From ISO32000-2: Encryption applies to all strings and streams in the document's PDF file, with the following exceptions:
The values for the ID entry in the trailer Any strings in an Encrypt dictionary Any strings that are inside streams such as content streams and compressed object streams, which themselves are encrypted Any hexadecimal strings representing the value of the Contents key in a Signature dictionary For prior specs I didn't find that information but keep looking. BR Maruan > Am 22.12.2015 um 09:55 schrieb Thomas Chojecki <[email protected]>: > > Hi Tilman, > that's also bother me since yesterday. > > I know I read it somewhere in a specification that the signature dictionary > should not be encrypted or at least partially. The reason could be, that the > verification engine should have access to some informations like signature > reason, signer name and so on, without the need of decrypting the document. > Additionaly the "Contents" value shall not be encrypted at all, or the > verifyer could not be able to read the signature. > > As always, there will be some signing application that does not respect the > specification and encrypt parts of the dictionary anyway. > > If I find the part in the specification, I will share it with you :) > > Best regards > Thomas > > Zitat von Tilman Hausherr <[email protected]>: > >> In PDFBOX-2801 and PDFBOX-2469 >> <https://issues.apache.org/jira/browse/PDFBOX-2469> code has been inserted >> that the signature dictionary not be decrypted. What is the reason this is >> done, where can this be found in the specification? I didn't find it. >> >> When looking at the file from PDFBOX-2711, I can't see the signature details >> because these are encrypted. >> See here: >> Root/Pages/Kids/[0]/Annots/[0]/T >> Root/Pages/Kids/[0]/Annots/[0]/V/Location >> Root/Pages/Kids/[0]/Annots/[0]/V/ >> Root/Pages/Kids/[0]/Annots/[0]/V/Name >> Root/Pages/Kids/[0]/Annots/[0]/V/Reason >> >> these elements can be displayed if this line in >> SecurityHandler.decryptDictionary >> >> if (!COSName.SIG.equals(dictionary.getItem(COSName.TYPE)) && >> !COSName.SIG.equals(dictionary.getItem(COSName.FT))) >> >> is removed. >> >> Why these thoughts? I was looking at the file Scan0001_protected_signed in >> PDFBOX-2729 and was wondering why this worked at all. >> >> Tilman > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] >
