Tanmay Sharma created PDFBOX-5647:
-------------------------------------
Summary: Showing signature verified for tempered document
Key: PDFBOX-5647
URL: https://issues.apache.org/jira/browse/PDFBOX-5647
Project: PDFBox
Issue Type: Bug
Components: Signing
Reporter: Tanmay Sharma
A 2 page document was signed. The signature of document was verified by
[ShowSignature
sample|https://github.com/apache/pdfbox/blob/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java]
and it prints "Signature Verified".
Then a corrupted signed PDF was created by deleting the second page of the same
signed PDF and the signature of the corrupted PDF was also verified using
[ShowSignature
sample|https://github.com/apache/pdfbox/blob/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java].
Ideally the verification should fail because hash of the document is changed
(as second page is deleted). But instead of printing "Signature verification
failed", it still prints "Signature Verified".
How the signature of corrupted pdf is still getting verified successfully?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
