One thing to keep in mind here is that the signature validation rules for PDF changes differ based on the type of PDF signature and the properties of that signature. All of which is documented in ISO 32000 and in PAdES so be sure to consult both sets of documents as you work through your requirements/specifications.
Leonard From: Constantine Dokolas <cdoko...@gmail.com> Date: Friday, June 11, 2021 at 8:16 AM To: dev@pdfbox.apache.org <dev@pdfbox.apache.org> Subject: LTV validation (strict) Good evening! I'm researching how to validate that changes to a signed PDF conform to LTV (PAdES-only?) specs; i.e. that only LTV-related changes have been made to the document and nothing else (i.e. malicious changes to content). Is there some guide or any sample code regarding this for PDFBox? I could alternatively examine the changes in the xref table after signing, but I'm not sure if PDFBox supports this. If it does, I'd appreciate a few pointers in the right direction. Constantine -- There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them! - Richard P. Feynman
