Adobe Acrobat when doing a signature which invalidates previous signature

As shown above,The part above the line marked with Rev1 is revision 1 of the document.When signing the document with a second signature, the program don’t change any of the bytes of revision 1. We add additional content (provided that the first signature allows this content), and
we create a new signature. This new signature is based on a message digest that includes the entire byte array of revision 1. The result is revision 2. When signing the document with a third signature,the bytes of revision 2 are preserved.

Note:the signature contents format is PKCS7.

The previous signature pdf is in below attachment and you can sign this file secondly.

The issue is essentially the same as in this thread (you'll also find some references to stack overflow answers for similar issues there). Merely in that case the error was added with the first signature and in your case it was added before the first signature.

The cause of this issue is an error in the cross reference table of the first revision of the document. PDF viewers in general ignore or repair a lot of minor errors, so no viewer warns about it. Adobe Acrobat also ignores it. Usually that is. Except when checking for a signature (except the final signature of the document) whether there are any disallowed later changes, in that case that error results in such a validation failure.

In detail:

At the end of each revision of a PDF there is a cross reference table or stream mapping object numbers to their respective position in the file. According to the PDF specification the cross reference of the initial revision must not be segmented. Furthermore, there must be a mapping for every object number from 0 to Size-1.

In case of your document, though, it is segmented:

xref
0 2
0000000000 65535 f
0000000017 00000 n
4 46
0000000124 00000 n
[...]
0000144732 00000 n
51 15
0000144824 00000 n
[...]
0000280018 00000 n
67 18
0000280272 00000 n
[...]
0000415611 00000 n
86 29
0000415637 00000 n
[...]
0000578855 00000 n
116 15
0000578882 00000 n
[...]
0000713877 00000 n
132 34
0000714132 00000 n
[...]
0000853009 00000 n
167 70
0000853235 00000 n
[...]
0001003374 00000 n

Also there are no mappings for object numbers 2, 3, 50, 66, 85, 115, 131, and 166.

Thus, you should ask the source of your documents to provide PDFs without such errors for signing.

If you also were responsible for the first signature, you could repair the original PDF. But as you are only responsible for the second one, the error is burnt into the PDF.

Yeah!Your analysis enlighten me,But i have two questions:
①Why does the final signature validate check was successful expect for others！

②I have analogous problems that pdf cross-reference is consecutively.And what cause of this issue?The attachment see below.

Yeah!Your analysis does make sense for me,but i have two questions:
1.why does the final signature check validate successfully other than previous signature?

2.I have a pdf document with consecutive cross-reference and result is similar to this case.the attachment see below!

1.why does the final signature check validate successfully other than previous signature?

The problem occurs when Acrobat checks whether incremental updates after the signed revision contain disallowed changes. But there are no incremental updates after the final signature in your document. Thus, Acrobat does not execute that check for that final signature and, therefore, does not stumble there.

2.I have a pdf document with consecutive cross-reference and result is similar to this case.the attachment see below!

The cross reference problem identified in your original document is very often the cause of these troubles but not always, other details may also trigger it.

I'll take a look at your attachment and try to identify the cause. (I cannot promise anything, though, the Adobe Acrobat algorithms used here are proprietary and closed source after all...)

Thanks for your support!And i can't wait for your analysis about this question!

Concerning your new attachment: It has a broken AcroForm structure. Page 1 references numerous form field widgets with merged-in form fields but the Fields array in the AcroForm object is empty (in the original revision) or only contains signature fields (in the signed revisions).

Adobe Acrobat repairs this in its internal representation of the document when loading the PDF. The check for disallowed changes in incremental updates after a signature reacts strongly to such repairs...

So how can we avoid this case in signature process?It takes account of law affair。

Well, as mentioned, the test for disallowed changes in incremental updates is proprietary and closed source. Furthermore, I would assume that the influence of error corrections in the PDF loading process on this test result is accidental, an unplanned side-effect. As such, these influences surely are subject to change without notification.

Thus, you cannot effectively avoid such cases in the signing process.

(There is an ETSI group working on revised rules on allowed and disallowed changes that allow standardized tests. Unfortunately, though, they decided to use Adobe's algorithm as a starting point, but Adobe did not get around for over a year to provide information on that algorithm; probably the ETSI group is waiting still. So I would not hold my breath waiting for these revised rules and implementations thereof...)

As an aside, though, using Adobe as validation tool to take account of law affairs in my eyes is a bad idea: Adobe's validation is too much a one-size-fits-all approach which in particular ignores lots of errors in signatures themselves. It usually can be used to get a first impression on validity but errs often in either direction.

Yeah.once the PDF is signed，the PDF gets locked for further editing.

below figure shows the previous signature pdf document properties:

The program sign the other PDF document sequentiallly cannot invalidate the previous signature but expect for this document.

Once the PDF is signed and the signature process is complete, the PDF gets locked for further editing. Even adding new signatures is not allowed. If somehow you sign the already signed PDF it will eventually invalidate the previous signature.

This is not correct, at least not in this generality.

When Adobe Acrobat 9 was introduced, Acrobat validation policies changed considerably to nearly what we have today. Before that nearly any change in an incremental update was accepted and merely warned or informed about. Since then, though, only a very limited set of changes has been allowed, see this stack overflow answer with references. At the start adding new signature fields in particular was forbidden for PDFs which already were signed with a certification signature but allowed for signatures only signed with an approval signature.

Meanwhile this has changed a bit, now adding signature fields is allowed even for PDFs with certification signatures unless they are certified with no-changes-allowed.

Hi there

We are sorry for the trouble. You may share your request/feedback to the engineering team using the link https://www.adobe.com/products/wishform.html

Regards

Amal

The issue arises because Adobe Acrobat detects changes in the document after it was initially signed. Even minor alterations, like metadata updates or invisible changes, can cause this.

While the steps you enumerate generally are a good approach, the issue with the example PDFs at hand differs, see the answers above.