[
https://issues.apache.org/jira/browse/PDFBOX-2816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Petras updated PDFBOX-2816:
---------------------------
Description:
It seems PDFBox make disallowed changes when signing a document containing a
signature with visual appearance. Using the signing example
{{org.apache.pdfbox.examples.signature.CreateSignature}} (modified to use BC
1.52) I signed (invisible signature) a document (_acrosigned.pdf_) containing
signature with visual appearance. After signing Adobe Acrobat for the resulted
pdf (_acrosigned_signed.pdf_) shows an error for the first signature: {quote}
1 Page(s) Modified
Signature is invalid:
Document has been altered or corrupted since it was signed.
{quote}
The first revision is intact after signing, but it seems PDFBox made some
disallowed changes to the document. Adobe in its technical white paper [Adobe
Acrobat 9 Digital Signatures, Changes and
Improvements|http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/reader/pdfs/readercomp_digitalsignatures.pdf]
disallows such changes for the signed document:
* Adding form fields other than signature fields
* Changing page content
Unfortunately, I could not identify the changes which caused this error, though
I notice these changes in structure after signing:
# Default resources (/DR) were droped from AcroForm dictionary;
# An array of annotation dictionaries (value of /Annots in page object) became
direct;
And probably there are more...
I thought the first change was fundamental, noticed that
{{PDDocument#addSignature()}} method removes /DR key for invisible signatures,
removed in 1.8.10-SNAPSHOT sources, but unfortunately it didn't help. Didn't
tried to reuse the same array object for /Annots yet.
was:
It seems PDFBox make disallowed changes when signing a document, containing
visual appearance. Using the signing example
{{org.apache.pdfbox.examples.signature.CreateSignature}} (modified to use BC
1.52) I signed (invisible signature) a document (_acrosigned.pdf_) containing
signature with visual appearance. After signing Adobe Acrobat for the resulted
pdf (_acrosigned_signed.pdf_) shows an error for the first signature: {quote}
1 Page(s) Modified
Signature is invalid:
Document has been altered or corrupted since it was signed.
{quote}
The first revision is intact after signing, but it seems PDFBox made some
disallowed changes to the document. Adobe in its technical white paper [Adobe
Acrobat 9 Digital Signatures, Changes and
Improvements|http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/reader/pdfs/readercomp_digitalsignatures.pdf]
disallows such changes for the signed document:
* Adding form fields other than signature fields
* Changing page content
Unfortunately, I could not identify the changes which caused this error, though
I notice these changes in structure after signing:
# Default resources (/DR) were droped from AcroForm dictionary;
# An array of annotation dictionaries (value of /Annots in page object) became
direct;
And probably there are more...
I thought the first change was fundamental, noticed that
{{PDDocument#addSignature()}} method removes /DR key for invisible signatures,
removed in 1.8.10-SNAPSHOT sources, but unfortunately it didn't help. Didn't
tried to reuse the same array object for /Annots yet.
> PDFBox makes disallowed changes when signing a signed document
> --------------------------------------------------------------
>
> Key: PDFBOX-2816
> URL: https://issues.apache.org/jira/browse/PDFBOX-2816
> Project: PDFBox
> Issue Type: Bug
> Components: Signing
> Affects Versions: 1.8.9
> Reporter: Petras
> Attachments: acrosigned.pdf, acrosigned_signed.pdf
>
>
> It seems PDFBox make disallowed changes when signing a document containing a
> signature with visual appearance. Using the signing example
> {{org.apache.pdfbox.examples.signature.CreateSignature}} (modified to use BC
> 1.52) I signed (invisible signature) a document (_acrosigned.pdf_) containing
> signature with visual appearance. After signing Adobe Acrobat for the
> resulted pdf (_acrosigned_signed.pdf_) shows an error for the first
> signature: {quote}
> 1 Page(s) Modified
> Signature is invalid:
> Document has been altered or corrupted since it was signed.
> {quote}
> The first revision is intact after signing, but it seems PDFBox made some
> disallowed changes to the document. Adobe in its technical white paper [Adobe
> Acrobat 9 Digital Signatures, Changes and
> Improvements|http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/reader/pdfs/readercomp_digitalsignatures.pdf]
> disallows such changes for the signed document:
> * Adding form fields other than signature fields
> * Changing page content
> Unfortunately, I could not identify the changes which caused this error,
> though I notice these changes in structure after signing:
> # Default resources (/DR) were droped from AcroForm dictionary;
> # An array of annotation dictionaries (value of /Annots in page object)
> became direct;
> And probably there are more...
> I thought the first change was fundamental, noticed that
> {{PDDocument#addSignature()}} method removes /DR key for invisible
> signatures, removed in 1.8.10-SNAPSHOT sources, but unfortunately it didn't
> help. Didn't tried to reuse the same array object for /Annots yet.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
