pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Chojecki <i...@rayman2200.de>
Subject Re: Multiple signatures
Date Mon, 04 Mar 2013 12:58:26 GMT
Am 04.03.2013 12:21, schrieb Maruan Sahyoun:
>> Am 04.03.2013 10:39, schrieb Maruan Sahyoun:
>>> Hi,
>>>
>>> how did you verify that the signature is invalid? It might be the
>>> intended behavior if the verification means that you have e.g. a
>>> yellow exclamation mark in Adobe Acrobat. Why might that be 
>>> correct?
>> The exclamation mark tells only that there are minor problems with 
>> the signature. If a signature is invalid or can't be parsed, Adobe 
>> will show a X instead of a exclamation mark [1]. All other symbols 
>> shows that the signature _isn't_ invalid. Adobe complains on the 
>> screenshot that the certificate isn't trustful. Trustful means adobe 
>> can not check this certificate against his known trust center or the 
>> certificate is selfsigned. So if the adobe reader should show a 
>> checkmark [2], the certificate need to be marked as trustfulness.
>
> That's why we need to know how you came to the conclusion that the
> signature is invalid.
>
Ok, sorry for that misunderstanding. The screenshot comes from me. I 
wanted prove that I can not reproduce that issue. My mistake that I 
signed the same page twice so the signature was correct. The problem is 
signing different pages and I can reproduce it with the 1.7.x and trunk 
(1.8 snapshot) pdfbox version. I hope I can find some time to fix it 
soon.

1. I can reproduce it with the sample code signing two different pages 
and so the issue is still up-to-date.
2. My appended screenshot shows the wrong case and should be ignored.

>>
>>> Well adding the first signature means the signature is applied with
>>> the state the PDF has as that point in time. Adding the second
>>> signature means adding additional content after the first signature
>> No, that's not correct. The signature covers the whole document 
>> incl. the incremental update. So if you sign once you sign the 
>> original and the first update. After doing the second sign you sign 
>> the update 1 and update 2. See [3] The first signature covers it own 
>> changes. if you alter a document after signing, the signature isn't 
>> automatically invalid. Adobe will inform the user that the document 
>> was altered after signing. The signature stay intact.
>
> That's what I wanted to say here. But as soon as a second signature
> is applied there will be a visual hint to the first signature in 
> Adobe
> Acrobat or Reader. As you correctly state this doesn't mean that the
> first signature is invalid. It only shows that the document was
> altered after applying the first signature in this case by applying
> the second signature.
>
I've tested it now again. Signed twice and alter the document after 
signing with a new incremental update. I need to correct my last 
statement, the adobe reader give no hit that someone altered the 
document after signing. The only thing that is shown for each signature 
is, that the revision wasn't altered after signing.

PS: Please let discuss this outside the mailing list, the author of the 
original mail has a different problem.

Mime
View raw message