My problem is: I need the signature to be calculated from the bytes of the original file only.
If you do that, then you've opened up a pretty big security hole!
Since the information about WHO signed the document, WHY they signed the document, WHERE they signed the document, etc. are all contained in the Signature dictionary. So if you DO NOT sign those bytes, THEN a hacker would be able to modify those bytes w/o fear of detection.
Leonard
--------------------------------------------------------------------------- Leonard Rosenthol <mailto:[EMAIL PROTECTED]> Chief Technical Officer <http://www.pdfsages.com> PDF Sages, Inc. 215-938-7080 (voice) 215-938-0880 (fax)
------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions
