1

The PDF 1.7 specification says:

seed value dictionary, Key MDP: "[..] A value of 0 defines the signature as an author signature (see 12.8, “Digital Signatures”). The values 1 through 3 shall be used for certification signatures and correspond to the value of P in a DocMDP transform parameters dictionary (see Table 254). [..]"

My questions:

  1. Author signature is a synonym for certification signature, isn't it?

If author signature is equivalent to certification signature:

  1. The differentation between 0 (author signature) and 1-3 (certification signature) seems irritating. What is the idea behind?
  2. Or went something wrong and the specification means approval signature instead of author signature? (The Java doc of the Adobe AEM Forms API supports this, see setMdpValue)

If approval signature is meant:

  1. Setting the MDP (in seed value dictionary) to 0 would require an approvale signature. Would that imply that any changes to the document will invalidate the signature?

Generell question to approval signature:

  1. Does an approval signature really protect the signed document from any changes? (An approval signature can have a FieldMDP, so changes to fields can be allowed?)

Final question:

  1. I'd like to predefine a signature field, where the signer shall attach an approval signature, that will get invalid by any changes to the signed document. How to do this? (By setting the MDP (in seed value dictionary) to 0?)

Thanks for any answers, also to a subset of my questions.

hagem
  • 189
  • 3
  • 16

1 Answers1

3

Concerning the first questions: you can safely assume that a MDP seed value of 0 indicates that the signature shall be an approval signature.

ISO 32000-1 does not know the term "author signature". The PDF Reference 1.7 (from which the ISO norm is derived) uses the term "author signature" for what now is known as "certification signature", but the corresponding except from the reference explicitly says that MDP seed 0 means "not an author signature":

A value of 0 defines the signature as an ordinary (non-author) signature

Concerning questions 4 & 5: No, an approval signature without any further ado is the type of signature that allows the most changes, slightly more than MDP 3, cf. this answer on stack overflow.

Concerning your final question: consider using a signature field lock dictionary with an Action value All to lock all form fields. Unfortunately this still allows certain changes. If you are prepared to use a PDF 2.0 feature, though, you can set LockDocument to true in the signature field seed value dictionary and also set bit 8 in the Ff value there to make that seed mandatory.

mkl
  • 90,588
  • 15
  • 125
  • 265
  • > _the corresponding except from the reference explicitly says that MDP seed 0 means "not an author signature"_ -> regarding [this document](http://wwwimages.adobe.com/content/dam/Adobe/en/devnet/pdf/pdfs/PDF32000_2008.pdf) from this [page](http://www.adobe.com/devnet/pdf/pdf_reference.html) the reference says _author signature_, I have not the ISO document maybe there it is correct – hagem Nov 02 '16 at 06:42
  • > _consider using a signature field lock dictionary with an Action value All to lock all form fields._ -> okay, to reach this, I just would set the lock dictionary (key Action) to "All"? In combination with a MDP seed value of 0 the signature is an _approval signature_ which get invalid by changing any field values? – hagem Nov 02 '16 at 07:06
  • *"okay, to reach this, I just would ..."* - In theory yes. I don't know whether this is interoperably implemented. In particular I think that many PDF signature validators don't analyze the changes in additional document revisions but instead merely indicate that the signature applies to a former document revision. Adobe Acrobat, on the other hand, can be expected to honor the field lock mechanism. – mkl Nov 02 '16 at 08:11