cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
2
Upvote

Invalidated first signature for PDF\A 2-B document after addition of the signature timestamp

VLADIMIR32729610icok
New Here ,
Oct 05, 2023 Oct 05, 2023

Dear Adobe team,


we have an issue with the PDF\A 2-B document. We have the following flow:

  1. the document is created with a custom metadata
  2. the document is signed with the ETSI signature (at this moment signature is OK - there is only root certificate trust problem)
  3. timestamp is added to the document (at this moment the first signature is validated as altered or corrupted. Please see an attached screenshot)


This kind of behavior in the validation process we can see only in the Acrobat Reader. We have tried other tools to validate the signature and timestamp as well. In that validation tools we see positive validation result of the first signature. We have also used reference validation tool of EU https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/home. We have also doublechecked if a binary content has been changed after adding timestamp.

Versions of Acrobat Reader are as follows:
Continuous Release: Version 2023.006.20320 64bit
Core Version: 23.1536 64bit
Version File: 23.006.20320.0
AGM Version: 7.001.00001 64bit
CoolType Version: 8.003.00002 64bit
JP2K Version: 4.000.00000.52671 64bit

Please find the sample document attached.

TOPICS
PDF , Security digital signatures and esignatures
748
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
1 ACCEPTED SOLUTION
MikelKlink
Advocate ,
Oct 05, 2023 Oct 05, 2023
LATEST

The issue essentially is the same as in this threadthis thread, and this thread (and other answers elsewhere referenced from there): There is a small error in the original version of the document that usually is ignored by PDF viewers (including Acrobat) but that makes Acrobat reject signatures not covering the full document.

The original revision of your document claims to have been generated by Aspose.PDF for .NET 22.6. Aspose PDF components at least since version 11 have had the issue that they created broken object cross reference tables, see for example this thread on the Aspose support forum. There Aspose personal claimed for different 17.x versions that the bug had been fixed but at least for some versions 19.x the bug has been observed again and now also for 22.x in your case.

The current Aspose.PDF version appears to be a 23.x. Possibly they meanwhile do have fixed the issue for good. Thus, you may want to try updating to a current Aspose.PDF version for creation of the original revision. If that doesn't help, consider applying the first signature not as incremental update. 

 

The error in detail:

The cross reference table section of the first revision of your document consists of multiple subsections:

xref
0 80
0000000000 65535 f
...
0001951497 00000 n
81 27
0001951519 00000 n
...
0001952148 00000 n

Furthermore, there is an object numbers in the applicable range without any mapping: 80.

According to the PDF specification, though, for a PDF file that has never been incrementally updated, the cross-reference section shall contain only one subsection, whose object numbering begins at 0, and the cross-reference table (comprising the original cross-reference section and all update sections) shall contain one entry for each object number from 0 to the maximum object number defined in the PDF file, even if one or more of the object numbers in this range do not actually occur in the PDF file.

 

View solution in original post

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 2 Replies 2
latest latest Jump to latest reply
VLADIMIR32729610icok
New Here ,
Oct 05, 2023 Oct 05, 2023
 
Preview
136 KB
Preview
2102 KB
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
MikelKlink
Advocate ,
Oct 05, 2023 Oct 05, 2023
LATEST

The issue essentially is the same as in this threadthis thread, and this thread (and other answers elsewhere referenced from there): There is a small error in the original version of the document that usually is ignored by PDF viewers (including Acrobat) but that makes Acrobat reject signatures not covering the full document.

The original revision of your document claims to have been generated by Aspose.PDF for .NET 22.6. Aspose PDF components at least since version 11 have had the issue that they created broken object cross reference tables, see for example this thread on the Aspose support forum. There Aspose personal claimed for different 17.x versions that the bug had been fixed but at least for some versions 19.x the bug has been observed again and now also for 22.x in your case.

The current Aspose.PDF version appears to be a 23.x. Possibly they meanwhile do have fixed the issue for good. Thus, you may want to try updating to a current Aspose.PDF version for creation of the original revision. If that doesn't help, consider applying the first signature not as incremental update. 

 

The error in detail:

The cross reference table section of the first revision of your document consists of multiple subsections:

xref
0 80
0000000000 65535 f
...
0001951497 00000 n
81 27
0001951519 00000 n
...
0001952148 00000 n

Furthermore, there is an object numbers in the applicable range without any mapping: 80.

According to the PDF specification, though, for a PDF file that has never been incrementally updated, the cross-reference section shall contain only one subsection, whose object numbering begins at 0, and the cross-reference table (comprising the original cross-reference section and all update sections) shall contain one entry for each object number from 0 to the maximum object number defined in the PDF file, even if one or more of the object numbers in this range do not actually occur in the PDF file.

 

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
About Adobe Acrobat
Adobe Acrobat Learn & Support
Open in a new window
Adobe Inc
Whats new in Acrobat DC
Open in a new window
Adobe Inc
Plan and Pricing
Open in a new window
Adobe Inc
Adobe Acrobat features and tools
Open in a new window
Adobe Inc
Adobe Acrobat Feature & Workflow
Edit PDFs
Open in a new window
Edit Scanned PDFs
Open in a new window
PDF Forms
Open in a new window
Sign a PDF
Open in a new window
FAQs
How to Edit Scanned or Secured document
Open in a new window
Rotate | move | delete and renumber PDF pages
Open in a new window
Acrobat download and installation help
Open in a new window
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices