You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@pdfbox.apache.org by Ranjeet Kuruvilla <ra...@yandex.com> on 2021/05/12 14:27:45 UTC
Invalid Signatures
https://apache.googlesource.com/pdfbox/+/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
I am using 2.0.23 and Preflight 2.0.23.
It is possible to sign a document and then change a field (check or
uncheck a checkbox for example).
I want to either
a. make it impossible to change a value after even one signature has
been given
or
b. find out which field was altered after signature
. How can I do that?
I do not think ShowSignature can do that.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org
AW: Invalid Signatures
Posted by Rico Erhard <Er...@stepover.de>.
> -----Ursprüngliche Nachricht-----
> Von: Ranjeet Kuruvilla <ra...@yandex.com>
> Gesendet: Mittwoch, 12. Mai 2021 16:28
> An: users@pdfbox.apache.org
> Betreff: Invalid Signatures
>
> https://apache.googlesource.com/pdfbox/+/trunk/examples/src/main/java
> /org/apache/pdfbox/examples/signature/ShowSignature.java
>
> I am using 2.0.23 and Preflight 2.0.23.
>
> It is possible to sign a document and then change a field (check or uncheck a
> checkbox for example).
>
> I want to either
>
> a. make it impossible to change a value after even one signature has been
> given
>
> or
>
> b. find out which field was altered after signature
>
> . How can I do that?
>
Use incremental updates.
See PDDocument.saveIncremental and saveIncrementalForExternalSigning.
Freundlichen Grüßen / Kind regards
--
Rico Erhard
StepOver GmbH
Otto-Hirsch-Brücken 17
D-70329 Stuttgart
Tel. +49-711-120 269 - 45
Erhard@stepover.de
www.StepOver.com
--------------------------------------------------------------
Steuer-Nr. 99068/04841 | USt.-Id.-Nr. DE 222 070 334 | HRB-Nr.23415 Amtsgericht Stuttgart | IBAN DE96 6007 0024 0180 302200 | BIC (SWIFT-CODE) DEUTDEDBSTG
Geschäftsführer: Andreas Günther
Diese E-mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese e-mail irrtümlich erhalten, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. Bitte beachten Sie unsere allgemeinen Hinweise zum Datenschutz.
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this email in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Please note our general information on data protection.
Este email contiene información confidencial. En caso de que usted no sea el destinatario y por error reciba este mensaje, le rogamos que nos informe lo antes posible y que destruya después toda copia del mismo. No se permite la copia ni la transmisión de la información contenida en este mensaje sin autorización de StepOver. Tenga también en cuenta las indicaciones generales respecto a la protección de datos.
________________________
This email was scanned by Bitdefender
Re: Invalid Signatures
Posted by Tilman Hausherr <TH...@t-online.de>.
Am 13.05.2021 um 06:35 schrieb Ranjeet Kuruvilla:
> https://community.adobe.com/t5/acrobat/flatten-pdf-after-signature/m-p/12032659#M312513
>
> This seems to be what I wanted: All fields become readonly after at
> least one is signed.
You could try this by doing the read-only assignment as an incremental save.
field.setReadOnly(true);
Set<COSDictionary> objectsToWrite = new HashSet<>();
objectsToWrite.add(field.getCOSObject());
doc.saveIncremental(fileOutputStream, objectsToWrite);
However Adobe will complain if the file was signed with a "no changes
allowed" certification signature.
Tilman
>
> On 12.05.21 20:42, Tilman Hausherr wrote:
>> Am 12.05.2021 um 16:27 schrieb Ranjeet Kuruvilla:
>>> https://apache.googlesource.com/pdfbox/+/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
>>>
>>>
>>> I am using 2.0.23 and Preflight 2.0.23.
>>>
>>> It is possible to sign a document and then change a field (check or
>>> uncheck a checkbox for example).
>>>
>>> I want to either
>>>
>>> a. make it impossible to change a value after even one signature has
>>> been given
>> use certification signature ( SigUtils.setMDPPermission() ). While
>> saving incrementally will still be possible, Adobe will complain
>> (depending on the value used)
>>
>>> or
>>>
>>> b. find out which field was altered after signature
>> If it is saved normally, then the signature verification will fail; if
>> you save incrementally, PDFBox can't tell, but Adobe will mention it.
>>
>> Tilman
>>
>>
>>> . How can I do that?
>>>
>>> I do not think ShowSignature can do that.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
>>> For additional commands, e-mail: users-help@pdfbox.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
>> For additional commands, e-mail: users-help@pdfbox.apache.org
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: users-help@pdfbox.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org
Re: Invalid Signatures
Posted by Ranjeet Kuruvilla <ra...@yandex.com>.
https://community.adobe.com/t5/acrobat/flatten-pdf-after-signature/m-p/12032659#M312513
This seems to be what I wanted: All fields become readonly after at
least one is signed.
On 12.05.21 20:42, Tilman Hausherr wrote:
> Am 12.05.2021 um 16:27 schrieb Ranjeet Kuruvilla:
>> https://apache.googlesource.com/pdfbox/+/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
>>
>>
>> I am using 2.0.23 and Preflight 2.0.23.
>>
>> It is possible to sign a document and then change a field (check or
>> uncheck a checkbox for example).
>>
>> I want to either
>>
>> a. make it impossible to change a value after even one signature has
>> been given
>
> use certification signature ( SigUtils.setMDPPermission() ). While
> saving incrementally will still be possible, Adobe will complain
> (depending on the value used)
>
>>
>> or
>>
>> b. find out which field was altered after signature
>
> If it is saved normally, then the signature verification will fail; if
> you save incrementally, PDFBox can't tell, but Adobe will mention it.
>
> Tilman
>
>
>>
>> . How can I do that?
>>
>> I do not think ShowSignature can do that.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
>> For additional commands, e-mail: users-help@pdfbox.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: users-help@pdfbox.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org
Re: Invalid Signatures
Posted by Tilman Hausherr <TH...@t-online.de>.
Am 12.05.2021 um 16:27 schrieb Ranjeet Kuruvilla:
> https://apache.googlesource.com/pdfbox/+/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java
>
> I am using 2.0.23 and Preflight 2.0.23.
>
> It is possible to sign a document and then change a field (check or
> uncheck a checkbox for example).
>
> I want to either
>
> a. make it impossible to change a value after even one signature has
> been given
use certification signature ( SigUtils.setMDPPermission() ). While
saving incrementally will still be possible, Adobe will complain
(depending on the value used)
>
> or
>
> b. find out which field was altered after signature
If it is saved normally, then the signature verification will fail; if
you save incrementally, PDFBox can't tell, but Adobe will mention it.
Tilman
>
> . How can I do that?
>
> I do not think ShowSignature can do that.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: users-help@pdfbox.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org