Last active
November 29, 2021 14:39
-
-
Save trueroad/2cac47a5d672fd742b1aa451e6708d16 to your computer and use it in GitHub Desktop.
PDF sign scripts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # clean.sh | |
| # Copyright (C) 2020 Masamichi Hosoda. All rights reserved. | |
| # License: BSD-2-Clause | |
| # | |
| # https://gist.github.com/trueroad/2cac47a5d672fd742b1aa451e6708d16 | |
| # | |
| rm -f *~ intermediate.*.pdf offset.*.txt \ | |
| timestamp-req.*.bin timestamp-resp.*.bin \ | |
| to-be-signed.*.bin signed-data.*.p7s signed-timestamped.*.p7s \ | |
| timestamp.*.p7s |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # signpdf-with-timestamp.sh | |
| # Copyright (C) 2020 Masamichi Hosoda. All rights reserved. | |
| # License: BSD-2-Clause | |
| # | |
| # https://gist.github.com/trueroad/2cac47a5d672fd742b1aa451e6708d16 | |
| # | |
| # Require: | |
| # * experiment-pdf-sign-prepare, experiment-pdf-sign-finalize | |
| # * https://gist.github.com/trueroad/0b0a2127aff508caf583265fbef4b644 | |
| # * pkcs7_sign | |
| # * https://gist.github.com/trueroad/8c55674d25be82c15977d9999096e0fb | |
| # * pkcs7_ts_req, ts_resp, merge_sign | |
| # * https://gist.github.com/trueroad/40072532a258b3519c8f6beabe829b0c | |
| # * qpdf (libqpdf-devel), gnutls (libgnutls-devel), curl etc. | |
| # | |
| CONTENTS_SIZE=10240 | |
| SIGN_MD=sha256 | |
| TIMESTAMP_MD=sha256 | |
| TIMESTAMP_SERVER_URL="https://freetsa.org/tsr" | |
| if [ $# -ne 3 ]; then | |
| echo "usage: ./signpdf-with-timestamp.sh INPUT.pdf SIGNED.pdf CERT.p12" | |
| exit 1 | |
| fi | |
| TIME_OF_SIGNING=`date -Iseconds | \ | |
| sed -e "s/\\([0-9]\\+\\)-\\([0-9]\\+\\)-\\([0-9]\\+\\)T\ | |
| \\([0-9]\\+\\):\\([0-9]\\+\\):\\([0-9]\\+\\)\ | |
| \\([+-][0-9]\\+\\):\\([0-9]\\+\\)/\\1\\2\\3\\4\\5\\6\\7'\\8'/g"` | |
| echo | |
| echo "*** preparing ***" | |
| echo | |
| ./experiment-pdf-sign-prepare --input $1 \ | |
| --intermediate intermediate.$$.pdf \ | |
| --to-be-signed to-be-signed.$$.bin \ | |
| --offsetfile offset.$$.txt \ | |
| --time ${TIME_OF_SIGNING} \ | |
| --contents-size ${CONTENTS_SIZE} | |
| if [ $? -ne 0 ]; then | |
| echo | |
| echo "prepare failed" | |
| exit 1 | |
| fi | |
| echo | |
| echo "*** signing ***" | |
| echo | |
| ./pkcs7_sign --md=${SIGN_MD} --time \ | |
| --in to-be-signed.$$.bin --out signed-data.$$.p7s \ | |
| --cert $3 | |
| if [ $? -ne 0 ]; then | |
| echo | |
| echo "sign failed" | |
| exit 1 | |
| fi | |
| # sleep 5 | |
| echo | |
| echo "*** generate time stamp req ***" | |
| echo | |
| ./pkcs7_ts_req ${TIMESTAMP_MD} signed-data.$$.p7s timestamp-req.$$.bin | |
| if [ $? -ne 0 ]; then | |
| echo | |
| echo "pkcs_ts_req failed" | |
| exit 1 | |
| fi | |
| # sleep 5 | |
| echo | |
| echo "*** request time stamp ***" | |
| echo | |
| curl -H "Content-Type: application/timestamp-query" \ | |
| --data-binary @timestamp-req.$$.bin \ | |
| -o timestamp-resp.$$.bin ${TIMESTAMP_SERVER_URL} | |
| if [ $? -ne 0 ]; then | |
| echo | |
| echo "curl failed" | |
| exit 1 | |
| fi | |
| echo | |
| echo "*** parse time stamp resp ***" | |
| echo | |
| ./ts_resp timestamp-req.$$.bin timestamp-resp.$$.bin timestamp.$$.p7s | |
| if [ $? -ne 0 ]; then | |
| echo | |
| echo "ts_resp failed" | |
| exit 1 | |
| fi | |
