Online Signature Licitness for Security in UAE

How to eSign a document: online signature licitness for Security in UAE

good morning everyone so before i introduce myself i'd like to take a moment to thank the organizers of this conference for giving me the opportunity to present some of the stuff that i'm passionate about here at fosdem my name is matthias i work for itex so we're a small but international company and our flagship product is a open source pdf library besides my activities at work i spend a large portion of my free time tinkering with open source software and pdf alike as you will probably see if you take a look at my github page which is linked on the slide the topic that i would like to talk to you about today is about document security and in particular digital signatures in pdf which is reason why i am here at this open source safety dev room so before digging into the main topic for today i should perhaps take a moment to motivate why i care about pdf security and why you should do so in recent years paperless bureaucracy is becoming more and more of a thing uh especially over the course of the last year or so more and more people are being forced to deal with their paperwork remotely whether it's in the context of work or well their personal lives in dealing with government paperwork and so on and well in the absence of actual physical papers to do our stuff with uh electronic paperwork has taken its place in many respects and in this in this context pdf is still the go-to format now why is that there are a couple of reasons for pdf's position in this particular market and perhaps the most significant one is the fact that it's standardized so both the rendering and the file format itself are pretty well delineated once you generate a pdf it's supposed to render the same way in pretty much every device this is obviously a plus when you're dealing with legal documents that should look the same everywhere so people can't like complain about formatting differences securing the meaning of the text and so on so this is definitely the the thing that people think of first when they hear the word pdf the fact that it's a standard also means that there is wide support for it so while adobe's software still is uh the most significant piece of software that people use when dealing with pdfs at least on at the end user level the fact that it's a standard also opened the way for well more public participation in this regard so by now there are tons and tons of libraries that deal with pdf in some form whether it's to generate pdfs or to extract content from them but the position of pdf in this space is definitely well established and part of that or in large part at least is due to the fact that it's an iso standard now the the aspect that i would like to focus on today is perhaps a bit more narrow so i would like to talk about some of the security features of pdf and the reason why that's relevant particularly in this context is because as soon as you start involving bureaucracy being able to audit things and attach a provable record of authority to pdf files is an important thing so that's why most of the talk i will be focusing on digital signatures but before that let me try and discuss briefly what the aspects of pdf security actually involve in this respect so before we can talk about document security as it applies to pdf in particular let's take a step back and set the terms of the discussion so what does it mean for a document to be secure i've listed four aspects of document security here on the slide um so the first one is integrity so that just asks whether the document changed or not it's pretty self-explanatory then there's authenticity which is closely related but not quite the same so authenticity asks for a record of who created the document and in particular also when if that applies then there's secrecy so who can access the document there are plenty of documents that you don't want anyone to be able to access the final aspect of document security is safety so that one asks what the document can actually accomplish or do without the user consenting to it so as you may or may not know the pdf standard has some provisions for embedding javascript into documents and this can be done for legitimate reasons such as form validation or dynamic content maybe but it's also often abused by nefarious actors to well do all sorts of bad things such as submitting form data to endpoints that they themselves control instead of the document author and so on so this is also an important aspect of document security which unfortunately i won't talk about too much today but it's it's important to keep in mind especially in context of the other factors here in the context of the other factors that i've already explained so now how does all of that apply to pdf in particular so pdf has multiple features that support any uh well or support various subsets of these aspects that i just discussed so the first one and most obvious one is pdf encryption so that serves the secrecy aspect of document security as the name pretty much implies then the second aspect which is actually what most of this talk is going to be about is digital signing so that one provides both integrity and authentication then there's timestamping timestamping provides integrity in a slightly different way so while a digital signature can be used to verify that the document that you're seeing was authored by a specific person um a timestamp proves that the document existed at a certain point in time and that it did not change after that and then finally there is reduction so often when governments release previously classified documents they have to redact portions of it to preserve national security or the privacy of the people involved and also for this there is support in the pdf standard okay so enough abstract talk let's go to a more concrete example suppose that two companies say alice and bob and these names obviously weren't chosen by accident have brokered a deal that is worth lots of money to both of them so they want to engage in some form of contract and now the question is how they could go about securing this contract so this is a list of what their requirements might look like so the first one is is they might require secrecy to avoid leaking the terms of their contract of the competition because well that might compromise their position in the market then there is also the aspect of integrity which is extremely important when you engage in