Uploaded image for project: 'PDFBox'
  1. PDFBox
  2. PDFBOX-3173

Signature dictionary is not decrypted in encrypted files

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.8.10, 1.8.11, 2.0.0
    • 1.8.11, 2.0.0
    • Crypto, Signing
    • None

    Description

      Changes in PDFBOX-2801 and PDFBOX-2469 result in the signature dictionary not being decrypted in encrypted files. Because these aren't visible signatures, this is noticed only when looking at the signature dictionary in PDFDebugger.

      See also this thread in the dev mailing list:
      https://mail-archives.apache.org/mod_mbox/pdfbox-dev/201512.mbox/browser

      Example files:

      • PDFBOX-2711
      • 045697.pdf
      • 050289.pdf
      • 070413.pdf
      • 346444.pdf

      I hit that problem while wondering what to do about PDFBOX-2729, and wondered why the "too good to be true" solution of Gladkovsky Gleb worked at all, because his solution did encrypt the signature parts.

      I did not find anything in the "32000" spec that the signature dictionary is not to be encrypted.

      From Maruan Sahyoun:

      From ISO32000-2:

      Encryption applies to all strings and streams in the document's PDF file, with the following exceptions:

      The values for the ID entry in the trailer

      Any strings in an Encrypt dictionary

      Any strings that are inside streams such as content streams and compressed object streams, which themselves are encrypted

      Any hexadecimal strings representing the value of the Contents key in a Signature dictionary

      Attachments

        1. 045697.pdf
          145 kB
          Tilman Hausherr
        2. 050289.pdf
          2.29 MB
          Tilman Hausherr
        3. 070413.pdf
          1.32 MB
          Tilman Hausherr
        4. 346444.pdf
          47 kB
          Tilman Hausherr
        5. Sample_DocTimestamp.pdf
          64 kB
          Thomas Chojecki

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            tilman Tilman Hausherr
            tilman Tilman Hausherr
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment