PDFBox signed Document prevents modification

Question

I am (successfully) signing a PDF with a .p12 certificate.

The problem is, that after signing the pdf, the file cannot be modified anymore.

I know that any modification to the pdf breaks the signature but i still want to allow modifications so the client can do modifications and edit text.

Heres my minimal reproduction of my valid signature ( I started with the CreateSignature Example of Apache PDfBox):


    public void signDetached(PDDocument document, OutputStream output)
            throws IOException {
        PDSignature signature = new PDSignature();
        signature.setFilter(PDSignature.FILTER_ADOBE_PPKLITE);
        signature.setSubFilter(PDSignature.SUBFILTER_ADBE_PKCS7_DETACHED);
        signature.setName("Testing User");
        signature.setLocation("Los Angeles, CA");
        signature.setReason("Testing");
        signature.setSignDate(Calendar.getInstance());
        document.addSignature(signature, this);
        document.saveIncremental(output);
    }

This code adds a digital signature dictionary to the PDF, but it doesn't seem to create an approval signature that allows for further modifications to the document.

What am I doing wrong here? Is it possible to create a non-visible approval signature with Apache PDFBox that allows for modifications and becomes invalidated when those modifications occur?

Thank you in advance for any help or insights you can provide!

Please share the file. Did you change the `setMDPPermission` line in the sample code? — Tilman Hausherr, May 23 '23 at 15:31
Which file? The whole CreateSignature.java or my resulting PDF? Yes i deleted the line because of another answer is saw on SO which suggested that. — Joniras, May 23 '23 at 17:57

score 1 · Answer 1 · answered May 23 '23 at 22:05

This code adds a digital signature dictionary to the PDF, but it doesn't seem to create an approval signature that allows for further modifications to the document.

Here is your fundamental misconception, an approval signature does not allow for further modifications.

Admittedly, the PDF spec does not mention a restriction of allowed changes if there only are approval signatures. Adobe Acrobat, on the other hand, for many years has been imposing restrictions on such documents that are nearly identical to those of documents with a certification signature with a MDP P value of 3, cf. this answer. Furthermore, Adobe Acrobat does enforce this, it does not allow its users to apply changes to a PDF that it would consider disallowed.

Thus,

I know that any modification to the pdf breaks the signature but i still want to allow modifications so the client can do modifications and edit text.

this is not supported by Adobe Acrobat. Other PDF editors may or may not support disallowed manipulations of signed PDFs.

PDFBox signed Document prevents modification

1 Answers1