Signature cause "invalidation" of previous sigs

Report · Nov 29, 2022

I have a pdf with a valid signature (written with my own routines). Adobe says "valid".
If I add another signature, the Adobe acrobat (newest version) shows first sig invalid.
My verification says "valid", Foxit-Reader says "valid", the DSS Demonstration WebApp page from the EU says "valid".
So, what can cause the "invalid"-info in Adobe?

The pdf was created with libreoffice writer 7.4
The xref of the original pdf is not segmented
I didn't make any changes between the signatures
The first signature don´t use restrictions (DocMDP, etc), also the pdf didn't
If I click "view signed version" and the report I got some issues (see picture)

Can someone give me a hint/ where I need to look at?

Bernd

Report · Dec 06, 2022

Please share an example PDF that illustrates the issue, both before and after your second sigature.

(You already mentioned the obvious hints, so you are aware of the usual snares and pointing you to them won't help you.)

As you mention the newest version of Adobe Acrobat - do slightly older versions not declare the first signature invalid?

Report · Feb 16, 2025

Hello,

I would like to share some information regarding this issue.

I am a developer working on e-signature applications, and my applications, which have been running without any issues for a long time, suddenly started throwing errors.

It took a while to understand the root cause because, while all other applications recognized the signatures as valid, Adobe Reader/Acrobat marked all signatures after the first one as invalid and only considered the last signature as valid.

After extensive trial and error, I discovered that this issue occurs when a PDF is generated by merging multiple documents and at least one of those documents contains a comment or annotation.

Once I identified the problem, the only workaround I could find was to open the affected PDF (where signatures are shown as invalid), add a comment to a page, and then cancel it without filling it. Doing so prompts Adobe to revalidate the signatures, after which all signatures appear as valid. However, you must first manually click the Validate button for this to take effect.

I believe this is a bug.

Attached images (error_1, 2, 3, 4, 5)

Report · Mar 11, 2025

Hi @AppsecTeam,

Hope you are doing well. Thanks for writing in!

Would you mind updating the app to the latest version (2025.001.20432) and let us know if the issue is fixed for you?

To do so, go to Menu-> Help-> Check for Updates.

If the issue persists, please share a screen recording video of the entire event so we can take this further with the devs for investigation.

Look forward to hearing from you.

Regards,
Souvik.

Report · Mar 13, 2025

Unfortunately, the latest update did not resolve the issue. To provide an additional detail, I can confirm that the problem is specifically related to the "outline/bookmark" feature mentioned in the documentation.

If the "outline/bookmark" is removed manually or via software before signing, the signing process completes without any issues, and subsequent signatures do not invalidate the previous ones.

I am unable to determine whether this issue originates from Adobe or the signing library, iText. Despite conducting several tests on the open-source version of iText, I have not been able to resolve the problem.

For now, I am proceeding with a temporary workaround by removing the outline sections before signing.

P.S. : I am researching how other libraries handle this issue. It seems that the Java versions do not have this problem—likely because they correctly calculate the outline section and process it accordingly. However, the .NET version appears to be problematic.

Report · Mar 13, 2025

I remember having once seen issues in this context if an outline entry pointed to a high-level structure element (I don't remember if it was in a Dest or in a SE entry).

When visually signing a tagged PDF, iText adds (or at least used to add) structure elements for the signature widget appearance, and if those added structure elements were underneath a structure element pointed to by an outline entry, Acrobat considered this a disallowed change.