From: Fulano Diego Perez <fulanoperez@cryptolab.net>
To: submit@bugs.debian.org
Subject: writer export to PDF/PDF A/1A sign and/or timestamp
Date: Tue, 12 Jan 2016 02:44:58 +1100

Package: libreoffice
Version: 1:5.0.4~rc2-2
Severity: normal

i would like to make a couple of proposals

currently, this seems to work when exporting from writer:

* PDF and PDF A/1a
* CA cert signed signature
* timestamped with non http[s] AUTH based timestamp server

this produces a PDF:

sha1 hashed
document restrictions summary, not allowed:

        changing the document
        document assembly

i can't get a PDF A/1a timestamped with one which requires http[s] AUTH

does writer support AUTH to enter credentials over http[s]?

signing just with a CA valid cert does work to a non PDF A/1a, but
opening the PDF in a windows acrobat or reader shows a modification
warning after signing




suggest some things need to be looked into in terms of:

when signing/timestamping within Acrobat, and locking the document,
causes the following restrictions _in addition_ to above:

        commenting
        filling of form fields
        signing of form fields
        creation of template pages

once a PDF is signed, there should be an option to enable/disable future
signing

once it's timestamped, no further changes should be allowed, it should
be 'locked' similarly to how Acrobat changes restrictions

no idea what is/is not possible in terms of doing this outside of
Acrobat but an sha256 hashed doc should be considered do-able (default
in Acrobat with recent updates)