0

After signing PDF with Python endesive library, various editors still are able to edit the file. I compared with document, signed by SIGNICAT and Acrobat shows that SIGNICAT's document protected from editing.

...
from OpenSSL.crypto import load_pkcs12
from endesive import pdf

def main():
    dct = {
        b'sigflags': 3,
        b'contact': b'info@example.com',
        b'location': b'USA',
        b'signingdate': datetime.today().strftime('%Y%m%d%H%%M%S%z').encode(),
        b'reason': b'Document officially signed',
    }

    datas = pdf.cms.sign(datau, dct,
        p12.get_privatekey().to_cryptography_key(),
        p12.get_certificate().to_cryptography(),
        [],
        'sha256'
    )
...
FULL STACK DEV
  • 15,207
  • 5
  • 46
  • 66
alectogeek
  • 890
  • 1
  • 6
  • 20
  • 1
    You might have to change the type of signature you apply. The PDF standard allows certain changes to a signed PDF, cf. [this answer](https://stackoverflow.com/a/16711745/1729265). – mkl Jul 03 '19 at 12:01
  • Do you mean the PDF can still be edited *while keeping the signature valid*? Signature is meant to authenticate the content, not protect it from copy. – Leporello Jul 03 '19 at 12:22
  • @Leporello No, at least I want Adobe products to indicate that the document is signed and protected from editing. – alectogeek Jul 03 '19 at 14:00
  • Signing a document is not sufficient to prevent editing of a PDF. In fact, applying basic password security isn't even enough to completely prevent editing of a PDF. As you noticed, some applications will notice the signature and disable features that would modify the document and invalidate the signature, however, that is an implementation choice, not a requirement based on the PDF specification. If you want to prevent editing, you must apply the signature *and* encrypt the document. – joelgeraci Jul 03 '19 at 14:40
  • @joelgeraci Thank you for the answer! I fully realize that it will not prevent from modifying, but the first priority, for now, is to sign it so that Abode apps notice that document prevented from editing. – alectogeek Jul 03 '19 at 15:38

0 Answers0