cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

Comment causes signature validation failure

alex_schmid
New Here ,
Sep 27, 2016 Sep 27, 2016

Hi all,

I am writing a C++ signature library which works fine so far, what means that Adobe Reader 2015.017.20053 shows the signature toolbar, including the green sign and "Signed and all signatures are valid".

Now, I add a comment line to the document before signing it with my library.

The signing algorithm and calculation of input data for the signature calculation stays as-is (so the comment is included in that data).

The comment breaks the signature verification, because now Adobe reader says "At least one signature is invalid", and in the signature panel it says "There are errors in the formatting or information contained in this signature  (The signature byte range is invalid)".

Is there a special rule how to handle comments in signature calculation?

Or does Adobe reader verify those documents differently? Is there maybe a bug?

TOPICS
Acrobat SDK and JavaScript
1.9K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Test Screen Name
LEGEND , Sep 27, 2016 Sep 27, 2016

Aha! The insertion of comments between the startxref lines and %%EOF is specifically forbidden by a very specific rule that describes exactly what the two lines before %%EOF must be (see the Syntax > File Structure > File Trailer section of the spec). Of course not all readers will verify that this is done exactly right.

Translate
replies 7 Replies 7
latest latest Jump to latest reply
Test Screen Name
LEGEND ,
Sep 27, 2016 Sep 27, 2016

Have you confirmed that the commented PDF is error free? What technique do you use to add the comment?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
alex_schmid
New Here ,
Sep 27, 2016 Sep 27, 2016
In Response To Test Screen Name

Hi TestScreenName,

thanks for your quick response. About your questions:

  1. How could I confirm that the commented PDF is error free?
    At least, it´s displayed by Adobe Reader without further comments/warnings (except that its signature is invalid).
  2. About the technique:
    I let my library print the PDF document to a temporary buffer
    Then the comment is inserted into this buffer (before the %%EOF mark). The comment is about 90 chars long, one line, delimited by the newline character
    The signature is calculated afterwards over the temporary buffer.
    This mechanism works fine when I do not add the comment line.
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Test Screen Name
LEGEND ,
Sep 27, 2016 Sep 27, 2016

1. The key thing would be to ensure that the file does NOT need to be repaired. Open it in Acrobat (NOT READER). Immediately close. If there is a save prompt, it needed repairing. However, I suggest this test on the file you present for signing - the unsigned file as well as on the signed file. If the file needs repairing, the repair will invalidate all the hashes.

2. This worries me. It does not sound viable, even though I know comments are permitted in the standard. Normally I'd just say it isn't viable because any editing tool may delete them - even a Save as will do so. But, coupled with the signature, that's detectable. Just seems unsafe to do that rather than use the object tree in the approved way.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
alex_schmid
New Here ,
Sep 27, 2016 Sep 27, 2016
In Response To Test Screen Name
  1. I opened both documents with Adobe Acrobat X and there´s no save prompt when immediately closing them.
    So I suppose the files are OK.
  2. Well, I currently have to fulful a requirement which explicitly requires the usage of comments. So I cannot choose a different solution.
    On the other hand, comments are part of the standard so why should using them break something.
    I have the suspicion that comments may be handled differently on signature validation than other parts of the document.
    For example, chapter 7.2.3 of the PDF standard v.1.7 says:
    'A conforming reader shall ignore comments, and treat them as single white-space characters'
    So maybe the reader uses a whitespace instead of the comment for signature validation?
    Unfortunately, there´s no documentation on this topic which would either approve or disapprove this suspicion.
    Do you have any knowledge about how validation, especially of comments, works?
  3. Are you aware of any tracing/debug output that can be enabled in Acrobat or Adobe Reader that will reveal more detailed info why it thinks the signature is invalid?
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Test Screen Name
LEGEND ,
Sep 27, 2016 Sep 27, 2016

Aha! The insertion of comments between the startxref lines and %%EOF is specifically forbidden by a very specific rule that describes exactly what the two lines before %%EOF must be (see the Syntax > File Structure > File Trailer section of the spec). Of course not all readers will verify that this is done exactly right.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
alex_schmid
New Here ,
Sep 27, 2016 Sep 27, 2016
In Response To Test Screen Name

You´re great!

Placing the comment BEFORE the trailer block did the trick. Now Adobe reader reports 'signature valid' again.

It´s a pity that Adobe reader does not tell the user that there is a violation of the PDF standard when it is confronted with the comment before the %%EOF mark...

I will do a try-out to see whether it also works when I insert the comment e.g. at the beginning of the document or inside an object.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Test Screen Name
LEGEND ,
Sep 27, 2016 Sep 27, 2016
LATEST

Years ago, Acrobat would detect and report certain kinds of error from which it could recover (like bad page streams). For some reason, it now just stops processing the page with no error message at all, perhaps showing partial content. I don't like that. Certainly, Acrobat isn't any kind of validator (except, of course, of signatures).

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices