fraudulent intent...). It's not really
| authentication.
| cj wrote:
| I used to have issues, but the simple fix is this:
|
| Instead of simply saving the signed PDF in preview and
| sending it out, export the PDF as another PDF (there's an
| option to do that in the File dropdown).
|
| I've found that doing that fixes all comparability issues
| (based on signing 5-10 docs a week).
|
| Edit: Before someone tells me I should be using Acrobat, I
| know, but for some reason it runs painful slow on the new
| Apple M1's.
| divbzero wrote:
| Yes, re-exporting to another PDF works reliably and also
| ensures you don't leave anything editable if you've used
| text fields.
| [deleted]
| s09dfhks wrote:
| you can also sign a piece of paper and hold it up to the
| webcam!
| bengale wrote:
| I'm almost sure you can select to sign on your iPad or iPhone
| too and it brings up a little drawing box on them.
| sethhochberg wrote:
| FYI, you can also use this family of features to scan
| entire documents: https://support.apple.com/en-us/HT209037
|
| They call it "Continuity Camera", and it is probably my
| single favorite little feature in the Apple ecosystem.
| Nothing revolutionary, but just something simple done
| really well - and when you need it, you really need it.
| andylynch wrote:
| You can. I did this the other day and it's great
| izacus wrote:
| Preview can't apply proper PDF signature though - while Adobe
| Acrobat Reader (the free one) can. Many countries can issue a
| digital certificate that can be used with these documents to
| make them legally and properly signed.
| IshKebab wrote:
| Many countries? Really? I have literally never seen anyone
| ever use any cryptograph signature features of PDF.
| wtf_is_up wrote:
| It's pretty common in DoD space to sign PDFs using CAC
| (Common Access Card) PKI certs.
| jokethrowaway wrote:
| That's interesting, haven't heard of countries using pdf
| digital certificates. I've heard a few countries implemented
| certified email: anything in a certified email is considered
| a legal document (including a plain pdf)
| divbzero wrote:
| The Preview app is one of the gems of macOS and a major reason
| I've stuck with Apple computers.
| jokethrowaway wrote:
| I say the same about KDE's counterpart, Okular (and tons of
| others, Kate, klipper, kolourpaint) truly great software.
| marianov wrote:
| I thought this was about adding a digital signature with an x509
| certificate, which has been a PITA for ages because of the PDF
| standard, plus browsers isolation from certificate stores, let
| alone hardware devices.
| gspr wrote:
| You can also do it locally outside the browser with well-
| established tools like pdftk:
| https://stackoverflow.com/questions/20531079/adding-an-image...
| patrakov wrote:
| The linked answer only adds an image, not a proper digital
| signature. But you can use
| https://sourceforge.net/projects/jsignpdf/
| gspr wrote:
| So does the article we're discussing, no?
| terramex wrote:
| It looks like a useful service but in case you didn't know: you
| can do this locally on macOS using Preview. Click on
| Tools->Annotate->Signature and add your own signature. You can
| even write it down on paper, put in front of webcam and it will
| recognise it and turn it to black & white. Very useful for
| filling out different forms.
| CyberDildonics wrote:
| This title does not make sense.
| maqp wrote:
| If I'm reading this right it's in-browser JS signing software.
| The author makes the claim that native software is hard to audit,
| but neglects the much bigger problem of having to verify the JS
| downloaded on-demand for every session. What you are served is
| not guaranteed to be the same as what's hosted on GitHub.
|
| Tony Arcieri explains the issues more broadly here
| https://tonyarcieri.com/whats-wrong-with-webcrypto
|
| Also, Nadim Kobeissi formalized it wrt Protonmail a while ago:
| https://eprint.iacr.org/2018/1121.pdf
| tlarkworthy wrote:
| In the case of sensitive pdfs, it's enough to check you network
| is not inexplicably in use, and I explain how to do a network
| audit in the notebook (yay literate programming). BTW this is
| "sign" as in overlay an image of your physical signature, not
| certify with a digital signature.