a deal of whatever nature with someone so you may we want to make sure that both parties agree to the same terms and you want to avoid giving the opposition the opportunity to insert the language that's convenient to them but not to you and then there is the authenticity aspect where we want to ensure that the parties that actually end up signing the contract are who they claim to be the first aspect that i want to discuss in more detail is encryption in pdf so as the commonly heard mantra says you should never roll your own crypto so as a responsible developer the first question you should ask here is why should i even handle it in pdf there are other more established ways to handle document encryption and some of these actually predate the pdf standard so you might just attach your document to an encrypted email encrypted with openpgp for example that's one way to deal with it you could also use arcane open ssl incantations to encrypt your files on the command line like a real power user so if you know what you're doing this is actually a perfectly acceptable way of yeah encrypting stuff it's just not very user friendly then there are all sorts of end-to-end encrypted messaging systems around today so signal is perhaps the most famous of those and there's protonmail what have you there are lots of these so yeah then why should you use pdf encryption or in what cases in what sort of situation would you want to use pdf encryption so the advantages of pdf encryption are more or less the following uh the most important one is the fact that it's part of the standard that defines pdf so that means that it's in particular natively supported in most pdf viewers which means that if you're catering towards non-technical users that you just have to view or fill out pdfs this is a way to accommodate them quite easily if you use pdf encryption you also know that the data is encrypted both at rest and in transit because well it remains within the file and yeah if you only say encrypt the files in in transit by for example attaching it to an email and then people download the attachment and so on you can't be certain that the data will remain encrypted addressed as well pdf encryption also affords certain flexibilities that you might want to exploit so you have the choice as a document generator between using public key encryption or password-based encryption you can even choose to only encrypt the main content of the document by leaving the metadata unencrypted for indexing purposes if you would want to do that and if you really want to go granular you can even choose that only embedded files are to be encrypted okay so let's discuss some of the concrete encryption features that pdf offers so essentially you can choose between either symmetric encryption or asymmetric encryption in this context by symmetric encryption i mean that you use a shared password to encrypt and decrypt the file which has a very low barrier to entry users understand what passwords are the only restriction is that you have to share the password out of band in some way because obviously you can't just distribute it together with the document itself then you can also opt for asymmetric encryption so you decrypt the you encrypt the file and file the encryption key with the public key of each recipient so under the hood this of course still uses a symmetric encryption but the the key to the cryptofile is encrypted separately for each recipient the disadvantage of this is that of course the initial hurdle to set up could be pki in a way that users understand and can work with is is pretty high but on the other hand it does offer much more flexibility and it's also more secure in a way because you don't need to actually distribute passwords to files in a systematic way so as a developer how would you go about encrypting a document in practice so the example that i'm showing here is of course an example using and what we're going to do here is encrypt a one-page document with aes256 so there is some input file containing just one page that we want to encrypt using aes 256. so the example here is a is it's a bit wordy but i'll take you through it step by step uh the first step involves picking a user and an owner password so you don't need to worry too much about the distinction between these from a cryptographic point of view because the result is the exact same in the sense that both will allow you to decrypt the document however some viewers or at least well viewers should in general behave differently if a document is opened with the user password as opposed to the owner password now from a security perspective this doesn't really matter of course but nevertheless it's something to keep in mind when you actually write encrypted files just so you don't you know get surprised by an api asking for multiple passwords so after picking passwords we also set some usage permissions also for the same reasons you don't need to worry about this too much and then we set up the outputs writer to use aes 256 encryption with the settings that we just defined then we open some input and output streams one for the to actually ingest the input document and one to write the output document with the writer properties that we just set up here and then we copy one page from the input to the output and that's basically it so in the previous slide i demonstrated how you might go about encrypting a file using now itec supports pretty much everything there is to support when it comes to pdf encryption so it's an excellent choice if you're a java programmer or a net programmer but i imagine that that doesn't apply to everyone here in the audience today so i've compiled a short albeit very incomplete list of libraries that offer open source pdf encryption support so if you're a c or c plus plus programmer you might want to rely on new pdf qpdf for popular all of these are very well established within the open source community already they back yeah lots of pdf viewing software used in linux and so on then if you're a python programmer you have multiple choices depending on what you're after so if all you have to do is ingest legacy pdf files encrypted using ancient rc4 encryption and you want a simple library that doesn't have too many bells and whistles you can use by pdf2 it does the job then if you want something slightly more feature-rich you might want to rely on pike pdf which is actually a wrapper for a qpdf and so in particular it also supports everything that you pdf supports and then