Uploaded image for project: 'PDFBox'
  1. PDFBox
  2. PDFBOX-3173

Signature dictionary is not decrypted in encrypted files

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.8.10, 1.8.11, 2.0.0
    • Fix Version/s: 1.8.11, 2.0.0
    • Component/s: Crypto, Signing
    • Labels:
      None

      Description

      Changes in PDFBOX-2801 and PDFBOX-2469 result in the signature dictionary not being decrypted in encrypted files. Because these aren't visible signatures, this is noticed only when looking at the signature dictionary in PDFDebugger.

      See also this thread in the dev mailing list:
      https://mail-archives.apache.org/mod_mbox/pdfbox-dev/201512.mbox/browser

      Example files:

      • PDFBOX-2711
      • 045697.pdf
      • 050289.pdf
      • 070413.pdf
      • 346444.pdf

      I hit that problem while wondering what to do about PDFBOX-2729, and wondered why the "too good to be true" solution of Gladkovsky Gleb worked at all, because his solution did encrypt the signature parts.

      I did not find anything in the "32000" spec that the signature dictionary is not to be encrypted.

      From Maruan Sahyoun:

      From ISO32000-2:

      Encryption applies to all strings and streams in the document's PDF file, with the following exceptions:

      The values for the ID entry in the trailer

      Any strings in an Encrypt dictionary

      Any strings that are inside streams such as content streams and compressed object streams, which themselves are encrypted

      Any hexadecimal strings representing the value of the Contents key in a Signature dictionary

        Attachments

        1. 045697.pdf
          145 kB
          Tilman Hausherr
        2. 050289.pdf
          2.29 MB
          Tilman Hausherr
        3. 070413.pdf
          1.32 MB
          Tilman Hausherr
        4. 346444.pdf
          47 kB
          Tilman Hausherr
        5. Sample_DocTimestamp.pdf
          64 kB
          Thomas Chojecki

          Activity

            People

            • Assignee:
              tilman Tilman Hausherr
              Reporter:
              tilman Tilman Hausherr
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: