user3362334
Reputation: 2180
PDF signature ignored by Acrobat but visible in other validation tools
We're making a webapp whose one of the functionalities is to make PaDES signature. The code is too big to share here, but here is how the workflow looks like:
- PDF is prepared for signing by doing all the necessary transformations in browser
- Digest is calculated using the chosen algorithm
- Digest is sent to the backend were the detached CaDES signature is made using the DSS library
- The detached signature that is generated on the backend is sent back to the browser to be inserted into the prepared PDF to make a PaDES signature
The solution is working good, for most of the PDF files. However, there are some files in which Acrobat doesn't display the signature as if it doesn't exist, but when trying to do the verification with our webapp (which uses DSS in the backend for verification) everything is displayed fine. It is also displayed fine when checking it with the DSS online verification tool.
Here are the most relevant parts of the signed PDF:
1 0 obj
<</AcroForm<</Fields[1057 0 R] /SigFlags 3>>/Type /Catalog /Pages 3 0 R
/Dests 8 0 R
/Metadata 1056 0 R
>>
.
.
.
1057 0 obj
<<
/FT /Sig
/Type /Annot
/Subtype /Widget
/F 132
/T (Signature1057)
/V 1059 0 R
/P 3 0 R
/Rect [335.17360432942706 796.500010172526 535.173604329427 746.500010172526]
/AP <<
/N 1060 0 R
>>
>>
endobj
.
.
.
1059 0 obj
<<
/Type/Sig
/Filter/Adobe.PPKLite
/SubFilter/ETSI.CAdES.detached
/Name (Name)
/ContactInfo ()
/Location (Location)
/Reason ()
/M (D:20200813165733+02'00')
/Contents <3082104b06092a864886f70d010702a082103c30821038020101310f300d06096086480165030402010500300b06092a864886f70d010701a0820d57308206e2308204caa003020102020944e5524cc00bede260300d06092a864886f70d01010b0500304a310b30090603550406130252533110300e06035504070c0742656f67726164310f300d060355040a0c064e65745365543118301606035504030c0f436c6f7564204341204e6574536554301e170d3139313231383133343231395a170d3232313231383133343231395a30819d310b3009060355040613025253310f300d06035504080c065365726269613111300f06035504070c0842656c6772616465310e300c06035504110c053131303730311a301806035504090c1150617269736b65206b6f6d756e652032343112301006035504040c095261646f7365766963310f300d060355042a0c064e696b6f6c613119301706035504030c104e696b6f6c61205261646f736576696330820122300d06092a864886f70d01010105000382010f003082010a0282010100cf2e36a81919b993cb52b88235a258b2b008a770862a42c1724e9652826a6394bf2426ca450946bb3726306162474e75003d532182b3fe492e099503a11e10429624611998ac2ff0942f729d3d275228bdcee172ffab42fb10509aa796cad95fd79a82fc8ee29f74c4ca0d76aa64f6f16d5b6f5c281eea870ea7054633a5b5b6eb06b7abbb60752f6cf5c17c3967e1d4b1a401d54d7579c256c04b9f7c293a7d9c8c566e4ad92c32574de1da9afcddb282506e2cf77de31c543f5291e439480705d246142d41e7566e92f1cf4115c286e88a7a3a564a9395cf64a2570fc691c74393907695d7c76a6317123a5342b0ea39239ba0e93a2c862e2eafe87a3064ad0203010001a38202753082027130090603551d1304023000300e0603551d0f0101ff0404030206c0301f0603551d2304183016801403e93e995d06eef7519b67deff9cea818009e456301d0603551d0e04160414e930d3083630ac3da05cefaf64efceb6256ddf5430400603551d1f043930373035a033a031862f687474703a2f2f7374617266697368746573742e6e6574736574676c6f62616c2e72732f636c6f756463612e63726c30819d06082b060105050701030101ff04818d30818a303a06082b06010505070b02302e060704008bec49010130238621687474703a2f2f63612