Since 2014 in the European Union there is a regulation for digital signatures called eIDAS for legally binding electronic signatures. This regulation is fulfilled by PaDES (for PDFs), CaDES (for CMS advanced electronic signature), and XaDES (XML avanced electronic signatures). Theoretically, that means that those standards fulfill the requirements of eIDAS for secure and legally valid digital and electronic document signatures. Implementations happened partially by eGovernment for example in Austria based on proprietary software solutions and X.509 based certificate authorities. However, for the web-of-trust of gpg it seems there is not yet any open-source tools available that are up-to-date or even usable. Some open-source tools would be needed to apply digital signatures and time stamps and so on to PDFs complying to the most recent PaDEs standard for applying digital signatures to PDFs. If such tools would be available, legally valid traffic of documents and legally valid mechanisms of making rock-proof contracts with open-source web-of-trust based software would be a fact then.

LibreOffice claims to support digital signatures on ODFs and PDFs, however if you want to manage certificates even that seems not to be implemented (at least on my version that came with Debian stretch). Therefore, also digital signatures don't work with LibreOffice.

I found also no other Debian tools that seem to only slightly relate to the topic. Is there any such tools.

In the internet one can find some Java apps like JSignPDF and JPdfSign which are hopelessly outdated. That seems to be all. I think such tools for PaDEs compliant digital signatures are desperately needed...

Writing the software is easy. Getting it certified is expensive.

Dear smallpond!

As long as you provide a PaDEs-compliant valid PDF-file it should not matter, which software produces the signature. No one also worries about whether LibreOffice has the license to produce PDFs, still i produce all my PDFs with LibreOffice...

Thus the question seems according to my opinion not about licenses. As far as i know PaDEs is also an open standard and what counts is whether a PDF you supply is conforming to the standards (let us say you want to go to court and prove that your PDF is time-stamped digitally signed with a X.509 certificate aso. and can be used as a legally signed document...)

I suspect that organisations that need eIDAS use commercial software, like SecureBlackbox and TBS Internet.

As far as i know, there is legally a difference between >>electronic signature<< and >>digital signature<<. According to that eIDAS even such a thing like a stamp showing a signature generated with a computer pen stored in a stamp in the PDF could be considered as legally valid. Digital signatures as employed in software security fulfills for sure the security criteria of such electronic signatures. In the case of PaDEs standard that is just an extension to the PDF file format for adding capabilities for advanced >>electronic signature<< to PDFs as is CADes for CMS and XaDEs for XML.

I am from Austria and our eGovernment is in a very poor status. For example it is allowed to digitally sign PDF documents with some software called PDF Over provided by A-Trust company which holds the signature keys for our Austrian handy signature system. But on the other side, government offices deny to receive E-Mails with digitally signed documents. So, it seems like there is no way to enforce the validity/usability of a document for government purposes although by handy signature it should be like that. For some reason, by law, that A-Trust company fulfills criteria for physically tamper-proof storage of the private keys for the Handy signatures, but it seems to use itself X.509 certificates. Thus verification of such handy signature with let us say Adobe Acrobat is no problem. But signing a PDF document is bound to the concrete mechanism that is used for the handy signature. But according to PaDEs standard one can design software, that includes in the PDF file all time stamps, digital signatures, ... such that you have one completely legal document, that would be able to stand in court.

As far as i know gpg has also some clearsign function which however is very basic and maybe can only be applied in a legally valid way by cryptography professionals.

LibreOffice claims to support digitally signing capabilities, but my Debian stretch version seems to not have implemented that feature. There is a dialogue for managing certificates, but it is not showing anything. It wants to use the certificate store of Thunderbird and seems to point to the correct location but still it does not load any certificates and the whole set of dialogues does therefore not allow for applying digital signatures neither for ODTs nor for PDFs.

To have legally admissible digital signatures requires some certificate authority to issue certs and verify the signatures. Ring of trust means nothing to a court of law, because there are so many people involved.

The law according to eIDAS regulation of the European union distinguishes between <<electronic signature>>, <<advanced electronic signature>> and <<qualified electronic signature>>. electronic signature can be any copied hand signature that is pasted in a document like it is often done in serial letters, still such signature can be legally valid these days. Advanced electronic signature uses digital signatures whether they be from the web of trust or the X.509 certified type of signature. In both cases this can also be legally employed on documents. Qualified electronic signature means that the secret key is stored in a tamper-proof way such that it is sure that its secrecy is not spoiled by its owner and therefore the signature made invalid. Therefore there is a concept called Secure Storage Unit for private keys and that is also why those keys cannot be extracted from the tamper-proof devices.

PaDEs implements Advanced Electronic signatures according to eIDAS EU regulation. Therefore the web of trust is not at a disadvantage here. If let us say you get the pope or the American president to sign your private key with their GPG key, then this would provide enough credibility, wouldn't it? As you might know church law is always invocable for everyone as a last resort for final decision-making. In this way the web-of-trust possesses very well a legal status and applicability and in the case the pope would sign your key, you would be pretty well off, because the pope is infallible...

