Session
FOSDEM Schedule 2021
Safety and Open Source

Document security and digital signatures in PDF

D.safety
Matthias Valvekens
<p>The push for paperless bureaucracy has been going on for quite some time, but the circumstances of the past year made the issue even more pressing than it already was.</p> <p>The PDF specification outlines a number of security features, including but not limited to encryption, digital signatures and redaction support. The goal of this talk is to give a broad overview of the various security mechanisms provided by the PDF standard and their applications in the real world, with a particular focus on digital signing.</p>

The push for paperless bureaucracy has been going on for quite some time, but the circumstances of the past year made the issue even more pressing than it already was.

PDF has played---and continues to play---an important role in this digitalisation process. This is in large part due to the format's reputation for robust, platform-independent rendering, but its easy-to-use, natively supported security features are another key selling point. PDF documents can be encrypted using AES or public-key encryption to keep their contents away from prying eyes, and the PDF specification also includes native support for redacting documents before public release. Last but not least, electronic PDF signatures as a replacement for old-school "wet ink" signatures have been a major factor in moving towards paperless workflows for companies and governments alike.

Document security is a complicated and broad subject, with many different facets that often conflict with one another. In particular, developers of workflows handling sensitive documents regularly face tough judgment calls weighing security requirements against ease of use. The security features in the PDF specification provide a standard framework to respond to these needs. In this talk, we'll discuss how you can leverage PDF to build secure, yet user-friendly document workflows. In the context of digital signing, we'll go over what it means to "trust" a digital signature, and how that trust is validated in practice. In addition, the talk wil touch upon some of the common pitfalls in PDF security that you should be aware of to prevent your documents from being exploited.

Additional information

Type devroom

More sessions

2/6/21
Network monitoring, discovery and inventory
Stephan Schmidt
D.network
<p>A brief introduction to the room and to the sessions.</p>
2/6/21
Hardware-Aided Trusted Computing
Jo Van Bulck
D.hardware.trusted
<p>A brief introduction to the room and to the sessions.</p>
2/6/21
MariaDB
Ian Gilfillan
D.mariadb
<p>A brief introduction and overview of what you can expect from the MariaDB devroom at FOSDEM</p>
2/6/21
Microkernel
Martin Děcký
D.microkernel
<p>Welcome talk and introduction to the Microkernel Devroom at FOSDEM 2021.</p>
2/6/21
Testing and Automation
D.testing
<p>A warm welcome from your devroom managers, practical information, lineup and administrivia. Let's make this edition of FOSDEM count!</p> <p>Happy Testing!</p>
2/6/21
Perl and Raku Programming
D.perl
<p>A brief introduction to the 2021 virtual FOSDEM devroom, talk overview, code of conduct and Community Affairs Team</p>
2/6/21
Open Research Tools and Technologies
Albert Yumol
D.research
<p>As technology advances, so as our maps. In this talk, we will explore the ever growing open map data that can help us understand, validate, and explore socio-economic indicators with the aid of network theory and machine learning techniques.</p>