Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
Hello,
An user reported us an issue in the validation of pdf signatures.
The source of the problem was the signature content retrieving. PDFBox (Adobe Reader has the same problem) retrieves the signature content with the byterange (PDSignature.getContent(byte[] pdfFile)).
On the DSS side, I will replace the behavior like this
COSDictionary dict = pdSignature.getCOSObject();
COSString item = (COSString) dict.getItem(COSName.CONTENTS);
byte[] cms = item.getBytes();
I'd like to know your opinion on this point. Shouldn't you fix/improve in PDFBox too ? The byterange can easily be altered and signature(s) can be hidden,...
Thanks in advance for your feedback.