<html>
<head>
<base href="https://bugs.freedesktop.org/">
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - Sign PDF with digital signature"
href="https://bugs.freedesktop.org/show_bug.cgi?id=99416#c48">Comment # 48</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - Sign PDF with digital signature"
href="https://bugs.freedesktop.org/show_bug.cgi?id=99416">bug 99416</a>
from <span class="vcard"><a class="email" href="mailto:huj@froreich-bioscientia.de" title="Hans-Ulrich Jüttner <huj@froreich-bioscientia.de>"> <span class="fn">Hans-Ulrich Jüttner</span></a>
</span></b>
<pre>(In reply to Adrian Johnson from <a href="show_bug.cgi?id=99416#c47">comment #47</a>)
<span class="quote">> (In reply to Hans-Ulrich Jüttner from <a href="show_bug.cgi?id=99416#c46">comment #46</a>)
> > With the Contents object I see no problem replacing it with the correct
> > signature
> > value. However, the ByteRange object on disk is a string with multiple
> > spaces,
> > e.g. "/ByteRange [0 103562 108976 311 ]". These multiple
> > spaces
> > can't be represented in the ByteRange object in memory as it is an array of
> > integers. But if these multiple spaces are removed the signature will be
> > invalidated since the hash is calculated over a string including these
> > spaces.
>
> This doesn't make sense. The signature has to be computed on the disk file.
>
> > Before the patch (3) of Adrian this problem was avoided by not producing such
> > multiple spaces.
>
> Before patch (3) the entire PDF file was written to memory which is a
> non-starter. It also assumed that the document can be saved twice and get an
> identical file. It may work now but I don't think this assumption is safe
> given that if only one bit changes the signature breaks.
>
> There is an Adobe document that explains the signing process on page 5.
> <a href="https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSig/">https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSig/</a>
> Acrobat_DigitalSignatures_in_PDF.pdf
>
> It is how patch (3) works except for the last line "The PDF file is
> re-loaded in Acrobat to ensure that the in-memory and on-disk versions are
> identical.".</span >
I think that re-reading a document which just has been written with poppler
and writing it again whithout changes should produce an identical document.
But with the multiple spaces in the ByteRange on disk this would not be the
case. Moreover, multiple spaces separating objects in PFD files are not
allowed by more restrictive standards like PDF/A.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>