Comparing a signed PDF to an unsigned PDF using document hash

Question

After extensive google searches, I\'m starting to wonder if I\'m missing the point of digital signatures in some way.

This is fundamentally what I believe I should be ab

Answer 1

A strategy of verifying the integrity of a signed PDF:

1. Don't send out an unsigned PDF in the first place. Using iText (Java version for linux-friendly applications), sign and certify the document using CERTIFIED_FORM_FILLING.

2. Get the end-user to add their signature to a form field and send it back. This can be done because changes to the form won't break the document certification.

3. Validate both signatures and the document certification.

You should be able to figure out how to do all of this from the iText documentation: http://itextpdf.sourceforge.net/howtosign.html

All you would need to do to verify that a certified document is the same as an original would be compare the document metadata to the original. The title comes to mind as a potentially good candidate.

To get the title from a pdf to compare using iText you would just use this code:

PdfReader reader = new PdfReader("AsignedPDF.pdf");
string s = reader.Info["Title"];