Details
Major Description
Changes in PDFBOX-2801 and PDFBOX-2469 result in the signature dictionary not being decrypted in encrypted files. Because these aren't visible signatures, this is noticed only when looking at the signature dictionary in PDFDebugger.
See also this thread in the dev mailing list:
https://mail-archives.apache.org/mod_mbox/pdfbox-dev/201512.mbox/browser
Example files:
PDFBOX-2711- 045697.pdf
- 050289.pdf
- 070413.pdf
- 346444.pdf
I hit that problem while wondering what to do about PDFBOX-2729, and wondered why the "too good to be true" solution of GGlad worked at all, because his solution did encrypt the signature parts.
I did not find anything in the "32000" spec that the signature dictionary is not to be encrypted.
From msahyoun:
From ISO32000-2:
Encryption applies to all strings and streams in the document's PDF file, with the following exceptions:
The values for the ID entry in the trailer
Any strings in an Encrypt dictionary
Any strings that are inside streams such as content streams and compressed object streams, which themselves are encrypted
Any hexadecimal strings representing the value of the Contents key in a Signature dictionary