Kategorie-Archiv: Development

Create signed PDF-Files

Some days ago a friend of mine asked me how to create PDF-Receipts. Background is that – at least in Germany – you can replace printed receipts with digitally signed PDF-Files. The signature has to comply to certain legal standards to be able to replace the printed copy but the way is the same whether it’s a self-signed certificate or an official one.

For the start I wanted to see how to sign a PDF-Document created with TCPDF. At a later time I will also have a look at how to sign a PDF-File using the libraries supported by PDFlib.com.

Signing PDF-files with TCPDF requires you to have the private key and the certificate available via a stream-ressource. That excludes certificates and keys on a signature-card as long as you can not export them.

Creating a signed PDF-File using TCPDF is rather simple as you can see in this code-snippet:

$pdf = new TCPDF(PDF_PAGE_ORIENTATION, PDF_UNIT, PDF_PAGE_FORMAT, true, 'UTF-8', false);

// set certificate file
$certificate = 'file://' . __DIR__ . '/cert/certificate.crt';
$privateKey = 'file://' . __DIR__ . '/cert/privateKey.crt';
// set document signature
$pdf->setSignature($certificate, $privateKey, 'test1234', '', 1, array());

// Do some more stuff here like creating the actual PDF-File

//Close and output PDF document
$pdf->output('test.pdf', 'D');

That’s it.

The hard part now is for one thing creating the actual PDF-File.
And the more important one question was “Which certificate-key-thingy goes where”.

That was the one that took me most of the time. When using a self-signed certificate as described in the TCPDF-Example you can somehow use the given openSSL shell-lines to get somehow to a result. But I wanted to sign the document with a “qualified electonical signature” which takes some more steps.

What is a qualified electronical signature? It’S nothing else than any other digital signature from a certification authority. The only difference is, that it has been issued according to the german “Signaturgesetz” which means, that it is based on a qualified certificate and has been created using a certain approved PKI. As I am not a lawyer, this is simply my own description of a legal process which might be inaccurate or plain false. So do not take my word as legally authoritative. A list of issuers for qualified electronical signatures can be found at http://www.nrca-ds.de/ZDAliste.htm

As I do not posses such a qualified electronical signature (and there currently is no need for me to get one) I tried the whole stuff with a certificate I got myself from CA-Cert. As far as I know (but I will verify that one soon) you can export a qualified electronic signature into a format that can be used for these purposes.

The relevant parts are the following variables

$certificate
needs to point to a certificate file in PEM-Format. Thats a plaintext-file with —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– and some base64 encoded stuff in between.
$privateKey
needs to point to a private key file in binary PKCS7-Format. Those files normally end in something like ‘.p12′ or ‘.pfx’. To open this file you normally need a passphrase which you have to provide as third parameter to $pdf->setSignature.

Using that certificate and private key you can now sign your PDF-file.

PHP.ug updated

Hi everyone.

Today I finally managed to update some of the features on PHP.ug I’ve had in mind for a long time already.

Now it’s possible to promote a new usergroup and to edit your own usergroup. To minimize spam and to know which of those some-hundred usergroups is your one you have to log in. Currently login is possible with your Twitter-Account (more might come) and then you are able to edit all the groups your twitter-account is associated with. That way php.ug does not need to maintain a user-base (and you do not need to remember another login) and you can pass on authority to the next usergroup-leader by passing on the usergroups-twitter account.

You can provide a simple iCalendar-File in your webspace and link to that from php.ug. That way everyone interested can integrate YOUR calendar into their Calendaring-Application and as soon as you change your calendar those are updated to everyone else. No need to maintain your event-date (and possible updates to that) on another page. In times to come we might even evaluate those calendaring-informations to an “All-Usergroups-Event-Calendar”.

And yes, I know that adding the geolocation currently is far from easy to handle. I’m working on that. Until a better solution you will need to provide Latitude-Longitude Informations. But with a recent update to google-maps you can right-click onto the location GoogleMaps, select “What’s here” and copy the string from the search-field. Paste that into the Location field and be happy.

If you find issues or have new ideas for php.ug feel free to tell us about it

Thanks to all support php.ug got during the last year! I appreciate that a lot.

Mobile blogging

For a Lot of People it might Be an old Story, but I just discovered the possibilities of the XML-RPC-Connector in my wordpress-blog.

It Makes editing so much easier on the Train or at the Next Break. Just open an offline-editor (I am using the wordpress-app on my iPod) And Start happy editing.

The only drawback is the Auto-Text-correction, that I have Not yet managed to Turn off and that more than once translates a Perfect english word into German garbage…. But that’s not wordpress’ fault, isn’t it?

gallery-script created

I store the images from my digital camera on a local machine at home. But retrieving images is a somewhat painfull thing for everyone else than myself (that is: especially my better half (-; ).

So after some research I didn’t find something that met my requirements

  • easy
  • reads from folders
  • runs with PHP
  • allows to select images for later batch-download
  • batch download for the selected stuff

So I created a small application to display images from existing folders without the need to import stuff manually.

To use the script you need a current Zend-Framework installed in your phps include_path.

The script can be found at Github