[jira] [Created] (PDFBOX-2816) PDFBox makes disallowed changes when signing a signed document

Fri, 29 May 2015 00:11:46 -0700 

Petras created PDFBOX-2816:
------------------------------

             Summary: PDFBox makes disallowed changes when signing a signed 
document
                 Key: PDFBOX-2816
                 URL: https://issues.apache.org/jira/browse/PDFBOX-2816
             Project: PDFBox
          Issue Type: Bug
          Components: Signing
    Affects Versions: 1.8.9
            Reporter: Petras


It seems PDFBox make disallowed changes when signing a document, containing 
visual appearance. Using the signing example 
{{org.apache.pdfbox.examples.signature.CreateSignature}} (modified to use BC 
1.52) I signed (invisible signature) a document (_acrosigned.pdf_) containing 
signature with visual appearance. After signing Adobe Acrobat for the resulted 
pdf (_acrosigned_signed.pdf_) shows an error for the first signature: {quote}
1 Page(s) Modified 
Signature is invalid:
Document has been altered or corrupted since it was signed.
{quote}
The first revision is intact after signing, but it seems PDFBox made some 
disallowed changes to the document. Adobe in its technical white paper [Adobe 
Acrobat 9 Digital Signatures, Changes and 
Improvements|http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/reader/pdfs/readercomp_digitalsignatures.pdf]
 disallows such changes for the signed document:
* Adding form fields other than signature fields 
* Changing page content 

Unfortunately, I could not identify the changes which caused this error, though 
I notice these changes in structure after signing:
# Default resources (/DR) were droped from AcroForm dictionary;
# An array of annotation dictionaries (value of /Annots in page object)  became 
direct;

And probably there are more...
I thought the first change was fundamental, noticed that 
{{PDDocument#addSignature()}} method removes /DR key for invisible signatures, 
removed in 1.8.10-SNAPSHOT sources, but unfortunately it didn't help. Didn't 
tried to reuse the same array object for /Annots yet. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to