I found also an OpenSource Java implementation of PaDEs which was designed and implemented in a spinoff enterprise of the Technical University of Graz in Austria, called PDF-AS 4.1.1 . It claims to fully support PaDEs standard. It takes for signature generation PKCS12 files, Java keystore, MOA-SS and BKU (Bürgerkartenumgebung) which uses card readers for reading from our Austrian e-card (health insurance card) the private key. I have read that PKCS12 files are not a secure way for transporting private keys.

I think the whole problem in all this signature issues is that sometime any high security key has to be <<spoiled>> simply by using it and entering your passphrase into your computer keyboard (or simply when you want to generate a pkcs12 file or a certificate with CACert by using openssl for conversion). However one turns and twists it, the bottle neck and biggest security risk is always the owner of the key. But that is also being taken care of in the web of trust, since every signature on a key can also be withdrawn as far as i know. Also, the web of trust allows certain legal choice under what conditions your signature on a key is provided. If that cause gets invalid, by legal reasons your signature on a key might also be invalidated. The people who designed the web-of-trust protocol had a big scope in their mind for the protocols of gpg and pgp.

We struggled with this problem in a particular scenario - where eIDAS smart-cards (certified as required for advanced digital signatures, i.e., where a special secure device is required) needed to be accessible 24x7 (within a secure environment, .... all auditable).

We have extended JSignPdf to support external signing devices, which are available via a simple TCP proxy. That way, the computer with JSignPdf doesn't need to have any certificates or keys or hardware drivers. When a signature is requested, it is re-directed via our FoxyProxy to the actual signing device.

Some more information is at (google "CloudFoxy"). We are now actually trying to figure out if there's any demand for this kind of signatures - e.g. smartcards issued by loocal eIDAS providers, with PGP dongles like Yubikey NEO (with email SSL certificates trusted out of the box), etc.

This is an interesting thread and topic. Thanks Thomas. I have no answer, but I am interested in looking at the development of this thread and other people's answers.

Ofcourse, in the GNU/Linux world, if "something" does not exist, you can always create it, if you have the knowledge to do that. Perhaps this topic has not caught the interest of someone who could make something like what you want, or perhaps it exists.

You seem to know quite alot about this eIDAS topic. Regulations and law knowledge matched up with programming knowledge (and also interest) might be quite a rare thing.

there is an open source java library for all the eidas signature formats. it can sign and validate all forms od *AdES. It pasess conformity tests.

https://github.com/esig/dss/blob/master/README.md

Java? Ooh no! Can it not be run in a different way?

I think threadstarter said something about open standards, which would certainly make it possible to make in c++, qt, gtk, or plasma.

I think below is a good website to understand the signature situation.
https://ec.europa.eu/cefdigital/wiki...TAL/eSignature

I think that there is still a lot of work to be done in terms to explain to people what is cryptography actually and what do cryptographers do. Already in the history of antiquity simple ciphers were used and magicians and priests were reading secrets out of (sacrificial) animals intestines for their emperors or king. Exactly on that line the whole science of cryptography started. Nowadays through the blockchain concept cryptography got a little bit of attention in the public. Yet the main concept still remains obscure. We have on one side Jesus in the bible who tells us "things talked secretly in the chamber of the king will be known by everyone", on the other side we have traditions of spying in other countries, cities,... almost as old as mankind itself. Already Sun Tsu in his art of war, a famous classic of military literature explains the necessity of driving every military organisation also with spies, who act secretly and behave in other countries as if they were natives from there, while they still act in their own countries mission. On exactly the same line stage magic is working. A magician on the stage tricks people into believing what they see to be miracles or true magic, whereas the truth is that he uses secret codes to communicate things to his associates/assistant. So what is the purpose of a stage magician? Is it only entertaining people? Or is he a kind of pontifex, who opens doors for people to pass through safely - i.e. some kind of priest magician like Simon the Mage or others? Considering that fact, the issue at stake is not only about modern 4096 bit RSA keys or any other standard developed in the last decades. It is MAINLY about older and simpler codes, which started the information age like masonic codes, kabbalah, tao yoga, administrational tables, forms of empires... that is still the foundation for the large majority of human societies. The simpler the code, the more reasonable the purpose for which it is employed. The idea of opting completely for high encryption standards is in a way killing itself. If let us say your 256 bit DES key is giving someone the option to target a message at you, it would mean that 256 bits are necessary to address you??? We are 8 billion people in the world. For now that number fits easily into 34 bits and everyone has a unique adress or account number. So why are we still sticking with the question whether computers can break a cipher or not? That is a philosophical question. Is it a collective mental disease that we all have fallen to?