e6e65747365742e72732f646f6b756d656e746163696a613008060604008e4601013008060604008e4601043016060604008e460102300c1303657572020100020203e8300b060604008e4601030201143013060604008e4601063009060704008e4601060130819806082b0601050507010104818b308188303b06082b06010505073002862f687474703a2f2f7374617266697368746573742e6e6574736574676c6f62616c2e72732f636c6f756463612e637274304906082b06010505073001863d687474703a2f2f706b7363612e6e6574736574676c6f62616c2e72733a383038302f6f6373702f726573706f6e6465722f706b73636c6f75646f6373703081960603551d2004818e30818b3027060604008b300101301d301b06082b06010505070201160f687474703a2f2f657473692e636f6d3027060604008b300102301d301b06082b06010505070201160f687474703a2f2f657473692e636f6d300b060704008bec4001023000302a06092a817a01690a040103301d301b06082b06010505070201160f687474703a2f2f6e656b692e636f6d300d06092a864886f70d01010b05000382020100269f2baeed5bc772c3606da57ebba2b4ef6a715d82c2018d5973edd74cc08bf9f266363f1ef3289e34060bce9b52463210cc36d5c8d87c7742b3c04b5227792391db8f686d19866f457c7e47a722d279619b35d7bf569cc2cf599fd13c81f938ce8b08f2d1eb2613e7259b8f59c0e34b5403246e94ef891b4293762677ccd9516f5e2ca36f4b7827f671b2463785bf8804454f2fc2a7de84114cf602d241040aad943d991198a3858a65acf1b468a9b006dc859ffaa46510d16253e72385d57535802288c9ddeb8114ebecdbc4e267d17e188c9cf4d7180b79a4b8bab89d03d6a5011e601f12fc2c132f33e8b872092a4dff6182e0b45536a23dfb2b7eeeffb34540e306c4d1e6e4d595086f76ecf5e2e1ab713a87a5785aea9eea518d391b8982893f2bae03a14ed13cbff25494713c1b79e6dbcdc50059f9df92b4000c597c499b0e654e7defb348ddcf35cb3f51ebb4d934b0395dcd7952a2ac1c1ab5dcc8271b21f54276c0da3a91a54dcf68d9b30c274e968c467d5b3f188535987ed8898444bc8779b405889c54960681863986ebccd4266ae3de4cebc0bf15f7d91bfb41708df87a95a6da46fb951b7b9aaffee53b38e75f582f9b851ea61685f1e60014264fc8bfcb31697653fa68c997cacb033fd4cafdffdfd9fb6d6a52027cc6680c1418d7902ddb11245cc006df2332234740d7d4579f56733308d97d9208e1803082066d30820455a003020102020917664a8436102867b6300d06092a864886f70d01010b05003049310b30090603550406130252533110300e06035504070c0742656f67726164310f300d060355040a0c064e65745365543117301506035504030c0e526f6f74204341204e6574536554301e170d3139313231373038343234355a170d3434313231363137333034355a304a310b30090603550406130252533110300e06035504070c0742656f67726164310f300d060355040a0c064e65745365543118301606035504030c0f436c6f7564204341204e657453655430820222300d06092a864886f70d01010105000382020f003082020a0282020100b47b0b9d976f18457719af6a147880e006ec1cd472bacc31a58327eb2aa7e162e0e113128b0a0bed1950a8ae0bff962f132928bd434a7e0c887c17e610f243ebda0419fa4b2fba4bda643796cf7d97a7e8e0b0828b383c850e95d87210dee367f64520ffbc093720658a899f9f988eb7a08d8bca0615e1b6e4fa058d0c1f00b7b2c09b05099aa193aec4e989bae4d59bfc9d044e281927fbb88e9d23cf9676c75b27890cf04de07a38b0d129fa1de1fd10cc360757738adc9bd9677bfea812aa8611729cf3a114cd6233ed9c4c705a10e5c6f03f7117bfeb04988c3d96a193e18506ddc44819db7d083bc0cdad8335bae0a7a44b2a56c404bb43c87673e9ab9ec321f341cbad17176ad77db663a20b676cc338c6b36e58aa13f1e61ad596ed176d9d2b0bdd36c3cabab22410607d62f97c8349877efabdaf16dce49ef4a67c7780b1bb30b9250bdb5fbdad84d56d43be3484ca6e5bdec3666a230ab5fec46b056beedc8b2e43bb6106f682d5026d3393d73f652f2a83db15d3ad4a5be9b7df0d04d8a0bcbbabc2f791c72ece6d3911936a9c3ea99d4b7f6f101d15ab45032f693fbef1a78d90b48de23ef3b70148c1833e563bcc9259677ed15f869dff111492bd986221082abdac1d0ce1d2c5683a25e4db27c849a818d8fe1cc01207345