finally there is by hanko which is a python library that aims to support basically all signing and encryption provisions in the standard so that one is also an option here if you're a javascript programmer then pdf kit is the obvious candidate here or if all you need is a viewer then you might want to use pdf js which is i think mozilla's project then if you're a go programmer finally then one of the libraries that i've run across on the internet is unidoc which is a commercial but nevertheless open source offering that in particular also does encryption now full disclosure if it wasn't obvious already i work for iatex but i'm also the main author of by hanko so i'm not entirely unbiased in this regard so since we're in the open source safety dev room after all this is a topic that we cannot get around so there are situations in which you might not actually want to do your encryption in pdf in the sense that you might not want to use encryption as defined in the pdf standard so the first most obvious reason is that it just increases the development burden so yeah the pdf standard is a very complicated and long document so well if you want to support encryption in the way that's defined in the pdf standard then okay you're going to have to do some work or in practice rely on a pdf library now more say intrinsically one of the other things that is true of pdf encryption is that that it exposes much of the document structure by default so uh for example uh unless you take specific precautions to avoid this the yeah anyone can basically investigate how many pages a document has or whether it contains forms and a number of other things so the content of the document is very much encrypted and if you use a secure cryptosystem it's next to impossible to actually well figure out what's in the document nevertheless some of these more structural aspects can remain exposed if this is a problem for you then you probably don't want to use pdf encryption so then there are also a number of issues with the standard itself so the way the pdf center implements uh encryption the most obvious flaw is that older versions of the standard relied on the very insecure rc4 encryption method um for well all these encryption needs which is a very very bad idea i won't get into why here but suffice to say that you should never use this encryption for new documents only yeah to read legacy stuff basically more damningly um the implementation of aes 256 as it's mandated in the pdf 2.0 standard is actually not temper proof so while it protects the contents of the document from being read by an unscrupulous adversary yeah someone with sufficient knowledge of cryptosystems and the pdf standard could actually inject uh malicious content into uh into the file so it doesn't protect you from that kind of attack by default and relate to that some viewers are actually vulnerable to exfiltration attacks where uh by injecting malicious code into files uh yeah the viewer might leak some of the encrypted content to the attacker so in the end it comes down to the good old security versus convenience straight off is the age old problem in anything security related basically let's discuss a couple scenarios here just to drive that point home if you're encrypting static pdf files intended for non-technical users that don't have any dynamic content forms or whatever then sure you probably want pdf encryption it's the most user-friendly thing here and yeah that's probably going to serve your needs the best however if all you require is encryption in transit and encryption address is not really a problem then you're basically better off just ensuring that all your communication channels use tls if you not only need encryption in transit but also encryption at rest but on the other hand your software is still in control of every step in the pipeline basically then you should still consider just encrypting the entire file as a binary blob so just don't care about the pdf format encrypt the whole thing using some established encryption library and do your thing in this case you don't really need pdf and groups and such and then finally and this is perhaps the most important point if you need your files to be resistant to intentional tampering then you really shouldn't ever rely on pdf encryption exclusively so you can of course use pdf encryption plus something else but currently there are no there's no machinery in the standard that allows you to encrypt the file and make sure it is time persistent without adding other stuff so there is a proposal in the works to add authenticated encryption to pdf but that's moving through the iso process but that will take a while in the meantime if you need temper resistance then think twice before you trust and trust your entire architecture to pdf encryption only the issue of temper proofing and integrity gives me a nice segue into the next big topic of the talk which is digital signing this part of the talk is divided into two sections so the first one is about digital signing in general and the basic concepts that you need to understand to get the grasp on what digital signing entails and then i'll move on to digital signing as implemented in the pdf specification so let's start with some generalities about digital signing in in the real world so as i already implied before digital signatures are an essential part of electronic bureaucracy in these times and they're popular with both companies and governments alike so in europe there is a bunch of regulation about the legal status of digital signatures and the rules they have to follow it's also part of many government workflows for example one example that you might have encountered in real life already is downloading official documents from your local government when i need some document from city hall i can go to their website log in with my government issued id card download the relevant document and will be signed by the relevant authorities so that i can use it in legal proceedings if i would want to okay now what is it that we look for in digital signature especially in a pdf file so in general we want the following three assurances the first one is that we want to ensure that whenever the document is modified in some way we should be able to detect that and it shouldn't validate the signature in particular so the signature should ensure that the document we see is the same as the one that was signed then closely tied to that there is the authenticity aspect so we should be able to not