Hi Tilman,
that's also bother me since yesterday.
I know I read it somewhere in a specification that the signature
dictionary should not be encrypted or at least partially. The reason
could be, that the verification engine should have access to some
informations like signature reason, signer name and so on, without the
need of decrypting the document. Additionaly the "Contents" value
shall not be encrypted at all, or the verifyer could not be able to
read the signature.
As always, there will be some signing application that does not
respect the specification and encrypt parts of the dictionary anyway.
If I find the part in the specification, I will share it with you :)
Best regards
Thomas
Zitat von Tilman Hausherr <[email protected]>:
In PDFBOX-2801 and PDFBOX-2469
<https://issues.apache.org/jira/browse/PDFBOX-2469> code has been
inserted that the signature dictionary not be decrypted. What is the
reason this is done, where can this be found in the specification? I
didn't find it.
When looking at the file from PDFBOX-2711, I can't see the signature
details because these are encrypted.
See here:
Root/Pages/Kids/[0]/Annots/[0]/T
Root/Pages/Kids/[0]/Annots/[0]/V/Location
Root/Pages/Kids/[0]/Annots/[0]/V/
Root/Pages/Kids/[0]/Annots/[0]/V/Name
Root/Pages/Kids/[0]/Annots/[0]/V/Reason
these elements can be displayed if this line in
SecurityHandler.decryptDictionary
if (!COSName.SIG.equals(dictionary.getItem(COSName.TYPE)) &&
!COSName.SIG.equals(dictionary.getItem(COSName.FT)))
is removed.
Why these thoughts? I was looking at the file
Scan0001_protected_signed in PDFBOX-2729 and was wondering why this
worked at all.
Tilman
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
