Am 04.03.2013 10:39, schrieb Maruan Sahyoun:
Hi,
how did you verify that the signature is invalid? It might be the
intended behavior if the verification means that you have e.g. a
yellow exclamation mark in Adobe Acrobat. Why might that be correct?
The exclamation mark tells only that there are minor problems with the
signature. If a signature is invalid or can't be parsed, Adobe will show
a X instead of a exclamation mark [1]. All other symbols shows that the
signature _isn't_ invalid. Adobe complains on the screenshot that the
certificate isn't trustful. Trustful means adobe can not check this
certificate against his known trust center or the certificate is
selfsigned. So if the adobe reader should show a checkmark [2], the
certificate need to be marked as trustfulness.
Well adding the first signature means the signature is applied with
the state the PDF has as that point in time. Adding the second
signature means adding additional content after the first signature
No, that's not correct. The signature covers the whole document incl.
the incremental update. So if you sign once you sign the original and
the first update. After doing the second sign you sign the update 1 and
update 2. See [3] The first signature covers it own changes. if you
alter a document after signing, the signature isn't automatically
invalid. Adobe will inform the user that the document was altered after
signing. The signature stay intact.
was applied. This will be reflected in Acrobat by displaying the
yellow exclamation mark. Inspecting the message in the signature
dialog will say that after the signature was added changes were done
to the PDF - which is correct.
The signature will be added incremental. The previouse sections
wouldn't be altered at all. If you compare both documents with a diff
tool that can handle pdf as text you would see, that the new signature
doesn't change the prevouse document. What will happen is, that with a
incremental update the xref table/stream refer to altered and/or new
objects. So if I want sign the first page, the pdfbox need to alter the
page object and write a new one. The new page use the same object id and
will be refered by the xref table/stream. So if the parser read the
document and show it on the screen, he will find the altered page. The
most error happens if the altered or new objects, or the xref
table/stream are broken.
In order to verify if there might be an issue could you please
provide some additional information.
With kind regards
Maruan
PS: sorry for the wide explanation of the problematic. The signing
process is a little bit complex and can't be explained in one or two
sentence. If you have questions about signing, you can mail me direct
for not going too much offtopic.
[1]
http://itext-general.2136553.n4.nabble.com/file/n4657575/invalid_signature.png
[2]
http://s1.www.textcontrol.com/en_US/blog/archive/20110803/assets/tx_acrobat_zoom.png
[3] http://partners.adobe.com/public/developer/en/images/tip3-2.jpg
