Glam,
Glam wrote: > > is it possible (according to the PDF standard, and in iText) to have two > signatures for the same revision? (I have set a certification level to > CERTIFIED_FORM_FILLING_AND_ANNOTATIONS). > The point is that the document is created once and is not altered at all, > except for adding the signatures. > ISO 32000-1:2008, section 12.8.1 says: "A byte range digest shall be computed over a range of bytes in the file, that shall be indicated by the ByteRange entry in the signature dictionary. This range should be the entire file, including the signature dictionary but excluding the signature value itself (the Contents entry). Other ranges may be used but since they do not check for all changes to the document, their use is not recommended. When a byte range digest is present, all values in the signature dictionary shall be direct objects." Thus, according to this norm, more piecewise byte ranges are permissible. Therefore, it especially is permissible to have multiple signature containers excluded from the bytes to sign. BUT... if you want Adobe products to accept your signatures out-of-the-box, you'll find that they expect a signature to sign everything in its revision but itself. For two signatures this would imply that each signature would have to sign a range that includes each other, a hen-or-egg problem. If your signatures only have to be verifiable with you own software and Adobe products may mark your signatures as invalid, then you can quite easily create such independent double signatures. Cf. http://old.nabble.com/Uncommon-ByteRange-entry-in-signature-dictionary-to23670277.html for some inspiration. iText can be changed to do that without too much much trouble. But keep in mind Leonard's words there: "Adobe Acrobat and Reader will IMMEDIATELY invalidate a ByteRange that is more than 2 pairs. So anything with multiple ranges won’t validate." As a third way you may build a custom Adobe plugin which verify your custom signatures. Regards, Michael. -- View this message in context: http://old.nabble.com/Multiple-signatures-and-multiple-revisions-tp26536564p26588104.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ iText-questions mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
