|

iText - General

Verify that a signed PDF file is generated from a specific PDF file

View: New views

3 Messages — Rating Filter: Alert me

	Verify that a signed PDF file is generated from a specific PDF file by Ale123 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I am using iTEXT libraries. I need to verify that a signed PDF file is generated from a specific PDF file. I try to better describe the scenario: I have a PDF file called PDF1. I affix to it the signature, so I obtain a signed PDF file, that we call PDFs. I need to find a way to verify that the PDFs file is generated from PDF1 file: if PDF1 has been modified in PDF2 before the signature, I need to be able to understand that the file has been modified and that the PDFs file hasn't been generated from PDF1. Is it possible to verify it? thanks! alessandro
	Re: Verify that a signed PDF file is generated from a specific PDF file by Paulo Soares-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message That's not possible to do. The objective of signatures is to make sure that the signed doc was not altered and was signed by someone. You apparently don't trust the guy signing it or the guy that delivered him the doc to sign. It looks like you need a pdf comparer such as the one in Acrobat or a better workflow or a policeman. Paulo ________________________________________ From: Ale123 [alessandrolinguanti@...] Sent: Friday, November 06, 2009 10:38 AM To: itext-questions@... Subject: [iText-questions] Verify that a signed PDF file is generated from a specific PDF file Hi, I am using iTEXT libraries. I need to verify that a signed PDF file is generated from a specific PDF file. I try to better describe the scenario: I have a PDF file called PDF1. I affix to it the signature, so I obtain a signed PDF file, that we call PDFs. I need to find a way to verify that the PDFs file is generated from PDF1 file: if PDF1 has been modified in PDF2 before the signature, I need to be able to understand that the file has been modified and that the PDFs file hasn't been generated from PDF1. Is it possible to verify it? thanks! alessandro Aviso Legal: Esta mensagem é destinada exclusivamente ao destinatário. Pode conter informação confidencial ou legalmente protegida. A incorrecta transmissão desta mensagem não significa a perca de confidencialidade. Se esta mensagem for recebida por engano, por favor envie-a de volta para o remetente e apague-a do seu sistema de imediato. É proibido a qualquer pessoa que não o destinatário de usar, revelar ou distribuir qualquer parte desta mensagem. Disclaimer: This message is destined exclusively to the intended receiver. It may contain confidential or legally protected information. The incorrect transmission of this message does not mean the loss of its confidentiality. If this message is received by mistake, please send it back to the sender and delete it from your system immediately. It is forbidden to any person who is not the intended receiver to use, distribute or copy any part of this message. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ iText-questions mailing list iText-questions@... https://lists.sourceforge.net/lists/listinfo/itext-questions Buy the iText book: http://www.1t3xt.com/docs/book.php Check the site with examples before you ask questions: http://www.1t3xt.info/examples/ You can also search the keywords list: http://1t3xt.info/tutorials/keywords/
	Re: Verify that a signed PDF file is generated from a specific PDF file by mkl :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Alessandro, Ale123 wrote: I have a PDF file called PDF1. I affix to it the signature, so I obtain a signed PDF file, that we call PDFs. I need to find a way to verify that the PDFs file is generated from PDF1 file: if PDF1 has been modified in PDF2 before the signature, I need to be able to understand that the file has been modified and that the PDFs file hasn't been generated from PDF1. Is it possible to verify it? How much control do you have concerning the details of the signing procedure? If you control the very code of signing (e.g. a Java application using iText for merely adding an invisible signature field to the last document page and signing the document in it in append mode), it should not be too big a problem to verify that 1. the prior document revision of PDFs is byte-by-byte identical to PDF1; 2. then PDF object and cross reference additions and changes correspond to those that your application generates in such a case. I.e. your problem is solvable. If on the other hand the software signing the document is completely out of your hand, or there simply is no single software but any software for signing PDFs may be used, things get harder. Individual comparison of the PDF objects is likely to become necessary. If the signing software is even even allowed to first clean the document of duplicate or unused object, reduce the embedded fonts down to the actually used characters, linearize the document, etc., you very likely are out of luck. Regards, Michael.