ENH: pdfly sign / check-sign

[Lucas-C]

Intent
Provide a pair of new subcommands:

• pdfly sign : take a PDF document and a pair of public/private certificates, and produce a signed PDF document
• pdfly check-sign : take a signed PDF document and a public certificate, and check if its signature is valid

Suggested implementation
fpdf2 is already a dependency of pdfly, and combined with endesive could be use to perform signing: https://py-pdf.github.io/fpdf2/Signing.html

endesive could be used to check the signature.

There are some example usages we could support:

• signing using a PKCS12 certificate archive:

pdfly sign input.pdf --p12 certs.p12 -o signed.pdf

• signing using a PEM certificate bundle:

pdfly sign input.pdf --pem certs.pem -o signed.pdf

• signing using GPG keys:

pdfly sign input.pdf --gpg-pub-key ~/.gnupg/pubring.gpg --gpg-sec-key ~/.gnupg/secring.gpg -o signed.pdf

• checking a signature using a PEM certificate:

pdfly check-sign signed.pdf --pem certs.pem

• checking a signature using a GPG key:

pdfly check-sign signed.pdf --gpg-pub-key ~/.gnupg/pubring.gpg

Extra useful documentations:

• https://github.com/py-pdf/fpdf2/blob/master/test/signing/README.md
• https://github.com/py-pdf/fpdf2/blob/master/test/signing/test_sign.py

Extra features we could consider:

• display how much does adding the signature increased the file size, in percent
• provide an optional --inplace / -i flag that would allow to NOT provide an output PDF filepath because the input PDF file would be directly modified

[cyy-2024]

hello， remember me? （： I'm the beginner cyy-2024! Thank you very much for your help！I guess I can do a simple p12 signature.~

[Lucas-C]

Hi @cyy-2024

Thank you for your contribution 👍

I'm going to try to review your PR today 🙂

[Lucas-C]

PR #72 could not be completed, this issue is up-for-grabs 🙂