| echo | |
| echo "*** merging ***" | |
| echo | |
| ./merge_sign signed-data.$$.p7s timestamp.$$.p7s signed-timestamped.$$.p7s | |
| if [ $? -ne 0 ]; then | |
| echo | |
| echo "merge failed" | |
| exit 1 | |
| fi | |
| echo | |
| echo "*** checking size ***" | |
| echo | |
| SIGNED_SIZE=`wc -c < signed-timestamped.$$.p7s` | |
| echo "reserved contents size is ${CONTENTS_SIZE} bytes" | |
| echo "signed size is ${SIGNED_SIZE} bytes" | |
| if [ ${SIGNED_SIZE} -gt ${CONTENTS_SIZE} ]; then | |
| echo | |
| echo "signed size over" | |
| exit 1 | |
| fi | |
| echo | |
| echo "signed size ok" | |
| echo | |
| echo "*** finalizing ***" | |
| echo | |
| ./experiment-pdf-sign-finalize `cat offset.$$.txt` intermediate.$$.pdf \ | |
| signed-timestamped.$$.p7s $2 | |
| if [ $? -ne 0 ]; then | |
| echo | |
| echo "finalize failed" | |
| exit 1 | |
| fi | |
| echo | |
| echo "*** complete ***" | |
| echo |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # signpdf.sh | |
| # Copyright (C) 2020 Masamichi Hosoda. All rights reserved. | |
| # License: BSD-2-Clause | |
| # | |
| # https://gist.github.com/trueroad/2cac47a5d672fd742b1aa451e6708d16 | |
| # | |
| # Require: | |
| # * experiment-pdf-sign-prepare, experiment-pdf-sign-finalize | |
| # * https://gist.github.com/trueroad/0b0a2127aff508caf583265fbef4b644 | |
| # * pkcs7_sign | |
| # * https://gist.github.com/trueroad/8c55674d25be82c15977d9999096e0fb | |
| # * qpdf (libqpdf-devel), gnutls (libgnutls-devel) etc. | |
| # | |
| CONTENTS_SIZE=4096 | |
| SIGN_MD=sha256 | |
| if [ $# -ne 3 ]; then | |
| echo "usage: ./signpdf.sh INPUT.pdf SIGNED.pdf CERT.p12" | |
| exit 1 | |
| fi | |
| TIME_OF_SIGNING=`date -Iseconds | \ | |
| sed -e "s/\\([0-9]\\+\\)-\\([0-9]\\+\\)-\\([0-9]\\+\\)T\ | |
| \\([0-9]\\+\\):\\([0-9]\\+\\):\\([0-9]\\+\\)\ | |
| \\([+-][0-9]\\+\\):\\([0-9]\\+\\)/\\1\\2\\3\\4\\5\\6\\7'\\8'/g"` | |
| echo | |
| echo "*** preparing ***" | |
| echo | |
| ./experiment-pdf-sign-prepare --input $1 \ | |
| --intermediate intermediate.$$.pdf \ | |
| --to-be-signed to-be-signed.$$.bin \ | |
| --offsetfile offset.$$.txt \ | |
| --time ${TIME_OF_SIGNING} \ | |
| --contents-size ${CONTENTS_SIZE} | |
| if [ $? -ne 0 ]; then | |
| echo | |
| echo "prepare failed" | |
| exit 1 | |
| fi | |
| echo | |
| echo "*** signing ***" | |
| echo | |
| ./pkcs7_sign --md=${SIGN_MD} --time \ | |
| --in to-be-signed.$$.bin --out signed-data.$$.p7s \ | |
| --cert $3 | |
| if [ $? -ne 0 ]; then | |
| echo | |
| echo "sign failed" | |
| exit 1 | |
| fi | |
| echo | |
| echo "*** checking size ***" | |
| echo | |
| SIGNED_SIZE=`wc -c < signed-data.$$.p7s` | |
| echo "reserved contents size is ${CONTENTS_SIZE} bytes" | |
| echo "signed size is ${SIGNED_SIZE} bytes" | |
| if [ ${SIGNED_SIZE} -gt ${CONTENTS_SIZE} ]; then | |
| echo | |
| echo "signed size over" | |
| exit 1 | |
| fi | |
| echo | |
| echo "signed size ok" | |
| echo | |
| echo "*** finalizing ***" | |
| echo | |
| ./experiment-pdf-sign-finalize `cat offset.$$.txt` intermediate.$$.pdf \ | |
| signed-data.$$.p7s $2 | |
| if [ $? -ne 0 ]; then | |
| echo | |
| echo "finalize failed" | |
| exit 1 | |
| fi | |
| echo | |
| echo "*** complete ***" | |
| echo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment