I would like to generate a certificate(self-signed at the moment) for an encrypted PDF on the server. What is interesting to me is the workflow on how to to that with TCPDF.
What I did:
1) Generate keys:
openssl req -x509 -nodes -days 365000 -newkey rsa:1024
openssl pkcs12 -export -in tcpdf.crt -out tcpdf.p12
2) Then generate the PDF with the .crt
- file
3) Then I started acrobat reader and installed the certificate (tcpdf.p12
). I used Document->security settings -> digital id
4) I could import the security settings but still can't open the PDF. Don't know if I am doing it right? What happens that acrobat reader 9.5.4 opens a dialog with input of a password. I give in the password and an error appears -> unknown error -> CRecipientList-218
5) Code I used (basically the same)
$certificate = 'file://../tcpdf.crt';
$info = array(
'Name' => 'TCPDF',
'Location' => 'Office',
'Reason' => 'Testing TCPDF',
'ContactInfo' => 'http://www.tcpdf.org',
);
$pdf->setSignature($certificate, $certificate, 'tcpdfdemo', '', 2, $info);
$pdf->SetProtection($permissions=array('print', 'copy'), $user_pass='', owner_pass=null, $mode=1, $pubkeys=array(array('c' => 'file://../tcpdf.crt', 'p' => array('print'))));
I combined the following examples:
http://www.tcpdf.org/examples/example_052.phps
http://www.tcpdf.org/examples/example_016.phps
P.S.: I know its a very practical example. Just thought its easier to understand the steps I am doing.
Questions:
Is the workflow in general right on how(!) to approach certificates for a PDF with encryption?
When I generate the
.p12
file I have to give in a password for that file which I used later on when imported the certificate into acrobat. I'm asking because I have also the possibility "on generation" to give the password.If the workflow is right...how do I fix the problem?
The approach is basically correct - but you may have missed some detail in it.
I have been using the certificate in
*.crt
format without the passphrase (including private and public key) and it works fine.Also note, that you must have installed OpenSSL extension in PHP.
See the comments for method
TCPDF::setSignature()
by Nicola Asuni:You dont need to install any certificate into Acrobat Reader - generated PDF documents signed with self-signed certificates simply show up as untrusted, but still they can normally open.
I hope you also took a look at the comments ;) there is a mini how to setup the pdf using provided file
especially:
however, you need to provide setProtection with existing key:
the path you given is just showing where you need to give the path, but the path itself need to be changed
Summary: please read again the comments in the example 016 file, they WILL help to get it working the way you need