only verify what the sign is signed but also who this signer is and then finally which is uh the there is the non-repeatability part of the equation which essentially uh boils down to not giving the sign a plausible deniability so the steiner should not be able to deny that he or she signed the document even years down the road ideally and it's particularly interesting to note that classical physical wet ink signatures don't really meet this integrity requirement and arguably not really any of them so this is really one of the areas where digital signatures have a clear advantage over physical signatures so having said all that let's go back to our example of the contract between alice and bob from before let's see how these requirements translate to this particular example before committing to signing the contract with alice bob wants to know for sure that alice will not be able to change the terms after he signs so that's the integrity part then again alice wants to be able to verify that the signature is actually bob's that's the authenticity part and not only that she also wants to be able to prove that fact in court if bob later denies it so not only does alice want to know who the signature belongs to right now but she also wants to be able to verify signatures further down the line not only to herself but also to third parties this is kind of what sets apart non-reputability from authenticity in the most narrow sense so another way to state this authenticity requirement very simply is to say that signatures should be hard to forge and this can be achieved using public key or asymmetric cryptography so that's two words for the same thing basically and the core idea of asymmetric cryptography is that everyone holds two keys that are related so one key is the private key which you use for signing that key should be kept secret then there's the public key that's used for valid validating signatures and that key is publicly known so i'm sure that what i'm about to tell you right now is old hat to some maybe even most of you in the audience today but let's briefly review what such a public key signature process looks like say that alice is signing a document that she wants to send to bob just to stick to the same two people from before and that happens it happens in a couple of steps so first alice hashes the document using some hash function so alice hash's document and then she signs the hash with her private key and attaches the results to the document that she's about to send to bob then alice sends the document to bob so the document plus the signature that's attached to it then upon receiving the document bob first checks that the hash of the document that's embedded in the signature matches the hash of the document that he received so that ensures that the document wasn't modified in transit and then using the public using alice's public key he then validates that the signature is actually alice's and in that way he can then know that the document he received was written by alice so if anything you should re remember the following two things from the previous slides the fact that the private key is secret ensures that the signatures is hard are supposed to be hard to forge so it ensures the non-forgivability and the authenticity of the signature then again a strong hash function makes it easy to check the messages integrity now this leaves open two questions uh so the first one is uh the obvious elephant in the room how can bob justify trusting that the public key he has actually belongs to alice because technically all he did was verify that the signature was produced by the public key that he has but how can he know that that public key actually is alice's so to avoid impersonation bob should still check that the key he has is actually alice's closer tie to that is the question as to what happens when someone steals alice's private key some sometime down the road because as we already said ali should not be able to deny having made the signature so if our key gets stolen there should not be a reason to invalidate prior signatures and dealing with that is also a problem that's not entirely trivial to solve okay let's deal with trust first in the real world this trust problem is solved by relying on entities that are called certificate authorities so briefly put a certificate authority is simply an entity that certifies the relationship between a public key and its owner so it basically tells you that some public key belongs to some person let's see how that works in practice so let's say that alice wants to request a certificate from some ca the precise procedure through which just happens depends on the policies of the ca so there is some variation there but the two main ingredients are more or less always the same so of course alice would have to prove her identity to the ca using some pre-established means for example a face-to-face interview or sending a copy of her passport or whatever and then she should sign this information using her private key to prove that she is also the owner of the private key involved so once alice establishes her identity and her key ownership to the ca satisfaction the ca issues a certificate to alice so this certificate certifies that alice is the owner of this particular public key and the certificate itself is signed using the ca's private key now if alice wants to send the signed document to bob what she does is she signs the document as she usually would with her private key and then sends along the certificate that she received from the certificate authority now when bob receives the signed document together with a certificate from alice what she can then do is extract the public key from the certificate check alice's signature using this public key this would prove that the document was signed using the corresponding private key as before now in addition to that since alice passed along a certificate that was signed by a trusted certificate authority bob can also verify that this public key belongs to alice and therefore by extension that the document originated from alice now this protocol isn't too complicated but it does raise one obvious question namely who watches the watches or who trusts the certificate authorities and why why should bob take the ca's word for granted and this is a hard problem now the current solution is more or less the following so a very small number of well regarded and widely trusted uh certificate authorities have their certificates pre-loaded on