Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signed signature fields and incremental saves validation issue #1493

Closed
rogerk-apryse opened this issue Dec 11, 2024 · 2 comments
Closed

Signed signature fields and incremental saves validation issue #1493

rogerk-apryse opened this issue Dec 11, 2024 · 2 comments
Labels
fixed-in-dev

Comments

@rogerk-apryse
Copy link

Hello,

When using incremental saves, and using more than 1 signature VeraPDF will fail to certify for PDF/A-2b with error

"Specification: ISO 19005-2:2011, Clause: 6.4.3, Test number: 1 |  When computing the digest for the file, it shall be computed over the entire file, including the signature dictionary but excluding the PDF Signature itself"

Here is the test that I did:

  • I created the following two files:
  • PDFA_SIGN_1.pdf → first field is signed and the second one is not the file and is PDF/A-2b compliant with VeraPDF.
  • PDFA_SIGN_2.pdf → comes from first file, 2nd field is signed also now, saved incrementally. It is PDF/A-2b compliant Adobe Preflight, but VeraPDF reports error above.

Both files, when opened with Adobe Reader, if we click on the signed field(s) to see the signature status we see “The document has not been modified since the signature was applied” so this is an indication that the /ByteRange values and digest of each of the two signatures is correct.

Now to test: take the file PDFA_SIGN_2.pdf, open it with Notepad++ or a binary editor and search for the first signature’s /ByteRange and change this
/ByteRange [0 41392 44034 525] /Contents…
to this
/ByteRange [0 41392 44034 36923] /Contents...
by overwriting and not inserting so that the total file size does not change and save to PDFA_SIGN_2_edited_range.pdf.

Now this file will will pass VeraPDF’s validation.

Both signature fields' statuses will show in AR this message “The document has been altered or corrupted since the Signature was applied.”

This means that VeraPDF is checking that all signed signature fields in the document have the ByteRange values covering the whole document, and not the part of the document up to where it was signed. So incrementally saves of a previously signed document are failing validation.

(Attaching the zip with the 3 PDF files)
incremental_saves_signed_pdfa_issue.zip

I understand that PDF/A is for archival and once a PDF/A compliant file is generated, it is not expected to be modified. However, I was not able to find anything in the specifications regarding validation of incrementally saves after adding signatures to a file.

Do you think this is something that needs to be fixed in VeraPDF validation of the ByteRange values?

Thanks
Roger
@MaximPlusov
Copy link
Contributor

@rogerk-apryse Thanks for reporting.
This issue is duplicate of #1490 and already fixed in last development version 1.27.97

@rogerk-apryse
Copy link
Author

Thanks @MaximPlusov

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fixed-in-dev
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MaximPlusov @rogerk-apryse