PDF signature validation problems

Hi all,

I have come to a problem about the validation of PDF signatures. The extraction of the signed data from the PDF is not the same with iText than with Adobe.

If I’m not wrong, iText takes the “/ByteRange” associated to a signature to calculate the digest of the data. In some cases, is possible to modify the data of the PDF (for example with form’s fields), without these changes affecting the ByteRange. But the visualization of the document changes, so if there is a signature which covers that form field, the signature should be considered invalid. If the changes in the form field are included at the end of the document, it does not affect the ByteRange, so iText is not able to detect these changes. The problem is that Adobe does. So, Adobe and iText are returning different validation results.

In the attachment, I send you 2 documents, for making it more understandable:

test1.pdf à PDF document certified and with 2 signatures, each one covering different parts of the form.

test2.pdf à The same PDF but with the form field “Name” modified. iText says all signatures are valid. Adobe recognizes the changes, and invalidates the signature which covers that form field. If you look inside the PDF, you will see that changes are included at the end of the document, so do not affect the ByteRanges of any signature.

My question is if has someone else got this problem, and if so, if there is any way to reach it within the actual iText last version? Or  we will have to wait to a future implementation of the feature? If it is an actual bug, will it be reached in the future?

Thanks in advance to you all,

Áurea