Uploaded image for project: 'PDFBox'
  1. PDFBox
  2. PDFBOX-3767

Signature content : byterange vs dictionnary

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Signing
    • Labels:
      None

      Description

      Hello,

      An user reported us an issue in the validation of pdf signatures.

      The source of the problem was the signature content retrieving. PDFBox (Adobe Reader has the same problem) retrieves the signature content with the byterange (PDSignature.getContent(byte[] pdfFile)).

      On the DSS side, I will replace the behavior like this

      COSDictionary dict = pdSignature.getCOSObject();
      COSString item = (COSString) dict.getItem(COSName.CONTENTS);
      byte[] cms = item.getBytes();
      

      I'd like to know your opinion on this point. Shouldn't you fix/improve in PDFBox too ? The byterange can easily be altered and signature(s) can be hidden,...

      Thanks in advance for your feedback.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              pvandenbroucke Pierrick Vandenbroucke
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: