Solved How to sign a pdf in FreeBSD?

maxmoon

Member

Reaction score: 4
Messages: 32

Currently I am traveling and am not able to print something out or scan anything, but I need to do so to cancel a contract and they told me the only way to do this the digital way is by signing the pdf file with Adobe PDF Reader.

Is there another and maybe better way to sign and verify a pdf?
 
Last edited:

k.jacker

Aspiring Daemon

Reaction score: 470
Messages: 740

Usually a letter (even hand written) is enough to chancel a contract. Add your name, adress, contract number and your signature. Send it in a way the letter is tracked and the receiver has to sign to get the letter.

Nowadays many companies try to force you into using their prefered way (often online), or just extra complicated way to make it hard for customers, to cancel contracts.
Anyway, I'd guess that by law, a written letter should be enough in most countries.

EDIT: Letter must be written with permanent ink like with a ballpen.
 

roccobaroccoSC

Aspiring Daemon

Reaction score: 210
Messages: 722

You did not specify if you want to sign digitally, or with a hand-written signature.
If they accept digital signatures, you can sign the PDF with security/gnupg. What you need to do is:
  1. Install GnuPG and create a public-private key pair - set your E-mail address inside the key.
  2. Publish your public key on the public key servers (they are configured by default in GnuPG).
  3. Sign the PDF - it will produce an additional signature file.
  4. Send the PDF and the Signature file as attachments to cancel your contract.
If they need a hand-written signature instead, a friend of mine uses the program graphics/xournal. Maybe you can import the PDF as picture and then use your mouse or electronic pen to sign the document and export to PDF.
 

Birdy

Active Member

Reaction score: 67
Messages: 119

By fax or email, give power to somebody you trust to digitally sign the PDF in your place?
 
OP
M

maxmoon

Member

Reaction score: 4
Messages: 32

Usually a letter (even hand written) is enough to chancel a contract. Add your name, adress, contract number and your signature. Send it in a way the letter is tracked and the receiver has to sign to get the letter.
This is a bit too expensive, because the letter must go to the other site of the world.
Nowadays many companies try to force you into using their prefered way (often online), or just extra complicated way to make it hard for customers, to cancel contracts.
...

Actually, it was me who asked them if it is possible to cancel the contract via e-mail or any other digital way.

You did not specify if you want to sign digitally, or with a hand-written signature.

It should be the most uncomplicated and cheapest way. I think the digital signature would be fast (hopefully).

  1. Install GnuPG and create a public-private key pair - set your E-mail address inside the key.
  2. Publish your public key on the public key servers (they are configured by default in GnuPG).
  3. Sign the PDF - it will produce an additional signature file.
  4. Send the PDF and the Signature file as attachments to cancel your contract.

That sounds like exactly what I should do, but I struggle with step 2 and 3. Do I really have to publish the public key? Wouldn't it be enough to send it with the signed pdf in the e-mail (because that might be the first and last time I will use it)?

So far I figured this out:
  1. Install gnupg with
    Code:
    sudo pkg install gnupg
  2. Generate key with
    Code:
    gpg --gen-key
    and enter your data (including a good password)
  3. Generate a public key with
    Code:
    gpg --output public.pgp --armor youremail@asdf.xyz
  4. Generate signature with
    Code:
    gpg --armor --detach-sig filename.pdf
    to get a sig file
  5. Verify the signature with
    Code:
    gpg --verify filename.pdf filename.pdf.asc
And now I just send the pdf file, asc file and public.pgp file to them, right?
 

T-Daemon

Daemon

Reaction score: 879
Messages: 1,753

they told me the only way to do this the digital way is by signing the pdf file with Adobe PDF Reader.
What exactly does that mean, a hand written signature scanned and copy/past in the pdf document, or a e-signature. If it's the first this is easily done with graphics/gimp. Futhermore, have you checked with the company if they accept a document signed with gnupg?
 

ralphbsz

Son of Beastie

Reaction score: 2,352
Messages: 3,241

There is no version of Adobe PDF reader that works on FreeBSD?
Is there one that works on Linux or Windows?
Create a VM on your FreeBSD machine, install Linux or Windows, install Adobe PDF reader, use it. This is very pedestrian and over-simple and tedious, but it gets you exactly where you want to be.
 
OP
M

maxmoon

Member

Reaction score: 4
Messages: 32

Actually no scanner needed, laptop camera, phone camera, digital camera will suffice.

Ok, they have declined my gnupg sign, because it's not legal/official in Germany to use it. I will make a picture of my hand written signature and add it with Gimp (they even recommended me to edit the pdf and add a scan of my signature). I can't believe that this is a legal way, because the result might look like the worst try of a scammer.

Create a VM on your FreeBSD machine, install Linux or Windows, install Adobe PDF reader, use it. This is very pedestrian and over-simple and tedious, but it gets you exactly where you want to be.

Buying a Windows license only for this task would be a bit overpowered. It's a good idea to create a VM with Linux for different stuff like this and for other software I have to use but don't want to have on my main system. But I have still problems with bhyve, because I am not able to start any Linux. But that's another topic...
 

sidetone

Daemon

Reaction score: 909
Messages: 1,864

Ok, they have declined my gnupg sign, because it's not legal/official in Germany to use it. I will make a picture of my hand written signature and add it with Gimp (they even recommended me to edit the pdf and add a scan of my signature). I can't believe that this is a legal way, because the result might look like the worst try of a scammer.

You may be able to print a PDF, sign it, then fax it. I'm not sure if everyone will take a scanned signed document as proof, because that could so easily be faked by someone else.

