A

Anonymous

Answered

Adding annotations with Adobe changes the type of signature validation result.

Forum|Forum|1 year ago
December 24, 2024
3 replies
2524 views

I have a document ”test.pdf”. The last signature shows that it has been modified, but when I add an annotation with Adobe, the signature shows that the byte range is invalid. Why is this? The last annotation I added was with Adobe, shouldn't it still show that the document has been modified?

test.pdf

test-Addannot.pdf

Correct answer MikelKlink

For the main error see this answer - The revision with the troublesome signature contains errors causing the modification detection checks for later incremental updates to fail.

Additionally, though, the files attached to this question are slightly different from the file attached there, they contain some streams whose contents have been overwritten with space characters. As those streams at the same time claim to be flate encoded, this gives rise to additional errors in these files here which may cause even weirder effects.

A

AppsecTeam

Participating Frequently

Hello,

I would like to share some information regarding this issue.

I am a developer working on e-signature applications, and my applications, which have been running without any issues for a long time, suddenly started throwing errors.

It took a while to understand the root cause because, while all other applications recognized the signatures as valid, Adobe Reader/Acrobat marked all signatures after the first one as invalid and only considered the last signature as valid.

After extensive trial and error, I discovered that this issue occurs when a PDF is generated by merging multiple documents and at least one of those documents contains a comment or annotation.

Once I identified the problem, the only workaround I could find was to open the affected PDF (where signatures are shown as invalid), add a comment to a page, and then cancel it without filling it. Doing so prompts Adobe to revalidate the signatures, after which all signatures appear as valid. However, you must first manually click the Validate button for this to take effect.

I believe this is a bug.

Attached images (error_1, 2, 3, 4, 5)

MikelKlink

Participating Frequently

I believe this is a bug.

Well, it's hard to tell without the actual PDFs. Without further details I would assume there is an issue in the PDF to start with and your annotation change either fixes it or at least changes it enough to have Acrobat see no red flags anymore.

Furthermore,

I would like to share some information regarding this issue.

In which way does your observation do so? The question was about a specific PDF after all which was not a merge...

A

AppsecTeam

Participating Frequently

First of all, thank you for replying to my message.

I would like to upload a sample document, but since it will contain my personal signature, I do not prefer to share it on this platform. If there is a corporate bug notification or tracking environment, I can share it there.

On the other hand, practically and legally, it should be guaranteed that no changes can be made to a signed document, if they are made, the signature becomes invalid, but in this case, the opposite is true. If an invalid document - as you mentioned, is fixed when annotated - becomes valid with editing, which means a serious problem. If there is a bug in the background, then signed documents can be manipulated in some way, which means a transition from bug level to security vulnerability level.

As a result, when I analyze the PDF document (with Itext's RUPS software), there is a difference between the "unvalidated" status and the "validated" status. (When Validate is used, it asks you to save the document, and from here it can be understood that a change has been made)

I can see the exact change with the WinMerge tool. I added an image of the changed part in the attachment (yellow area), then the object data related to the user, which is already in the document, was added. Frankly, I'm confused...

- I couldn't find an edit -

Although the topic is similar to this one, it seems independent, so I would appreciate it if you could move it to a topic like this:

"A pdf document with a valid signature is marked as invalid because it was signed a second time or more."

MikelKlinkCorrect answer

Participating Frequently

For the main error see this answer - The revision with the troublesome signature contains errors causing the modification detection checks for later incremental updates to fail.

Additionally, though, the files attached to this question are slightly different from the file attached there, they contain some streams whose contents have been overwritten with space characters. As those streams at the same time claim to be flate encoded, this gives rise to additional errors in these files here which may cause even weirder effects.

A

Anonymous

Can anyone help to see why? When opening test.pdf with Adobe and adding an annotation, then saving it, re-validating will prompt an error saying 'byte range invalid'.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded