Thanks for that. Now I need to know how to go about checking for non-conformant "additions" to the PDF. Anyone able to point me in the right direction?
Constantine -- There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them! - Richard P. Feynman On Fri, Jun 11, 2021 at 3:30 PM Leonard Rosenthol <[email protected]> wrote: > One thing to keep in mind here is that the signature validation rules for > PDF changes differ based on the type of PDF signature and the properties of > that signature. All of which is documented in ISO 32000 and in PAdES so be > sure to consult both sets of documents as you work through your > requirements/specifications. > > Leonard > > From: Constantine Dokolas <[email protected]> > Date: Friday, June 11, 2021 at 8:16 AM > To: [email protected] <[email protected]> > Subject: LTV validation (strict) > Good evening! > > I'm researching how to validate that changes to a signed PDF conform to LTV > (PAdES-only?) specs; i.e. that only LTV-related changes have been made to > the document and nothing else (i.e. malicious changes to content). > > Is there some guide or any sample code regarding this for PDFBox? > > I could alternatively examine the changes in the xref table after signing, > but I'm not sure if PDFBox supports this. If it does, I'd appreciate a few > pointers in the right direction. > > Constantine > > -- > There is a computer disease that anybody who works with computers knows > about. It's a very serious disease and it interferes completely with the > work. The trouble with computers is that you 'play' with them! > - Richard P. Feynman >
