Re: PDF Signature Spoofing

[Wolfgang Bauer <Wo...@xitrust.com>]

Hi Tilman,

thanks for the hint with the lenient mode (I wasn't aware of this
feature,  as it is not exposed by the static PDDocument.load methods).
I tried it and now the COSParser throws an Exception as expected.



> 
> Can you explain what you mean? I thought that the current check did
> just 
> that.
> 

As far as I understood the attack, the signature object is modified by
the attacker and the /Byterange modified in such a way that the
cryptographically verification still holds (the gap between the two
signed ranges is increased). As a result of this, the actually used
/Byterange (the modified one) is no longer part of the signed data.


So my first idea was to check if the actually used /Byterange array is
covered by the signature (is not in the unsigned gap).

Anyway, I think turning off the lenient mode together with the "covers
whole document" check, should provide an adequate security level.

Thanks a lot for your valuable feedback,

Wolfgang