We have been experimenting with itextsharp a lot lately and found that in certain cases it seems to fail to correctly verify modified PDF documents -- or (more likely) we do something the wrong way.
Attached, please find two files:
- test_sign.pdf is a PDF file created and signed with itextsharp, verifies OK both in itextsharp and in Acrobat Reader;
- test_modified.pdf is the same file modified by hand in a random byte.
test_modified.pdf fails verification in Acrobat Reader ("Signature is invalid", "Document has been altered or corrupted since it was signed") but our code below verifies it as OK.
byte[] pdfcontent = File.ReadAllBytes(@"test_modified.pdf");
PdfReader reader = new PdfReader(pdfcontent);
AcroFields acrofields = reader.AcroFields;
ArrayList namelist = acrofields.GetSignatureNames();
bool IsModified = false;
string[] names = (String[])namelist.ToArray(typeof(String));
foreach ( string name in names ) {
PdfPKCS7 pdfpkcs7 = acrofields.VerifySignature(name);
if ( !pdfpkcs7.Verify() )
IsModified = true;
}
Console.WriteLine(IsModified);
What is the right way to check message integrity? What do we do wrong?
Thx,
FC
