[
https://issues.apache.org/jira/browse/PDFBOX-5066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17258156#comment-17258156
]
Michael Klink commented on PDFBOX-5066:
---------------------------------------
That code apparently is a snapshot of work-in progress, it still verifies using
SHA1withRSA and only thereafter determines the actual digest algorithm used...
> ShowSignature: say which digest algorithm was used, detect forged content
> -------------------------------------------------------------------------
>
> Key: PDFBOX-5066
> URL: https://issues.apache.org/jira/browse/PDFBOX-5066
> Project: PDFBox
> Issue Type: Improvement
> Components: Signing
> Affects Versions: 2.0.23
> Reporter: Ralf Hauser
> Priority: Minor
>
> 1) SHA256 is was used by the signer to get the content digests of
> target/pdfs/notCertified_368835_Sig_en_201026090509.pdf , this should be
> mentioned like
> System.out.println("Signature found");
> so maybe
> System.out.println("Signature algorithm: "+algo);
> where 'algo' is for example "sha256WithRSAEncryption" (as per
> [http://oidref.com/1.2.840.113549.1.1.11])
> 2) for subFilter="adbe.x509.rsa_sha1" it is not detected, if the pdf content
> is altered.
>
> See also PDFBOX-4297
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