653305749878c6d09db0e3f04bdae444046a8294c640eafff35114b9f71a1e874750203010001a38201553082015130120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301f0603551d23041830168014e265e5d9a4b6b03700cd20a6d65b7140f1be4e5b301d0603551d0e0416041403e93e995d06eef7519b67deff9cea818009e456303f0603551d1f043830363034a032a030862e687474703a2f2f7374617266697368746573742e6e6574736574676c6f62616c2e72732f726f6f7463612e63726c304a06082b06010505070101043e303c303a06082b06010505073002862e687474703a2f2f7374617266697368746573742e6e6574736574676c6f62616c2e72732f726f6f7463612e637274305e0603551d200457305530530604551d2000304b302e06082b060105050702011622687474703a2f2f6e65747365742e72732f646f6b756d656e746163696a612e706466301906082b06010505070202300d0c0b4e657453657420646f6373300d06092a864886f70d01010b050003820201001ac4e839342cc09ec23dbb6f4e325b6e2f494d502fd6bda7095e4699f4b477464fb10898eff7a09d40c51fc9e3ad67f08ca9762955ce89b9d6076551618d665b65532b426c2101abad0f528a19aa9c18d99f71dbd8c9299cbb50b610867af26c3a59e9ed995677ab490a75d88fd2452dacfcb88b7520b500f54ab66eba612c082448dd51202cce3ea5084a8ccf8045dea6804d6a9d399414f2c86a012aa9beb5773d88e67056023e203a006e93080805ee3d7b57c8537217145be51c3c96583e981a0f10a3f31ffa914ea531caa3960baf02336a9ccf271439057217899e77d7d86b46bf02354abb7ba18578434a20918b4eb1d4b753947c07457a682d69f8938c5c25d80bc0cd24fc2b41bbe4ecb8ccbecdab68755706c9f9df462fe3266f1c1c6cbc405587db22e210d847c19210bfe1cbda5af5994a6651527a819ae27bd09de8359c50a7c80155978e17c32e64e6e191c3ee39f92e82699457b644a4b36e26bbfd803fc37b15d41f3bb855c3e199d01a26d6d6b97ea1b9fbc50964246449c6c580299884e741656ac907dc44f348b171b581ffd23bfd962ba42e7c89876ee3c5212a5dd1046ad5a5547fd762881b3045b809bc492317d73e9ebd9788028ab428a2178db972466c16b595002670f089154516f0cc17f6352575fe8d314b17fee1aa610c5e2a70c7c9f8f9880b1dc99a50d9ba9f4db469f7bc2c61af90ae4d318202b8308202b40201013057304a310b30090603550406130252533110300e06035504070c0742656f67726164310f300d060355040a0c064e65745365543118301606035504030c0f436c6f7564204341204e6574536554020944e5524cc00bede260300d06096086480165030402010500a0820132301806092a864886f70d010903310b06092a864886f70d010701301c06092a864886f70d010905310f170d3230303831333134353830325a302d06092a864886f70d0109343120301e300d06096086480165030402010500a10d06092a864886f70d01010b0500302f06092a864886f70d01090431220420e1e4ce48e389182ecc1ea924190b2ac21fe9a967542fd3d86db0ae1f63019575308197060b2a864886f70d010910022f318187308184308181307f04201e7237e91573f4cd8f76c4c57f2db25be8efe728f4f916cebee707c3bd23f512305b304ea44c304a310b30090603550406130252533110300e06035504070c0742656f67726164310f300d060355040a0c064e65745365543118301606035504030c0f436c6f7564204341204e6574536554020944e5524cc00bede260300d06092a864886f70d01010b050004820100c4d080863e1edce5cd5d7d8634e477ac6697e9e881b21fa4b6033a5b0d1fa8adf2afab5d972e4637bda97b49017308f78ff2329fbd16e31642d5f38f4fa27f44fbb50725c76bfb951cbd8f3b0a492bee6f0d9e7bc2ea41a7c67e97c3ea58deabcb5799d558c350822b4a2689ed1ff2991d9322a0b66574aa83e0d16607adff088a11723eff1ef0c5505e7f98b57ddbe3bb66b2cd94d1ab62b3f32cb8af80f3dcb6a13aeca316f0ac7c448884fa77fb01bf67be38fab46f9b40fe08202d118e56a1b5c0db45a4cf368aa3f586b585fd63805ec316b338498d8873be2c9e2663f880e48b99993ade775d3584d412222ae5014bdf064d83715cfb90d40be20aba910000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000>
/ByteRange [0000000000 0000220234 0000236618 0000022770]>>
endobj
.
