Append existing signed PDF with content in such way signature stays valid. (generation next)
|
View:
New views
10 Messages
—
Rating Filter:
Alert me
|
 |
Append existing signed PDF with content in such way signature stays valid. (generation next)
by Tamas
::
Rate this Message:
Dear IText Experts,
How can I appen an existing PDF with some kind of content (e.g Image) in a way sush that the new content has incremented generation number and the signature of the original contents (with the previous generation number) stays valid? What I would like: Createing a PDF document with some kind of content. Signing it with my "tool" and send the document to an other person. iterate { The receiver person opens the PDF, modifies it (adding tables, images or comments) and signes the PDF doc with the "tool". The doc is forwarded to the next person. } At the end of the process the PDF contains all of the versions and signetures belongs to the actual version created before. What I used: To extend the pdf: PdfReader readerToModify = new PdfReader(this.inputPDF); PdfStamper stamperToModify = new PdfStamper(readerToModify, new FileStream(this.outputPDF, FileMode.Create, FileAccess.Write), '\0',true); PdfContentByte under = stamperToModify.GetUnderContent(1); Image img = Image.GetInstance(File.ReadAllBytes("hegy.jpg")); img.SetAbsolutePosition(20f, 20f); under.AddImage(img); stamperToModify.Close(); For multiple signature: PdfReader reader = new PdfReader(this.inputPDF); PdfStamper st = PdfStamper.CreateSignature(reader, new FileStream(this.outputPDF, FileMode.Create, FileAccess.Write), '\0', null, true); st.MoreInfo = this.metadata.getMetaData(); PdfSignatureAppearance sap = st.SignatureAppearance; sap.SetCrypto(myCert.Akp, myCert.Chain, null, PdfSignatureAppearance.WINCER_SIGNED); sap.SetVisibleSignature(new iTextSharp.text.Rectangle(300, 650, 450, 750), 1, null); st.Close(); The problem is that, the generation number of the image stays '0', so the first signature will be invalid. Please see the attached pdf files! ( 17 0 obj <</...) OneParagraph.pdf is the original signed file. OneParagraph1.pdf is extended with one image. OneParagraph2.pdf is extended with one image and one more signature. The desired state is a PDF with 2 versions, the first has one paragraph and a signature on the version, and second version extended with one image and one more signature on it. (In the same file.) What should I use? Any help would be appreciated! Bests, Tamas OneParagraph.pdf OneParagraph1.pdf OneParagraph2.pdf |
|
|
Re: Append existing signed PDF with content in such way signature stays valid. (generation next)
by mkl
::
Rate this Message:
Tamas,
I'm afraid, iText does not itself generate objects with generation numbers greater than 1. Hardly any PDF tool does, by the way. This does not influence the validity of your signatures, though. If you check the validity using iText, all your signatures should verify just fine as you stamp in append mode. If you check the validity using Adobe products, you either get a warning or actually an error, depending on the version of those products you use. This is due to what Adobe considers valid changes allowed after a signature is applied. This does not sound like you respect the concept of allowed and disallowed changes. Therefore, Adobe products likely will reject your signatures. The generation number does not reflect the document revision the object belongs to. The revision an object belongs to only depends on its position in the file. The reason for the invalidity most likely is that the way you add the image is recognized as a disallowed change by Adobe products. Regards, Michael. |
|
|
Re: Append existing signed PDF with content in such way signature stays valid. (generation next)
by Tamas
::
Rate this Message:
Thank you for the reply Michael, it was very useful.