I've printed a document, signed it, then scanned the whole thing, and sent it in the past. They accepted it then, but now after how more become adept at scams and thinking how that can be scammed, I see problems with that. Adding a signature with Gimp doesn't seem like the way to go. At least it should be signed in physical form, then scanned (,or photoed) and sent.

It may be little different than a faxed document. If they take signatures in faxes, use Kinkos, UPS or an office supply store. They scan, print and fax for you for little cost. And if you don't use a cover letter, some people are so stupid, they'll get it, but they'll throw it out, and say they didn't get it based on that it didn't have a cover letter.

If they accept Adobe PDF Reader, LibreOffice should be little different, but maybe they have digital ways to preserve the integrity. GNUPG sign doesn't look much different, except for commercial assurances or reputation of Adobe's product.

By fax or email, give power to somebody you trust to digitally sign the PDF in your place?
A notary can't sign in the place of the person, but they sign or stamp in addition to. I'm unsure if some have services to fax or digitally send it for the customer.
 

roccobaroccoSC

Aspiring Daemon

Reaction score: 210
Messages: 722

That sounds like exactly what I should do, but I struggle with step 2 and 3. Do I really have to publish the public key? Wouldn't it be enough to send it with the signed pdf in the e-mail (because that might be the first and last time I will use it)?
Yes, you do have to publish your public key. The only way for the other party to validate your signature is to have your public key. And the easiest way for them to do it is to download it from the public registry (where you uploaded it beforehand).
You could also send your public key inside the email, but having it on a public server seems a bit more legitimate to me. What the other party needs to do to be completely sure is call you on the phone and check if your public key thumbprint is correct. I doubt that most companies nowadays are that pedantic.

If you are puzzled by the GnuPG command line parameters, that's normal. You could use a GUI to make things easier. I myself use the mail client Thunderbird and its extension Enigmail to manage my GnuPG keys. There are for sure other alternatives, take a look here: https://gnupg.org/software/frontends.html

So far I figured this out:
  1. Install gnupg with
    Code:
    sudo pkg install gnupg
  2. Generate key with
    Code:
    gpg --gen-key
    and enter your data (including a good password)
  3. Generate a public key with
    Code:
    gpg --output public.pgp --armor youremail@asdf.xyz
  4. Generate signature with
    Code:
    gpg --armor --detach-sig filename.pdf
    to get a sig file
  5. Verify the signature with
    Code:
    gpg --verify filename.pdf filename.pdf.asc
And now I just send the pdf file, asc file and public.pgp file to them, right?
You need to send them three things (and only three):
  • The original PDF you have signed
  • The detached signature file (it has the same name like the PDF file with ".asc", I believe)
  • Your public key (or you can upload the public key to a server and they can download it from there).
This should be sufficient in jurisdictions that allow for digitally signed documents, but if in doubt check with your lawyer. I am not a lawyer, that's only an opinion.
 

T-Daemon

Daemon

Reaction score: 879
Messages: 1,753

I will make a picture of my hand written signature and add it with Gimp ..
If you need help report back. I have "digitaly" signed documents that way many times. Also text can be added, eg. place, date of signature.
You may be able to print a PDF, sign it, then fax it.
OP has no printer at hand, and he asked to cancel contract by email.
I'm not sure if everyone will take a scanned signed document as proof, because that could so easily be faked by someone else.
Isn't a fax not also a scanned signed document? Only the method signing the document is different (printed, signatur added with pen on document, faxed vs. signature scanned, added electronicaly to document, sent by email).

Depending on the legislation of the country, and if the digital signatur of the signee is made and used by himself, or has knowledge when the signatur is used by others, in a company eg., where the CEO doesn't sign every minor document, but which needs legaly his signature, then it's perfectly legal.
 

sidetone

Daemon

Reaction score: 909
Messages: 1,864

OP has no printer at hand, and he asked to cancel contract by email.
If they take signatures in faxes, use Kinkos, UPS or an office supply store. They scan, print and fax for you for little cost.
A notary can't sign in the place of the person, but they sign or stamp in addition to. I'm unsure if some have services to fax or digitally send it for the customer.
Isn't a fax not also a scanned signed document?
It may be little different than a faxed document.
Fax is standardized as a document means. It is meant for those types of document transactions. Whereas JPG and PNG, the same image can be in digitial form in more countless ways.
 

6502

Active Member

Reaction score: 35
Messages: 113

they told me the only way to do this the digital way is by signing the pdf file with Adobe PDF Reader.
I guess they will expect X.509 official digital signature (issued by DigiCert or other like them). With GnuPG you will use self signed PGP signature with no guarantee that it is yours. If they have your phone number (from the contract), probably you can write letter on paper, sign it, make photo with cellphone and send it as MMS. The sender will be your number which they have.
 

roccobaroccoSC

Aspiring Daemon

Reaction score: 210
Messages: 722

I guess they will expect X.509 official digital signature (issued by DigiCert or other like them). With GnuPG you will use self signed PGP signature with no guarantee that it is yours. If they have your phone number (from the contract), probably you can write letter on paper, sign it, make photo with cellphone and send it as MMS. The sender will be your number which they have.
That's what I meant above when I said most companies nowadays are not this pedantic. Ideally they could call you back on the phone and ask you about the thumbprint of your PGP key, which would validate that the signature is indeed yours.
I agree that if you have an X.509 signature validated by an official Certificate Authority it would probably save the phonecall. Such a signature can be done with openssl(1). However, this has the disadvantage that one has to pay for an SSL certificate. Using the PGP key is for free.
 
Top