PDF/A signed with iText7 allows changing attached documents without breaking a signature

大城市里の小女人 提交于 2019-12-02 04:06:33

To understand what happens here you have to know that there are multiple ways to save changes to a PDF:

  • You can simply save the manipulated PDF like a whole new document. Doing so will usually change the signed bytes making the Integrity check you ran fail.

  • Or you can add the changes as a so-called incremental update, i.e. append them to the PDF. Doing so will not change the signed byte range making the integrity check you ran succeed.

In your case the edit has been saved using an incremental update. This does not change the signed bytes; thus, the integrity check will succeed because it only checks whether the signature still correctly signs the originally signed byte ranges.

The coverage check (your signatureCoversWholeDocument call) on the other hand informs you that the signature in question does not cover the whole document anymore. Thus, you know that changes have been appended as incremental updates.

Unfortunately iText does not yet offer a high level API to determine the nature of the changes introduced by an incremental update (the iText low level APIs can be used as a base upon which to implement such an API, though).

For some backgrounds on integrated PDF signatures you may want to read this answer and the documents referenced from there.

I would expect the WHOLE document to be locked for changes (apart from filling forms or annotations if those are allowed).

Technically you can add any kind of changes in an incremental update. Incremental updates are not only for use in storing allowed changes to signed documents, they can be used without signatures, too, e.g. to keep a revision history in the PDF or (saved separately) to allow resource efficient storage of PDF edits on WORM devices.

Thus, to determine whether changes to a PDF are allowed or not, the validator has to analyze the additions in the incremental updates.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!