So I think this is the point to me in the ISO32000 desc: Table 254 – Entries in the DocMDP transform parameters dictionary " P number (Optional) The access permissions granted for this document. Valid values shall be: 1No changes to the document shall be permitted; any change to the document shall invalidate the signature. 2Permitted changes shall be filling in forms, instantiating page templates, and signing; other changes shall invalidate the signature. 3 Permitted changes shall be the same as for 2, as well as annotation creation, deletion, and modification; other changes shall invalidate the signature. Default value: 2. " *Originally I planned to implement full version history in only one pdf and certify the (any kind of) modifications with signatures. I will search a work around but please confirm that statement the previously panned implementation (*) is impossible with itext (or with pdf at all). The generation number is still not clear for me. You mentioned: "I'm afraid, iText does not itself generate objects with generation numbers greater than 1. Hardly any PDF tool does, by the way." I found these definitions about the generation number and the incremental update. Page 21. about indirect objects: "7.3.10Indirect Objects ... •... •A non-negative integer generation number. In a newly created file, all indirect objects shall have generation numbers of 0. Nonzero generation numbers may be introduced when the file is later updated; see sub-clauses 7.5.4, "Cross-Reference Table" and 7.5.6, "Incremental Updates. Together, the combination of an object number and a generation number shall uniquely identify an indirect object." Page 41. about gereration number: "Except for object number 0, all objects in the cross-reference table shall initially have generation numbers of 0. When an indirect object is deleted, its cross-reference entry shall be marked free and it shall be added to the linked list of free entries. The entry’s generation number shall be incremented by 1 to indicate the generation number to be used the next time an object with that object number is created. Thus, each time the entry is reused, it is given a new generation number. The maximum generation number is 65,535; when a cross-reference entry reaches this value, it shall never be reused." From you: "The generation number does not reflect the document revision the object belongs to. The revision an object belongs to only depends on its position in the file. " So what does it mean? Only the IText does not support the generation higher number than 1 or something else? What is the generation number is used for? Any help still appreciated, Bests, Tamas |
|
|
Re: Append existing signed PDF with content in such way signature stays valid. (generation next)
by Leonard Rosenthol-3
::
Rate this Message:
ONLY IF an object number if reused is the generation incremented. BUT there is nothing that says that when you replace an object you have to use the same number.
So instead of replacing object "10 0 obj" with "10 1 obj", it is perfectly legal (and actually more common) to replace with some other number (eg. "11 0 obj"). Adobe's tools never write a generation greater than 0, so iText is in good company. Leonard -----Original Message----- From: Tamas [mailto:infok01@...] Sent: Monday, November 02, 2009 6:29 AM To: itext-questions@... Subject: Re: [iText-questions] Append existing signed PDF with content in such way signature stays valid. (generation next) Thank you for the reply Michael, it was very useful. So I think this is the point to me in the ISO32000 desc: Table 254 – Entries in the DocMDP transform parameters dictionary " P number (Optional) The access permissions granted for this document. Valid values shall be: 1No changes to the document shall be permitted; any change to the document shall invalidate the signature. 2Permitted changes shall be filling in forms, instantiating page templates, and signing; other changes shall invalidate the signature. 3 Permitted changes shall be the same as for 2, as well as annotation creation, deletion, and modification; other changes shall invalidate the signature. Default value: 2. " *Originally I planned to implement full version history in only one pdf and certify the (any kind of) modifications with signatures. I will search a work around but please confirm that statement the previously panned implementation (*) is impossible with itext (or with pdf at all). The generation number is still not clear for me. You mentioned: "I'm afraid, iText does not itself generate objects with generation numbers greater than 1. Hardly any PDF tool does, by the way." I found these definitions about the generation number and the incremental update. Page 21. about indirect objects: "7.3.10Indirect Objects ... •... •A non-negative integer generation number. In a newly created file, all indirect objects shall have generation numbers of 0. Nonzero generation numbers may be introduced when the file is later updated; see sub-clauses 7.5.4, "Cross-Reference Table" and 7.5.6, "Incremental Updates. Together, the combination of an object number and a generation number shall uniquely identify an indirect object." Page 41. about gereration number: "Except for object number 0, all objects in the cross-reference table shall initially have generation numbers of 0. When an indirect object is deleted, its cross-reference entry shall be marked free and it shall be added to the linked list of free entries. The entry’s generation number shall be incremented by 1 to indicate the generation number to be used the next time an object with that object number is created. Thus, each time the entry is reused, it is given a new generation number. The maximum generation number is 65,535; when a cross-reference entry reaches this value, it shall never be reused." From you: "The generation number does not reflect the document revision the object belongs to. The revision an object belongs to only depends on its position in the file. " So what does it mean? Only the IText does not support the generation higher number than 1 or something else? What is the generation number is used for? Any help still appreciated, Bests, Tamas -- View this message in context: http://old.nabble.com/Append-existing-signed-PDF-with-content-in-such-way-signature-stays-valid.-%28generation-next%29-tp26132337p26157107.html Sent from the iText - General mailing list archive at Nabble.com. ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/ ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/ |
|
|
Re: Append existing signed PDF with content in such way signature stays valid. (generation next)
by mkl
::
Rate this Message:
Tamas,
I'm afraid your description is a bit too vague to confirm anything. There you are, everytime an entry is reused, it is given a new generation number. But considering the range for object numbers there is no need for reusing used object numbers, you can easily use a completely unused one. Additionally, while changing a document in append mode hardly any software cares to find out whether any indirect objects it removes a reference to now is completely unreferenced. Therefore fairly often the list of free objects is not used at all. Currently I hardly see a use for positive generation numbers. Adobe doesn't seem to, either, as they did not even consider them when introducing cross reference streams. I tend to see them as a historical relict which must be supported for compatibility while reading a PDF; while writing, though, they need not be used. Regards, Michael. |
|
|
Re: Append existing signed PDF with content in such way signature stays valid. (generation next)
by Leonard Rosenthol-3
::
Rate this Message:
Exactly!
