Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

Signing PDF twice, the first signature becomes invalid

 
Ranch Hand
Posts: 105
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello, I need to sign PDF twice (for the testing purpose with the same certificate , I hope it does't matter) .  The PDF is a report from Jasper Server.
This is my code

But the resulting PDF after the second signing has its first sign always invalid. I lived in hope, that the solution lies in the last parameter of setVisibleSignature
which must differ ("S1", "S2") or be null but it makes no difference.
Please somebody help me , thanks.

JN, Czech rep.


 
Saloon Keeper
Posts: 24557
168
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
One thing that always needs to be clear when talking about "signing PDF"s is which type of signature you are referring to: a literal graphic human signature or a digital document signature. I've been confused more than once trying to chase down stuff like that.

I'm taking this case to be a digital signature.

A digital signature (PDF or otherwise) is computed by applying an algorithm to all the bytes in the document such that when all bytes - including the signature bytes are computed, the result is a definite value (for example, they all "checksum" to a result of 0).

If you sign over the signed document, adding a second signature, you have invalidated the first signature because when ALL of the document bytes go through the signature algorithm - including boh signatures - the first signature no longer computes to the "OK" value.

A signature is a means of detecting tampering with a document. You might not think of signing a signed document as "tampering", but technically, it is!
 
Jiri Nejedly
Ranch Hand
Posts: 105
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I see, it makes sense, it is really digital signature.

Our customer argues, that he has a document which has two digital signatures and both are valid. But I see one big difference - his document has a few prepared signing fields.
Probably his document was created by some sophisticated PDF editing application. I am afraid that Jasper Server won't be able to do that.

Otherwise I googled this https://stackoverflow.com/questions/62271473/multiple-signings-in-pdf-file-using-itext and from the communication there
I had a notion that multiple digital signing is possible.
 
Tim Holloway
Saloon Keeper
Posts: 24557
168
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, again, since the signature covers every byte of the document, including itself, the only way to have multiple signers is if they all contribute to the base signature at the time of signing.

On the other hand, the end of that post mentions something called "Approval Signatures". I'd expect them to work something like this:

You give me a signed document. I review and accept it. I add an Approval Signature that contains a personal signature key that identifies me and no one else. I pass it on and others do the same.

The end of the chain where that multiple people have signed off. I can now validate both the primary signature and the Approval signatures by locating the original document/signature embedded within the approved document.

I could carry this further for "fill in the form/graaphic signature overlay" mods to the document by tying the mods to an Approval Signature.

Needless to say, no modifications are possible to the core document, since that would invalidate the whole purpose of signing. Mods would have to be overlays and clearly indicated as such.

How much of this sort of infrastructure is actually supported. I leave as an exercise for you. And I wouldn't be surprised to discover that only Adobe has tools to handle the complete functionality. But it's something I think you'd want to pursue.
 
Saloon Keeper
Posts: 13394
296
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Don't quote me on this, but I believe that PDFs DO have a mode where every set of changes is stored in a separate block of data that is appended to the original document. Theoretically it's possible to sign the original document, and then sign the document a second time by storing the second signature in a new change set.

I went through the PDF spec once, and I'm pretty sure there was a way of telling PDF editors that they must maintain the integrity of each individual change set seperately, exactly because digital signatures must not be invalidated.
 
Tim Holloway
Saloon Keeper
Posts: 24557
168
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:Don't quote me on this, but I believe that PDFs DO have a mode where every set of changes is stored in a separate block of data that is appended to the original document. Theoretically it's possible to sign the original document, and then sign the document a second time by storing the second signature in a new change set.

I went through the PDF spec once, and I'm pretty sure there was a way of telling PDF editors that they must maintain the integrity of each individual change set seperately, exactly because digital signatures must not be invalidated.



I dunno. I did some searching and came up blank. PDF's are known for 2 things: Absolute precision in layout and (relative) immutability.

In fact, I did find something on multiple signing and it appears we may have done Adobe too much credit.

https://support.globalsign.com/aatl-document/multiple-signatures-adobe-acrobat-xi

Of especial note:

Adobe wrote: In order to place multiple signatures on a PDF, each signature field must be pre-placed before any signing takes place



It looks like I got it backwards. You add the approval signatures first then a final signature to seal it.

 
Jiri Nejedly
Ranch Hand
Posts: 105
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks everybody for your comments. Our customer made some concessions. It will suffice for him, if in the moment of second signing, the first signature will be removed and then second added. It was solvable for us to do it in java code. But another requirement came - to change digital signature (by certificate) appearance.  Would it be possible to NOT show validity state icon at all, meaning the red cross or green check mark but mainly the yellow question mark which is showed in internet browsers ?  Thanks.
 
Tim Holloway
Saloon Keeper
Posts: 24557
168
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I  can't really guess at what this means. For one thing I don't know what "yellow" would mean, since a document has to be either authentic or it's not. For another, I think you're referring to a program that I'm probably not using (and maybe cannot use).

There are 3 or 4 different PDF Viewer applications that came pre-installed on my tableyt device, each having its own characteristics. My desktop machine has 3, I think, depending on whether the Adobe Reader is installed these days - usually I use Evince.

For many years it wasn't even allowable to display a PDF in a Windows Internet Explorer window. The patents for that capability were owned by a company that sued Microsoft for half a billion dollars - and won. I guess that since unlike modern copyrights, patents do expire before the Sun goes dark, eventually Microsoft just took advantage of the expiration. Incidentally, PDF's in Linux web browser windows were legal for all those years as the patent-holder expressly granted it there.

In most PDF browsers (that I know of), no visible stamp of authenticity displays by default. Instead you have to check via the app's Document Properties menu/command.

So in the end, I'm unclear what the user wants. And even less certain that it's a valid want. But that never stopped a user.
 
Tim Holloway
Saloon Keeper
Posts: 24557
168
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Addendum. Are you sure that the user isn't confusing the vouching of a document signrature for the badge that a browser displays as to the level that the website that the document came from is vouched for? Because a fully-vouched server can serve up a bogus document and get a "green" badge and a totally uncertified webapp server can serve up a digitally authentic document.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic