Am 04.03.2013 12:21, schrieb Maruan Sahyoun:
Am 04.03.2013 10:39, schrieb Maruan Sahyoun:
Hi,
how did you verify that the signature is invalid? It might be the
intended behavior if the verification means that you have e.g. a
yellow exclamation mark in Adobe Acrobat. Why might that be
correct?
The exclamation mark tells only that there are minor problems with
the signature. If a signature is invalid or can't be parsed, Adobe
will show a X instead of a exclamation mark [1]. All other symbols
shows that the signature _isn't_ invalid. Adobe complains on the
screenshot that the certificate isn't trustful. Trustful means adobe
can not check this certificate against his known trust center or the
certificate is selfsigned. So if the adobe reader should show a
checkmark [2], the certificate need to be marked as trustfulness.
That's why we need to know how you came to the conclusion that the
signature is invalid.
Ok, sorry for that misunderstanding. The screenshot comes from me. I
wanted prove that I can not reproduce that issue. My mistake that I
signed the same page twice so the signature was correct. The problem is
signing different pages and I can reproduce it with the 1.7.x and trunk
(1.8 snapshot) pdfbox version. I hope I can find some time to fix it
soon.
1. I can reproduce it with the sample code signing two different pages
and so the issue is still up-to-date.
2. My appended screenshot shows the wrong case and should be ignored.
Well adding the first signature means the signature is applied with
the state the PDF has as that point in time. Adding the second
signature means adding additional content after the first signature
No, that's not correct. The signature covers the whole document
incl. the incremental update. So if you sign once you sign the
original and the first update. After doing the second sign you sign
the update 1 and update 2. See [3] The first signature covers it own
changes. if you alter a document after signing, the signature isn't
automatically invalid. Adobe will inform the user that the document
was altered after signing. The signature stay intact.
That's what I wanted to say here. But as soon as a second signature
is applied there will be a visual hint to the first signature in
Adobe
Acrobat or Reader. As you correctly state this doesn't mean that the
first signature is invalid. It only shows that the document was
altered after applying the first signature in this case by applying
the second signature.
I've tested it now again. Signed twice and alter the document after
signing with a new incremental update. I need to correct my last
statement, the adobe reader give no hit that someone altered the
document after signing. The only thing that is shown for each signature
is, that the revision wasn't altered after signing.
PS: Please let discuss this outside the mailing list, the author of the
original mail has a different problem.