We even considered making them officially deprecated for ISO 32000-1...maybe I'll go do it now for part 2 (PDF 2.0)... Leonard -----Original Message----- Currently I hardly see a use for positive generation numbers. Adobe doesn't seem to, either, as they did not even consider them when introducing cross reference streams. I tend to see them as a historical relict which must be supported for compatibility while reading a PDF; while writing, though, they need not be used. ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/ |
|
|
Re: Append existing signed PDF with content in such way signature stays valid. (generation next)
by Tamas
::
Rate this Message:
Thank you again, from now the generation number is clear for me.
Michael: "I'm afraid your description is a bit too vague to confirm anything." Completion: I have 3 different certificate, AC, BC, CC and 3 xml document AX, BX, CX. version 1: I would like to create an empty pdf doc with AX as document attachment, then sign it with with AC. version 2: In the next step Id like to add BX as document attachmet and sing it with BX as visible signature. version 3: In the final step Id like to add CX as document attachment and sign it with CX as visible signature. Id like if the CC signature of the result_version_3_pdf would be valid. From the result_version_3_pdf Id like to retrieve the version 1 pdf with valid AC signature. From the result_version_3_pdf Id like to retrieve the version 2 pdf with valid BC signature. Is this possible somehow? (With the result pdf Id like to make sure that the AX is added by the owner of AC, the BX is added by the owner of BC and the CX is added by the owner of CC.) Bests, Tamas |
|
|
Re: Append existing signed PDF with content in such way signature stays valid. (generation next)
by mkl
::
Rate this Message:
Tamas,
Which tool is to be used to test validity? If you use iText, there should be no problem. If you are using Adobe software, I'm not that sure about the validity state shown during each and every phase or sub-phase of your workflow. The overall signature validity state may not always be ok. You can, on the other hand, inspect the individual signature validity states, and there should be no problem with them. You might have a small misconception, though, as for version two and three you say you add a document attachment and sign IT. Actually you don't merely sign the new attachment, you sign the whole PDF file including all formerly added attachments. By checking the signatures and comparing the attachments of the signed revisions you can do that. You should be aware, though, that it does not suffice to check whether between version n-1 to n the nth attachment has been added; you also have to check whether any former attachments have been replaced (i.e. the old attachment has been removed from the attachment list while an additional new attachment has been added). Otherwise the final document might be misleading in spite of all signatures individually being valid. Regards, Michael. |
|
|
Re: Append existing signed PDF with content in such way signature stays valid. (generation next)
by Tamas
::
Rate this Message:
Hi Michael and all the others,
IT == wholeAppendePdf and the Adobe Reader 9.0.0 used to validate the signature. These information is enough decide the implementation method. As far as I see the portable collection is a better solution, embed the different standalon versions as a collection compared to the previously described workflow. Thank you for the very accurate help! Bests, Tamas |
|
|
Re: Append existing signed PDF with content in such way signature stays valid. (generation next)
by Tamas
::
Rate this Message:
Hi Michael and all the others,
IT == wholeAppendePdf and the Adobe Reader 9.0.0 used to validate the signature. These information is enough decide the implementation method. As far as I see the portable collection is a better solution, embed the different standalone versions as a collection compared to the previously described workflow. Thank you for the very accurate help! Bests, Tamas |
| Free embeddable forum powered by Nabble | Forum Help |