| honzajde wrote:
| What if there is an iframe in the page, then I don't think
| you will see anything in network logs in devtools...
| rubyfan wrote:
| That's what most want when they think of signing a document.
| There's all sorts of technical stuff relative to PDF Signing
| (cryptographic) and why it matters but most people that want
| signed documents want to be able to say the user was
| presented with this document and signed it. Most also fail to
| understand the technical mechanisms that are important to be
| able to defend that a user saw what you wanted them to see
| and then signed it. It'd be easy to argue that the other
| party showed you another document, got your signature and
| then overlaid it onto a new document. That's the issue with
| many open source signing schemes, they aren't provable
| because few if any implement both cryptographic signing and
| signature overlay.
| skinkestek wrote:
| These days with service workers and what not you might need
| more than a quick glance at the network log if you suspect the
| web page is malicious.
|
| Even for non-malicious sites this can be a problem.
|
| I think a notable case of the second category is jwt.io which
| last I checked definitely seemed to fire a few network requests
| after I pasted a token.
|
| (Happy to be corrected if this is obviously false or has been
| corrected later.)
|
| That said I couldn't see my token in one of them but it is
| scary enough to make me avoid using that site.
|
| BTW, I think their statement/claim
|
| > "Warning: JWTs are credentials, which can grant access to
| resources. Be careful where you paste them! We do not record
| tokens, all validation and debugging is done on the client
| side."
|
| is correct, it's just to scary for me to put client credentials
| there at all when it isn't trivially east to prove that they
| aren't uploaded.
| zulln wrote:
| > I think a notable case of the second category is jwt.io
| which last I checked definitely seemed to fire a few network
| requests after I pasted a token.
|
| They do make request to https://b.6sc.co/ all the time,
| regardless of you pasting stuff or just having it as an idle
| tab. Seems to be some kind of analytics that just tracks your
| time on the page and if you are active or not. With that
| said, I just fired up a proxy now when you mentioned it, have
| not actually properly investigated it.
| eitland wrote:
| My guess it is just analytics, but as recent events have
| shown they are then one misconfiguration away from sending
| _highly_ sensitive data to Facebook or someone else.
| bachmeier wrote:
| A couple ways I have done this locally:
|
| (Linux) Load the PDF in xournal, click on > Tools > Image. Select
| a jpeg holding my signature. Change the dimensions and drag the
| signature around as needed. Note that you then have to export to
| PDF rather than saving it.
|
| (Android) Using the OneDrive app. There's a signature option in
| the annotate menu.
| nestorD wrote:
| I am very happy with Xournal++ (which can also be used to add
| text to the pdf in order to fill a form for example).
| andy0x2a wrote:
| The claim of only using software that has source code available
| to audit never made sense to me.
|
| Does he go through every single line of code on every single
| application he uses to ensure privacy? Does this mean he is an
| expert in the Linux kernel? And chromium, and sendmail...
|
| Like I get it's great that these are open source, but it's really
| not realistic for someone to audit every single line of code in
| every software to be guaranteed that nothing nefarious happens.
| If a bad actor wanted to hide an RPC request, they wouldn't label
| it as _sendUserDataToServer(), so it would require quite a good
| understanding of the call stack on the functions you are looking
| at.
|
| Just look at the Linux kernel, it's auditable but recently it
| came to light that a university had submitted nefarious code to
| it. Presumably that code passed code reviews, static analysis,
| and some sort of testing? Yet it still made it in. It's just not
| feasible to have 100% confidence that third party software is
| ensuring your privacy.
| tlarkworthy wrote:
| By exposing your source publically it only requires one person
| to check to provide herd immunity. It's game theoretically
| superior to providing source code for one off audits on
| request.
| Mordisquitos wrote:
| >Just look at the Linux kernel, it's auditable but recently it
| came to light that a university had submitted nefarious code to
| it.
|
| ...and it came to light _because it is auditable_. Short of
| rejecting digitalisation and returning to monke, is there
| anything better in terms of trust and security than using open
| source software?