.
.
trailer <<
/Size 1064
/Root 1 0 R
/Info 2 0 R
/ID [<a48978cd2c166094b3e771ab606ea301><531ccc430c71ee517274ec4d5f6e2c34>]
>>
Everything seems fine, but for some reason Acrobat is ignoring the signature. Here's the whole file if you'd like to take a look: https://easyupload.io/2lrfg8
Upvotes: 0
Views: 663
Answers (2)
mkl
Reputation: 96039
There are multiple errors in the signed PDF.
As @David in his answer mentioned, there are two Annots entries in the first page.
As I already wrote in a comment, the P entry of the signature (field and) widget object points to a Pages inner node of the page tree, not a Page leaf node.
The FRM form XObject has an error in its content stream:
q 1 0 0 1 0 0 cm /n2 Do Q\n(That "\n" is indeed a backslash and an 'n', not a newline character.)
There is a broken object 1062 containing stream content in the dictionary
1062 0 obj << /Length q 1 0 0 1 0 0 cm /img1 Do QThe cross reference offsets are incorrect, at least for the objects related to the signature.
If one fixes these issues by
- joining the two Annots entries into one,
- changing the P entry to point to the correct Page dictionary,
- removing that "\n" sequence,
- replacing the stream content in the dictionary by the actual stream length, and
- correcting the signature related cross reference entries,
Adobe Reader displays the signature; obviously as invalid, though, after all those repairs changed the file:
Thus,
Everything seems fine, but for some reason Acrobat is ignoring the signature.
as explained above there are many errors in the file, so Adobe Acrobat cannot be blamed for not showing your signature. So it's actually the other way around, any signature validation software that ignores that many errors and then still validates the signature without any warning, is buggy. Such errors might cause the file to display differently on different viewers, so the trustworthiness of the signature is limited. This could actually be used as another attack vector on PDF signature validation.
(Be aware, the errors mentioned above probably are not the only ones, merely those I stumbled over when analyzing the issue at hand.)
Upvotes: 2
David van Driessche
Reputation: 7046
There's definitely something wrong in your PDF. Behold one of the page dictionaries:
4 0 obj <<
/Type /Page
/MediaBox [0 0 595 842]
/Rotate 0
/Parent 3 0 R
/Resources <<
/ProcSet[/PDF /Text]
/ExtGState 14 0 R
/Font 15 0 R
>>
/Annots [
10 0 R
11 0 R
12 0 R
13 0 R
]
/Annots [
1057 0 R
]
/Contents 5 0 R
>>
endobj
I added some structure for legibility, but the essence is that you have 2 keys called "Annots" in this dictionary. That's a serious no-no for a PDF file: "Multiple entries in the same dictionary shall not have the same key".
I'm not sure how you added this signature, but apparently it didn't happen correctly. I could try to be clairvoyant here, and guess that the PDF files that do work didn't have any annotations in the PDF on the page where the signature got added.
Upvotes: 1
Related Questions
- The signature byte range is invalid in Acrobat
- Pdf signature invalidates existing signature in Acrobat Reader
- PDF Acrobat Verifying Signature
- Qualified signature showing invalid only in Adobe Reader
- Digital signature not visible in Adobe reader but visible in Foxit reader
- Visible Signature in a PDF file
- pdfBox - Signature validity checkmark not visible in Acrobat reader
- Digital Signature in PDF doesn't verify as matching after adding annotations
- Digital Signature become invalid after filling pdf form
- pdf signature requires validation vs signature has problems