• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers

Digital Sign verification after append a new page in Signed PDF

New Here ,
Aug 23, 2021 Aug 23, 2021

Copy link to clipboard

Copied

I have a issue In multiple Digital Signature in PDF File using USB Token. I am using open source dll itextSharp for digital Sign and i am trying to multiple Sign in PDF File.
In this scenario user (A) have sign a single page PDF File, and after that append or merge another page in same PDF file and  user (B) Sign in another page sucessfuly. but in this case only one signature is verfied other one is unverfied.

So above scenario how we can verify digital Signature in PDF file after append new page?

 

UnverfiedSignature.jpeg

TOPICS
Windows

Views

40

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Aug 24, 2021 Aug 24, 2021

Copy link to clipboard

Copied

Your scenario cannot work. Everything in digital signatures is designed to make this impossible.

 

Why? Imagine a digitally signed contract to buy a house. Now imagine allowing an extra page to be added to the contract, which would mean the house returned to its original owner after a year. The signature is specifically designed to protect against the fraud of changed contracts, and so it must block it.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Enthusiast ,
Aug 24, 2021 Aug 24, 2021

Copy link to clipboard

Copied

LATEST

On one hand, as Test Screen Name already has hinted at, only a small set of changes is allowed to a signed PDF and appending or merging another page surely is not in that set. For some backgrounds read this stack overflow answer.

 

And on the other hand there is an additional issue: "SigDict /Contents illegal data" indicates that you did not apply the changes to the signed document as an incremental update (in iText lingo: in append mode). Thus, you also changed the bytes in the signed byte ranges and so invalidated the signature, no matter what you actually added to the document.

 

Thus, you have to restrict yourself to the allowed changes to a signed document and you have to apply those changes as incremental update.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines