Adding Annotations to Signed PDF Causes Signatures To Appear Invalid

[Predrag Stojković <Pr...@comtrade.com.INVALID>]

Hello all,

I'm using Apache PDFBox 3.0.1, and I tried to add annotations to an existing PDF document, using basically the same code as supplied in example class org.apache.pdfbox.examples.pdmodel.AddAnnotations.

There are only few differences to the original code, i.e. I'm loading an existing document using
PDDocument document = Loader.loadPDF(new RandomAccessReadBufferedFile(args[0]))
instead of making a new one, and I'm skipping the lines in example where contents of new file are created, because my file already has some content.

This existing document has electronic signature on it.
After running the example code, and adding annotations to the document, when I open that document in Adobe Acrobat Reader (should be the latest version, 23.8.20555.0), and then try to validate signatures, it first shows an error message:
There was an error creating a temporary file.

Then, when I look at the Signature Panel, it show the following:
Signature is invalid:
There are errors in the formatting or information contained in this signature (support information: SigDict /Contents illegal data)

My code, as well as the PDF document can be found on address:
https://files.fm/u/bsm5vzg9wk

This PDF was signed most likely by custom code based on an old version of iText, but I have also tried on another document which was produced by Adobe Acrobat and signed by GetAccept service (I haven't provided this document, but I probably could if needed), and the behaviour is the same after adding annotations.

Can you please check what is happening here?

Best regards,
Predrag Stojković

Re: Adding Annotations to Signed PDF Causes Signatures To Appear Invalid

[Tilman Hausherr <TH...@t-online.de>]

Hi,

You're using an ordinary save(). The signature will no longer work 
because the signed file segment has changed. You need to use 
saveIncremental(). Use the method that takes a list of COSDictionaries. 
And remove the showPageNo() part, I assume Adobe will not like that 
because you're changing the looks of the page. Another problem is that 
the DocMDP value is 3, which means:

2 Permitted changes shall be filling in forms, instantiating page 
templates, and signing; other changes shall invalidate the signature.
3 Permitted changes shall be the same as for 2, as well as annotation 
creation, deletion, and modification; other changes shall invalidate the 
signature.

Thus add annotations only, don't change the page contents. Assuming that 
the annotations array already existed, you need to include the page 
COSDictionary object and each annotation COSDictionary object to the 
list mentioned earlier. (possibly the annotation appearance too).

Tilman


On 27.02.2024 11:38, Predrag Stojković wrote:
> Hello all,
>
> I'm using Apache PDFBox 3.0.1, and I tried to add annotations to an existing PDF document, using basically the same code as supplied in example class org.apache.pdfbox.examples.pdmodel.AddAnnotations.
>
> There are only few differences to the original code, i.e. I'm loading an existing document using
> PDDocument document = Loader.loadPDF(new RandomAccessReadBufferedFile(args[0]))
> instead of making a new one, and I'm skipping the lines in example where contents of new file are created, because my file already has some content.
>
> This existing document has electronic signature on it.
> After running the example code, and adding annotations to the document, when I open that document in Adobe Acrobat Reader (should be the latest version, 23.8.20555.0), and then try to validate signatures, it first shows an error message:
> There was an error creating a temporary file.
>
> Then, when I look at the Signature Panel, it show the following:
> Signature is invalid:
> There are errors in the formatting or information contained in this signature (support information: SigDict /Contents illegal data)
>
> My code, as well as the PDF document can be found on address:
> https://files.fm/u/bsm5vzg9wk
>
> This PDF was signed most likely by custom code based on an old version of iText, but I have also tried on another document which was produced by Adobe Acrobat and signed by GetAccept service (I haven't provided this document, but I probably could if needed), and the behaviour is the same after adding annotations.
>
> Can you please check what is happening here?
>
> Best regards,
> Predrag Stojković
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org