[Poppler-bugs] [Bug 16770] support for digital signatures

[bugzilla-daemon at freedesktop.org]

https://bugs.freedesktop.org/show_bug.cgi?id=16770

--- Comment #97 from Andre Guerreiro <aguerreiro1985 at gmail.com> ---
(In reply to Adrian Johnson from comment #79)
> +  r_values[0] = r2.isInt64() ? r2.getInt64() : r2.getInt();
> +  r_values[1] = r3.isInt64() ? r3.getInt64() : r3.getInt();
> +  r_values[2] = r4.isInt64() ? r4.getInt64() : r4.getInt();
>  
> According the PDF Reference, the ByteRange array contains pairs of
> (offset,length).
> 
> Why do we ignore the first offset and later assume it is 0? Why do we assume
> there are exactly two pairs.
> 
> I only skimmed over the digital signatures section so maybe I missed
> something.

Actually the PDF spec allows for more than 2 pairs of values in /ByteRange but
it would mean that there is more than one gap in the signed data apart from the
signature itself. Quoting from ISO 32000-1 section 12.8.1: 
"This range should be the entire file, including the signature dictionary but
excluding the signature value itself (the Contents entry). Other ranges may be
used but since they do not check for all changes to the document, their use is
not recommended."

Obviously in a file with multiple signatures each signature should cover the
latest revision present in the file when the signature was appended.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/poppler-bugs/attachments/20151028/bd2f48ba/attachment.html>