[iText-questions] Uncommon ByteRange entry in signature dictionary

Fri, 22 May 2009 06:53:36 -0700 

After reading a lot a documents, from PDF-spec to technical
recommendations, I feel that the signature validation subject is still
unclear ...
In particular I submit a PDF that is NOT validated by Acrobat Reader (de
facto, the standard validator), but it is validated by other tools (e.g.
iText).

The Question: What is a ByteRange ?

* The Official PDF-Spec says that ByteRange is an array of (pairs of)
integer.
    * iText allows 2 or more pairs of integers.
      The following sample has 1 cert-signature plus 2 signatures
        http://web.tiscali.it/irrational/exp-sign/X-Cert-AZ.pdf
<http://web.tiscali.it/irrational/exp-sign/X-Cert-AZ.pdf> 
      All the signatures are validated (integrity check) by iText method
"verify"

* A lot of Adobe docs say that ByteRange is made of 4 integers ONLY.
    * Acrobat Reader won't validate the above pdf ; If you try, you can
see a generic message about "..damaged or suspect data in SigDict ..."
(Note: since the certificate used (for all the 3 signatures) has been
revoked, you should *temporarily* declared it as a trusted root
certificate)

If you inspect the above pdf, you can see that the 3rd signature has the
following "uncommon" byterange ;
/ByteRange [0 31771 56897 621 78000 4086] , that is the 3rd signature
excludes the whole block of the 2nd signature, plus of course its own
/Contents block.

Do you think this kind of signature is a valid signature or not ?
Do you think Acrobat signature validation is correct or should Acrobat
be more permissive ?

Aldo


------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com 
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions

Buy the iText book: http://www.1t3xt.com/docs/book.php
Check the site with examples before you ask questions: 
http://www.1t3xt.info/examples/
You can also search the keywords list: http://1t3xt.info/tutorials/keywords/

Reply via email to