[
https://issues.apache.org/jira/browse/PDFBOX-5647?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tilman Hausherr updated PDFBOX-5647:
------------------------------------
Summary: Showing signature verified for tampered document (was: Showing
signature verified for tempered document)
> Showing signature verified for tampered document
> ------------------------------------------------
>
> Key: PDFBOX-5647
> URL: https://issues.apache.org/jira/browse/PDFBOX-5647
> Project: PDFBox
> Issue Type: Bug
> Components: Signing
> Reporter: Tanmay Sharma
> Priority: Blocker
> Attachments: Doc1_signed.pdf, Doc1_signed_corrupted.pdf
>
>
> A 2 page document was signed. The signature of document was verified by
> [ShowSignature
> sample|https://github.com/apache/pdfbox/blob/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java]
> and it prints "Signature Verified".
> Then a corrupted signed PDF was created by deleting the second page of the
> same signed PDF and the signature of the corrupted PDF was also verified
> using [ShowSignature
> sample|https://github.com/apache/pdfbox/blob/trunk/examples/src/main/java/org/apache/pdfbox/examples/signature/ShowSignature.java].
> Ideally the verification should fail because hash of the document is changed
> (as second page is deleted). But instead of printing "Signature verification
> failed", it still prints "Signature Verified".
> How the signature of corrupted pdf is still getting verified successfully?
> Both signed pdf and corrupted signed pdf is added in the attachments.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
