Hello everybody, as you have probably already heard, there are currently new attacks on pdf signatures very popular in the media.
https://www.pdf-insecurity.org/ In particular the demo doucuments of Attack 2: Incremental Saving Attack and Attack 3 can be parsed with the pdfbox library and the ShowSignature example even validates the malicious signatures. Are there any plans to include some validation steps into pdfbox to cope with these problems? ThanksĀ Wolfgang
smime.p7s
Description: S/MIME cryptographic signature
