> Am 04.03.2013 10:39, schrieb Maruan Sahyoun: >> Hi, >> >> how did you verify that the signature is invalid? It might be the >> intended behavior if the verification means that you have e.g. a >> yellow exclamation mark in Adobe Acrobat. Why might that be correct? > The exclamation mark tells only that there are minor problems with the > signature. If a signature is invalid or can't be parsed, Adobe will show a X > instead of a exclamation mark [1]. All other symbols shows that the signature > _isn't_ invalid. Adobe complains on the screenshot that the certificate isn't > trustful. Trustful means adobe can not check this certificate against his > known trust center or the certificate is selfsigned. So if the adobe reader > should show a checkmark [2], the certificate need to be marked as > trustfulness.
That's why we need to know how you came to the conclusion that the signature is invalid. > >> Well adding the first signature means the signature is applied with >> the state the PDF has as that point in time. Adding the second >> signature means adding additional content after the first signature > No, that's not correct. The signature covers the whole document incl. the > incremental update. So if you sign once you sign the original and the first > update. After doing the second sign you sign the update 1 and update 2. See > [3] The first signature covers it own changes. if you alter a document after > signing, the signature isn't automatically invalid. Adobe will inform the > user that the document was altered after signing. The signature stay intact. That's what I wanted to say here. But as soon as a second signature is applied there will be a visual hint to the first signature in Adobe Acrobat or Reader. As you correctly state this doesn't mean that the first signature is invalid. It only shows that the document was altered after applying the first signature in this case by applying the second signature. > >> was applied. This will be reflected in Acrobat by displaying the >> yellow exclamation mark. Inspecting the message in the signature >> dialog will say that after the signature was added changes were done >> to the PDF - which is correct. > The signature will be added incremental. The previouse sections wouldn't be > altered at all. If you compare both documents with a diff tool that can > handle pdf as text you would see, that the new signature doesn't change the > prevouse document. What will happen is, that with a incremental update the > xref table/stream refer to altered and/or new objects. So if I want sign the > first page, the pdfbox need to alter the page object and write a new one. The > new page use the same object id and will be refered by the xref table/stream. > So if the parser read the document and show it on the screen, he will find > the altered page. The most error happens if the altered or new objects, or > the xref table/stream are broken. > >> In order to verify if there might be an issue could you please >> provide some additional information. >> >> With kind regards >> >> Maruan >> > > PS: sorry for the wide explanation of the problematic. The signing process is > a little bit complex and can't be explained in one or two sentence. If you > have questions about signing, you can mail me direct for not going too much > offtopic. > > > [1] > http://itext-general.2136553.n4.nabble.com/file/n4657575/invalid_signature.png > [2] > http://s1.www.textcontrol.com/en_US/blog/archive/20110803/assets/tx_acrobat_zoom.png > [3] http://partners.adobe.com/public/developer/en/images/tip3-2.jpg
