0

I'm using itext 7.0.4 to sign/verify pdf documents. Currently itext sharp doesn't have a straightful way to detect if the pdf was modified between two signatures. So I'm going to write my own logic to check the pdf objects between two revisions. But I don't know what kind of pdf objects could make the pdf as modifed and then make previous signatures invalid. In some valid pdf documents, there are PdfArray, PdfDictionary (with name of BaseFont, CRL, CRLs, Differences, Filter etc) could appears between signatures but doesn't invalid any signatures. Could anyone please help me figure out any resources or link to find those pdf object out? Or if there is a better way to do this?

Here is an example of valid changes between two signatures:

525 0 obj
<</CRLs 526 0 R/Certs 527 0 R/OCSPs 528 0 R/VRI 529 0 R>>
endobj
526 0 obj
[534 0 R]
endobj
527 0 obj
[537 0 R 538 0 R 539 0 R 540 0 R]
endobj
528 0 obj
[536 0 R]
endobj
529 0 obj
<</45626735E12B29DB8AB3D77B75A72561ACAEC391 530 0 R/5A499B4A1F0078D41C99B268F1307FC122AD1FAB 531 0 R/CCE015E4A68CE20FF14004F17BECD86482CB395F 532 0 R>>
endobj
530 0 obj
<</TU(D:20171119103209+13'00')>>
endobj
534 0 obj
<</Filter[/FlateDecode]/Length 423>>stream
H‰2hbÜo肉‘Ñ€—S«Í£í;/##7+ƒA‰!·'s(›0“_”¡¸(ˆÃ-ÌâëªàœŸW\šS’™—“àÂ060I0Ëi1„0ø2¸2(0¸0d2¤q    C"Cæçy%¥E©â¼†f††FFF†–Q@®9kå0 9’¹‰‘‘Áܽ Xça¨s‚õùž'µ!*ŸŒTs‹U:£Â×äþq]    䊉ւY³öO=TÂ1A7¹c9÷™ûßÜ´Ê0Y¹téUÉ^… ?òÍgâg¤ºçìÏ»)áõíÀrîØg+Â%ätZ£/Ù|ûN]j¸ìá“v/¿óåþ.‰ïù{Œ,™ö­:â}²ÆýLœàám‡s'_غÙöÄæ)|Mö%7ËŠ/>[§Ü÷ïqÜâ§./ÝRýÑ/øÓNÝïüïÝþ™¦vHl½Ï]áC[    ï\÷KŠ’»ú„µHöjÄ„6^üž©ÌvËìÖyJY¼'mm¥ô­¶¸øð½Zø{ÞÍØ-Š š+¶
endstream
endobj

Thanks in advance.

cairabbit
  • 55
  • 1
  • 9
  • For an abstract description of allowed and disallowed changes to a signed pdf see [this answer](https://stackoverflow.com/a/16711745/1729265). The concrete options behind that are hard to grasp. Adobe has a tendency to allow the allowed changes only if they are done as Adobe would do them. – mkl Nov 20 '17 at 21:58
  • Thanks for your reply. From your answer, the "Changing page content" would invalid the signature, that's correct. But how can I identify some changes are changing page content, some are not. For example, the signed pdf document was adding above objects before second signature. In adobe reader, these changes are not considering as "changing page content". That's the problem annoying me. – cairabbit Nov 20 '17 at 22:13
  • 1
    You not only have to look at the objects in the incremental update but also at there context. Objects that are not referenced (neither from other objects nor the trailer) make no difference to the document. Depending on what they are referenced from you can determine their function and from that whether their addition is allowed or not. E.g. a new stream added to some page contents array most likely will mean a change of page contents. But a new steam added to some page annotations merely mean a change of annotations. – mkl Nov 21 '17 at 05:19
  • 1
    By the way, the example objects you dumped into your question *look like* they belong to a category of changes not allowed by ISO 32000-1:2008 (which my referenced answer is about) but by PAdES part 4 and ISO 32000-2:2017: those objects *look like* they are validation related information which by those newer norms may be added to documents with *any* certification level, even to those with "no changes allowed". One of course has to check whether they are used as such and don't replace objects with other functions. – mkl Nov 21 '17 at 05:25
  • 1
    All taken into consideration you chose a difficult task here. I'm not aware of any implementation doing those checks other than from Adobe. And as mentioned before, the Adobe implementation is biased to only allow allowed changes if they had been done Adobe style. – mkl Nov 21 '17 at 05:31
  • Thank you very much, mkl. You are right. I knew this is a difficult task. But we need to verify signatures in the way similar to Adobe Acrobat Reader. Otherwise our client would complain about that. Look like I have to improve this validation all the time. :( – cairabbit Nov 23 '17 at 19:37
  • Be prepared to spend a number of developer months for any acceptable implementation. And as you try to imitate adobe reader, don't forget that that software already has good PDF 2.0 support. – mkl Nov 23 '17 at 21:19

0 Answers0