| fsflover wrote:
| > but it's really not realistic for someone to audit every
| single line of code in every software to be guaranteed that
| nothing nefarious happens.
|
| This is missing the point. Having the source code _decreases
| the chance_ of having malicious software by allowing random
| people to read the code. Anyone can raise alarm if they see
| anything suspicious and it 's easy to check such claims.
| prepend wrote:
| My understanding is that it doesn't answer all the risks you
| call out, it's just that it is lower than the same risks and
| more for proprietary, non-OSS software.
|
| If components are OSS then I have an easier time auditing. And
| perhaps I audit one section, and trusted people audit other
| sections and we can all run a trivial verification program.
|
| Again, it's not perfect, it's just better. And it at least has
| the conditions for perfect review, while other methods do not.
| MaxBarraclough wrote:
| To mirror fsflover's comment:
|
| > Does he go through every single line of code on every single
| application he uses to ensure privacy? Does this mean he is an
| expert in the Linux kernel? And chromium, and sendmail...
|
| You're misunderstanding it. _You_ don 't need to go over every
| line to benefit from the source being available. It's very rare
| for bad actors to publish outright malicious source code and
| just hope no one spots it. People who want to release malware
| just about always insist that you cannot inspect the source
| code.
|
| Of course, it's possible to release good source code and also
| introduce malware into the official binaries, lying about it
| corresponding to the published source, but that's another
| matter.
|
| > It's just not feasible to have 100% confidence that third
| party software is ensuring your privacy.
|
| It's rare to aim for absolute perfection and absolute
| guaranteed trustworthiness. Insisting on Free and Open Source
| software is a pretty effective means of avoiding many forms of
| malware.
| fsflover wrote:
| > Of course, it's possible to release good source-code and
| also introduce malware into the official binaries
|
| Which is solved by reproducible builds.
| MaxBarraclough wrote:
| Right, or source-based distribution of packages.
| windsurfer wrote:
| A free account on Adobe Acrobat online can sign PDFs, you don't
| need to have any kind of subscription. I'm not sure why the
| author felt they needed to subscribe if they were just signing
| PDFs. https://documentcloud.adobe.com
| tlarkworthy wrote:
| That's a network service (I don't want Adobe reading my
| financial docs) and also was not around when they ripped me off
| in 2018.
| bachmeier wrote:
| I know there's a tendency to trust Adobe because they're a
| large company, but how do you know what they're doing with your
| data? How do you know what they'll do with it at any time in
| the future? Is the other party okay with giving them your data?
| What if they decide to sell your data in the future?
|
| Sure, you could presumably try to get to the bottom of this,
| but it's easier to just use a local option.
| smnrchrds wrote:
| I first read it as that too. But upon more careful reading, I
| understood what he meant is that since Adobe has bad
| subscription practices, he doesn't want to use any Adobe
| products, even free ones. This type of signing (image signature
| as opposed to cryptographic signature) is supported in free
| Adobe Reader software too, on all platforms, including Android.
| Haemm0r wrote:
| For me the title was misleading: Reading the title I tought that
| the article was about digitally signing documents (with your keys
| not your signature) :D
| thouitsme wrote:
| Yeah, I clicked expecting the same
| cupcake-unicorn wrote:
| can anyone recommend a linux desktop app that does this? I've run
| into the same issue as the author. I got a lifetime for the great
| app https://markuphero.com but they haven't added saved
| signatures yet - I just write with my pen. Also although I trust
| them reasonably it would be nice to have something local.
| scrollaway wrote:
| It's neither free nor open source, and I really wish it were,
| but I can very, very strongly recommend Master PDF Editor.
| https://code-industry.net/masterpdfeditor/
|
| It's a very simple but full-featured PDF editor. Makes working
| with PDF _pleasant_. I didn 't think it would even be possible.
| Inserting an image is Ctrl+I.
| nestorD wrote:
| As said in another comment, I am very happy with Xournal++. It
| let you add pictures (I draw my signature once in Photopea and
| saved the file) and text (useful to fill forms).
___________________________________________________________________
(page generated 2021-05-31 23:01 UTC)