Hi,
Am 21.12.2015 um 23:52 schrieb Tilman Hausherr:
In PDFBOX-2801 and PDFBOX-2469
<https://issues.apache.org/jira/browse/PDFBOX-2469> code has been inserted that
the signature dictionary not be decrypted. What is the reason this is done,
where can this be found in the specification? I didn't find it.
When looking at the file from PDFBOX-2711, I can't see the signature details
because these are encrypted.
See here:
Root/Pages/Kids/[0]/Annots/[0]/T
Root/Pages/Kids/[0]/Annots/[0]/V/Location
Root/Pages/Kids/[0]/Annots/[0]/V/
Root/Pages/Kids/[0]/Annots/[0]/V/Name
Root/Pages/Kids/[0]/Annots/[0]/V/Reason
these elements can be displayed if this line in
SecurityHandler.decryptDictionary
if (!COSName.SIG.equals(dictionary.getItem(COSName.TYPE)) &&
!COSName.SIG.equals(dictionary.getItem(COSName.FT)))
is removed.
Why these thoughts? I was looking at the file Scan0001_protected_signed in
PDFBOX-2729 and was wondering why this worked at all.
Hmm, I can't remember the details, it seems to be a combination of a misleading
comment in the code, a missing double check if the comment is ok and a
misunderstanding that a signature dictionary isn't an encryption dictionary.
However in hindsight the decision was wrong. As Maruan already found out, any
hexadecimal strings representing the value of the Contents key in a Signature
dictionary must not be encrypted.
@Tilman: Are you going to adjust the code, as you are already in the middle of
testing it?
Tilman
BR
Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
