[Poppler-bugs] [Bug 99416] Sign PDF with digital signature
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Fri Sep 15 10:22:54 UTC 2017
https://bugs.freedesktop.org/show_bug.cgi?id=99416
--- Comment #47 from Adrian Johnson <ajohnson at redneon.com> ---
(In reply to Hans-Ulrich Jüttner from comment #46)
> With the Contents object I see no problem replacing it with the correct
> signature
> value. However, the ByteRange object on disk is a string with multiple
> spaces,
> e.g. "/ByteRange [0 103562 108976 311 ]". These multiple
> spaces
> can't be represented in the ByteRange object in memory as it is an array of
> integers. But if these multiple spaces are removed the signature will be
> invalidated since the hash is calculated over a string including these
> spaces.
This doesn't make sense. The signature has to be computed on the disk file.
> Before the patch (3) of Adrian this problem was avoided by not producing such
> multiple spaces.
Before patch (3) the entire PDF file was written to memory which is a
non-starter. It also assumed that the document can be saved twice and get an
identical file. It may work now but I don't think this assumption is safe given
that if only one bit changes the signature breaks.
There is an Adobe document that explains the signing process on page 5.
https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSig/Acrobat_DigitalSignatures_in_PDF.pdf
It is how patch (3) works except for the last line "The PDF file is re-loaded
in Acrobat to ensure that the in-memory and on-disk versions are identical.".
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20170915/cc1a9288/attachment.html>
More information about the Poppler-bugs
mailing list