Re: Signature dictionaries encrypted or not

Tue, 22 Dec 2015 03:03:02 -0800 

Am 22.12.2015 um 11:50 schrieb Andreas Lehmkuehler:

Hi,

Am 21.12.2015 um 23:52 schrieb Tilman Hausherr:

In PDFBOX-2801 and PDFBOX-2469
<https://issues.apache.org/jira/browse/PDFBOX-2469> code has been inserted that the signature dictionary not be decrypted. What is the reason this is done, 
where can this be found in the specification? I didn't find it.
When looking at the file from PDFBOX-2711, I can't see the signature details 
because these are encrypted.
See here:
Root/Pages/Kids/[0]/Annots/[0]/T
Root/Pages/Kids/[0]/Annots/[0]/V/Location
Root/Pages/Kids/[0]/Annots/[0]/V/
Root/Pages/Kids/[0]/Annots/[0]/V/Name
Root/Pages/Kids/[0]/Annots/[0]/V/Reason
these elements can be displayed if this line in SecurityHandler.decryptDictionary 

if (!COSName.SIG.equals(dictionary.getItem(COSName.TYPE)) &&
!COSName.SIG.equals(dictionary.getItem(COSName.FT)))

is removed.
Why these thoughts? I was looking at the file Scan0001_protected_signed in 
PDFBOX-2729 and was wondering why this worked at all.
Hmm, I can't remember the details, it seems to be a combination of a misleading comment in the code, a missing double check if the comment is ok and a misunderstanding that a signature dictionary isn't an encryption dictionary. However in hindsight the decision was wrong. As Maruan already found out, any hexadecimal strings representing the value of the Contents key in a Signature dictionary must not be encrypted.
@Tilman: Are you going to adjust the code, as you are already in the middle of testing it?
Yes I'm intending to change the code, but wanted to find more files first and get feedback (which I got now). Also need to do tests, i.e. whether the changed code can render all my test files. 

I did find more files just now in the digitalcorpora files:

045697.pdf
050289.pdf
070413.pdf
The search program is slow, so I have only three, but all these are encrypted. 

I'll open a new issue later today with my thoughts and some sample files.

Tilman







Tilman



BR
Andreas

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]




---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to