most consumer devices so that includes your laptop some browser vendors maintain their own ca stores and so on and these certificates are usually called root certificate authorities or trust anchors and these in turn issue certificates for subsidiary cas those smaller cas that do the actual day-to-day certification out there this creates a sort of kind of a federated trust model if you want so the result of that is that whenever you validate in an entity certificate you have to build the chain of trust to one of these root certificates and yeah this does mean that it's basically ca is all the way down so in the end there is one at least one route that you have to to trust basically based on faith so you have to trust that they don't screw up but that's the way it works right now so having reviewed the basics of digital signing in the abstract let's try and take another closer look at how this actually works in the context of pdf files so as you probably know pdf files can contain forms containing various form fields and one of the types of form field is a signature form field so these are basically containers for signatures if you want other than that the general principle is exactly the same as what we just discussed so a signer obtains a certificate issued by some certificate authority then when he or she wants to sign the hash the document then sign with the private key corresponding to their certificate and then they embed the result into the signature field in the pdf file and then optionally but as a matter of taste you can add a visual appearance for the signature so that it's it's somehow visually clear that the document was signed but this is not mandatory so to make all of that a little more concrete let's do an example using i text in bouncy castle in java so this is a pretty bare bones example uh just because it wouldn't fit on one slide otherwise but nevertheless the general workflow is usually more or less the same so there are a number of discrete steps here so the the first part is some standard boilerplate to read key material from from file on disk in this case so in this case i'm reading my certificates and keys from a pkcs12 file so that's this this upper block here then i'm going to want to open a file for reading so in this case i'm opening a pdf reader on the source document and then attaching a pdf signer to that so i'm not working with a say usual pdf writer here there is a reason for that i'll come back to in a moment and then i specify the name of the form field where i want the signature to go then i point i text to the private key that i just loaded from my pkcs12 file and i tell it to use sha256 to compute the document hash and finally we call the sign detached method on the signer to actually produce a signature so here's what the result might look like to an end user in the previous example i didn't bother with setting an an actual appearance for the signature so i want to open the document but nevertheless when you open a file a pdf file that contains signatures you can open this the signature panel in acrobat and take a look at all the signatures that are contained in the document regardless of whether they have a visual appearance associated with them or not and these signature panels will also list all sorts of information on the validity of the signatures details about the signer the provenance of their certificate and so on so this is basically the place to go if you want to drill down on the signature in the document as an end user okay so that wasn't too bad was it so let's try to make it a little bit more complicated now so far the story that i've been telling was mostly about single signer scenarios so cases where as some person has to sign a document and then someone has to validate it that's basically it now it's an interesting question to ask what would happen if we would require multiple signatures in particular documents say for a contract or something that's not at all uncommon so what happens in these cases let's say that alice and bob both need to sign the same document maybe the contract from the example from before so in this scenario alice would first sign the original document and forwards the the document with her signature to bob then once bob received the document from alice he can validate her signature if he wants he should and then add his own signature to the document produced by alice so one thing that's important to remember here is that the order actually matters in pdf there is no such thing as a parallel signature or something so all signers have to add their signatures one after the other so if you've really been paying attention the question that i'm about to ask now is probably not that surprising what about the integrity of a signature if bob adds his signature to what alice signed then he's changing the document right so wouldn't that destroy or at least invalidate alice's signature and yeah well there is a trick to avoid that problem so the way this works in pdf is that we update documents by appending stuff instead of rewriting the entire document so instead of building a new document from scratch when bob would sign uh the what the document that was sent to him by alice what he does is he appends his own signature to the end of the file and in that way alice's original signature which is signature one in this picture does not get demolished by or invalidated by bobs and the reason for that is that the original data that alice used to compute her document hash is still left fully intact inside the file so the signature indicates what part of the file it covers and as long as you don't change any of that you're good so here's what that would look like to an end user in this acrobat screenshot you can see that the signature pane contains all signatures that were applied in in the correct order and it validates all of them ing to the range within the file that was covered by the signature so if one of the signers tries to sneak in an update that's not allowed say adding an extra page or modifying the content of some page using an incremental update then the pdf reader should complain and invalidate the signature so as you can see this is what acrobat does in this case so we've talked about trust and we've talked about multiple sinus scenarios but there is one more topic in the context of digital signing that i'd like to discuss today that has to do with the validity of this the signer certificate in the long term so generally speaking there are two ways in