[Poppler-bugs] [Bug 99416] Sign PDF with digital signature

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Sep 15 12:32:28 UTC 2017 

https://bugs.freedesktop.org/show_bug.cgi?id=99416

--- Comment #48 from Hans-Ulrich Jüttner <huj at froreich-bioscientia.de> ---
(In reply to Adrian Johnson from comment #47)
> (In reply to Hans-Ulrich Jüttner from comment #46)
> > With the Contents object I see no problem replacing it with the correct
> > signature
> > value. However, the ByteRange object on disk is a string with multiple
> > spaces,
> > e.g. "/ByteRange [0 103562     108976     311        ]". These multiple
> > spaces
> > can't be represented in the ByteRange object in memory as it is an array of
> > integers. But if these multiple spaces are removed the signature will be
> > invalidated since the hash is calculated over a string including these
> > spaces.
> 
> This doesn't make sense. The signature has to be computed on the disk file.
> 
> > Before the patch (3) of Adrian this problem was avoided by not producing such
> > multiple spaces.
> 
> Before patch (3) the entire PDF file was written to memory which is a
> non-starter. It also assumed that the document can be saved twice and get an
> identical file. It may work now but I don't think this assumption is safe
> given that if only one bit changes the signature breaks.
> 
> There is an Adobe document that explains the signing process on page 5.
> https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSig/
> Acrobat_DigitalSignatures_in_PDF.pdf
> 
> It is how patch (3) works except for the last line "The PDF file is
> re-loaded in Acrobat to ensure that the in-memory and on-disk versions are
> identical.".

I think that re-reading a document which just has been written with poppler
and writing it again whithout changes should produce an identical document.
But with the multiple spaces in the ByteRange on disk this would not be the
case. Moreover, multiple spaces separating objects in PFD files are not
allowed by more restrictive standards like PDF/A.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20170915/cce73f9e/attachment.html>

More information about the Poppler-bugs mailing list