You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "Tilman Hausherr (JIRA)" <ji...@apache.org> on 2015/12/17 17:34:46 UTC

[jira] [Resolved] (PDFBOX-2816) PDFBox makes disallowed changes when signing a signed document

     [ https://issues.apache.org/jira/browse/PDFBOX-2816?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tilman Hausherr resolved PDFBOX-2816.
-------------------------------------
       Resolution: Fixed
         Assignee: Maruan Sahyoun
    Fix Version/s: 2.0.0
                   1.8.11

> PDFBox makes disallowed changes when signing a signed document
> --------------------------------------------------------------
>
>                 Key: PDFBOX-2816
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-2816
>             Project: PDFBox
>          Issue Type: Bug
>          Components: Signing
>    Affects Versions: 1.8.9
>            Reporter: Petras
>            Assignee: Maruan Sahyoun
>             Fix For: 1.8.11, 2.0.0
>
>         Attachments: Fix_to_PDFBOX-2816.patch, acrosigned.pdf, acrosigned_signed.pdf, acrosigned_signed_fix.pdf
>
>
> It seems PDFBox make disallowed changes when signing a document containing a signature with visual appearance. Using the signing example {{org.apache.pdfbox.examples.signature.CreateSignature}} (modified to use BC 1.52) I signed (invisible signature) a document (_acrosigned.pdf_) containing signature with visual appearance. After signing Adobe Acrobat for the resulted pdf (_acrosigned_signed.pdf_) shows an error for the first signature: {quote}
> 1 Page(s) Modified 
> Signature is invalid:
> Document has been altered or corrupted since it was signed.
> {quote}
> The first revision is intact after signing, but it seems PDFBox made some disallowed changes to the document. Adobe in its technical white paper [Adobe Acrobat 9 Digital Signatures, Changes and Improvements|http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/reader/pdfs/readercomp_digitalsignatures.pdf] disallows such changes for the signed document:
> * Adding form fields other than signature fields 
> * Changing page content 
> Unfortunately, I could not identify the changes which caused this error, though I notice these changes in structure after signing:
> # Default resources (/DR) were droped from AcroForm dictionary;
> # An array of annotation dictionaries (value of /Annots in page object)  became direct;
> And probably there are more...
> I thought the first change was fundamental, noticed that {{PDDocument#addSignature()}} method removes /DR key for invisible signatures. Tried to disable it in 1.8.10-SNAPSHOT sources, but unfortunately it didn't help. Didn't tried to reuse the same array object for /Annots yet. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org