which a certificate can become invalid over time so one is the normal way namely by expiration so certificates all have an expiration date so basically these just act as a deadman switch that by default certificates expire after some time and it also makes upgrading to more modern cryptographic standards easier because well certificates just aren't valid until 30 years in the future when the cryptography that we use today might no longer suffice so all know that that's just a sensible thing to have and it's very much expected of any certificate that will expire in the somewhat near future so the other way in which a certificate can cease to be valid is through revocation so in contrast with expiration revocation is an action that the ca has to take explicitly and as the name implies it basically states that the ca no longer trusts the relationship between the key and the certificate subject so there are multiple reasons why a certificate could be revoked the most common one is through loss or compromise of the private key say a key gets stolen or whatever but there are also more mundane reasons say for example an employee at some company leaves before his or her contract is up and therefore their access has to be revoked that's not terribly special but regardless of the reason why a certificate becomes invalid the bottom line is that we have to deal with the situation somehow now the reason why we should care about this kind of situation is more or less contained in the question that's here on the slide so what happens to an existing signature if the signer certificate expires or is revoked we definitely want these signatures to remain valid because otherwise the non-repudiation property would be violated for example say if alice would engage in some kind of contract with bob she could then deliberately lose her key and report it as stolen to the certificate authority and then claimed that someone stole her identity when the contract was signed and then bob would have no recourse and of course in a perhaps more mundane scenario we just don't want signatures to just become invalid after some period of time that's also not a desirable property now at the same time if alice's key would actually get stolen then the thief could then back date documents and pretend they were signed before the certificate was revoked and of course that's also a situation that we want to avoid so well how do we resolve this apparent contradiction in order to validate documents in the long term we need some kind of way to travel through time and validate a certificate as it was in the past and this is tricky because we can't really trust the signer to accurately report the time of signing as before otherwise you could just backdate documents whenever you want it and that's not what we want in this case so the way this is resolved is in practice is by embedding not just the timestamp but the timestamp into the signature this is basically a signed timestamp that's issued by what's called a timestamping authority or a tsa and this tsa is authorized by some certificate authority to issue well good timestamps so trusted timestamps other than this timestamp we also want to embed some kind of statement from the certificate authority that basically ensures that when the signature was made the certificate of designer was not revoked at that time and then combining these two you can basically restore the situation as it was at the time of signing with a trusted audit trail now to actually embed and validate such an order trail in the pdf file there are a number of different conventions but the most important series of standards on the subject is probably the padded series from etsy so the european standards body and padis has a number of compliance levels so you can basically choose how rigorously you want to adhere to uh to the powder standard and that reflects basically the kind of time scale in which you can guarantee that the signature will remain valid and there are lots of variations on this theme so i i won't bore you with them here so by now pades is a very widely widely supported standard and you should definitely use it if you can so as i did at the end of the section on encryption here is a short summary slide with some libraries some open source libraries that support pdf signatures the list is a little shorter than the one with the encryption supporting libraries because yeah implementing digital signing correctly is just more difficult than pdf encryption and this is essentially due to the fact that there are just a lot of different use cases for digital signing that all have their own different requirements and some people want to be able to sign things using hardware devices others have their keys in memory there are different profiles trust requirements and so on now if you're a java or net programmer and you have a digital sign use case then chances are that itx will fit your needs the digital signing api in iotext is very flexible it supports multiple scenarios including signing with keys in memory signing with keys that reside on the hardware security device deferred signing where the actual cryptographic machinery happens somewhere else it also supports all the padis profiles basically there is something for everyone so with that i think it's time to wrap up and summarize what we discussed today the pdf standard offers many native security features including encryption which is easy to use widely supported in viewers and libraries alike the only caveat is that you should be aware of the limitations whenever you decide to use pdf encryption so consider your use case carefully besides encryption we've also spent quite some time discussing pdf signatures the digital signature feature set of the pdf standard is very broad and can more or less be mapped onto any pki workflow there is i could talk about that for hours and governments and companies alike use public key infrastructure for all sorts of things including signing documents this makes pdf signatures a very worthwhile topic to learn more about and then finally there is the topic of reduction annotations which we didn't discuss today for obvious lack of time but basically the pds center also has provisions to allow you to securely redact documents for publication or public release so with that i would like to leave you with some homework try and think about how you could leverage these tools in your document processing workflows thanks for listening and if you have any questions please ask you