We sign PDF documents by ELDOS.SecureBlackBox library which can place visible signature everywhere in document, but if we generate PDF dynamically by HtmlToPdf, right place for visible signature is various. This problem can be solved by adding signature field to PDF document and SecureBlackBox shows signature on this place. But the question is, how can I add a signature field with HtmlToPdf.
Related
I have a pdf document with multiple signature fields. The first field is signed with a certification signature. Whenever an approval signature is added to my document, a new revision is created and it is possible to view this specific revision in acrobat.
Is it also possible to view the original/initial version of the document? I cannot find this option in acrobat reader.
Edit: #mkl showed me the solution. I didn't find this option before, because I always used a rather old sample pdf from adobe (see screenshot).
For some reason the 'View signed version' option is not available there
[For] an approval signature [...] it is possible to view this specific revision in acrobat.
Is it also possible to view the original/initial version of the document? I cannot find this option in acrobat reader.
In your screen shot you show that the option to view the signed revision is immediately accessible from the signature panel for approval signatures but not for certification signatures.
If you right-click a signature there, though, to get its context menu, you'll find that option there for certification signatures, too:
PS: In English speaking forums it may be better to switch the language of a program to English before making a screen shot.
In a comment you say about that option that
for the sample doc I always used for evaluating, it is not available (see my edit). Do you have any idea what's different?
Your example file is not a "normal" PDF, it merely serves as a container for transporting a XFA form definition. (These piggyback XFA definitions have been deprecated in ISO 32000-2.)
When Adobe Reader (or an other XFA aware PDF viewer; there are not many) displays such a PDF, it ignores regular PDF contents completely and instead draws a form based on the attached XFA XML file.
Apparently Adobe's signature panel does not support the same features for such XFA PDFs as it does for "normal" PDFs.
I want to insert blank page at end of the digitally PDF using itext library.and my confusion is adding pages will invalidate the existing signatures?
Thank you.
To put Joeri's answer into context, have a look at the Adobe technical white paper Adobe Acrobat 9 Digital Signatures, Changes and Improvements, especially its section "Allowed and disallowed changes." Here Adobe clarifies the allowed changes (as seen by Acrobat 9 and up) that can be made to a certified or signed document without invalidating the signatures applied to the document.
Allowed actions for certified documents
Certified with no changes allowed
Allowed
No changes allowed
Disallowed
Digitally signing
Supplying form field values
Adding or editing annotations
Adding form fields
Changing page content
Certified with form fill-in and digital signatures allowed
Allowed
Supplying form field values
Digitally signing
Disallowed
Adding or editing annotations
Adding form fields
Changing page content
Certified with annotations, form fill-in, and digital signatures, allowed
Allowed
Adding or editing annotations
Supplying form field values
Digitally signing
Disallowed
Adding form fields
Changing page content
Allowed actions for signed but uncertified documents
Allowed
Adding signature fields (see Limitations on adding signature fields to signed but uncertified documents)
Adding or editing annotations
Supplying form field values
Digitally signing
Disallowed
Adding form fields other than signature fields
Changing page content
As you see "Changing page content" always is in the "Disallowed" category. As adding a page changes page content — afterwards there is at least a white page where there used to be nothing —, this is not allowed.
(Even though not explicitly mentioned here, instantiating page templates most likely also is allowed whenever form fill-ins are allowed as that would conform to the PDF standard, cf. ISO 32000-1 section 12.8.2.2.2. But making use of such page templates would at least require the document to be specially prepared before signing, and your question sounds like the documents are already signed without any such preparation...)
PS: Obviously even these allowed changes need to be added in append mode aka incremental updates. Anything else will break the signature for good. For some backgrounds see this answer.
Yes it will. The signature is based on the content that is signed, so if you change the content, the signature is no longer valid.
If you're the signer, you can just sign the document again.
Whether the pages you add are blank is irrelevant.
If I apply a digital signature on a PDF file which contains another PDF files attached on it, does the signature apply to the whole document including attachments, or only to the "main" PDF ?
The goal is to detect any modification on any part of the document itself and all the files attached.
The signature on the parent document will calculate it's checksum based on all the bytes in the file. If any of the attachments are modified and saved back to the parent file, you will be able to detect that the entire package has changed but unless you also sign the child documents, you may not be able to tell which of the children was changed.
You may also want to invest in a certificate that is already on the Adobe Approved Trust List so that the document will appear valid when first opened and the use won't need to install your specific certificate. You can read more about this at the URL below.
http://helpx.adobe.com/acrobat/kb/approved-trust-list2.html
Assume, you have a PDF with attached files. From the point of view of PDF structure and PDF syntax, these attachments are represented by embedding some "standard" PDF objects including "streams".
When you digitally sign this PDF file, the signature is valid for the complete PDF file, consisting of all PDF objects (thusly including the attachments).
Should someone extract a copy of the attached files, modify them and then re-attach these, it will change the contents of the PDF. Hence the signature will become invalid by this change, which leads to the detection of the modification.
What you cannot detect:
if a copy of the attachment has been extracted (leaving the original PDF un-modified)
I am using FOP to generate the PDF from XSL:FO and iText to apply the digital signature and signed date field in the PDF.
Problem is i am using co ordinates to apply the signature and date in the generated PDF.
The PDF are large, dynamic and changing always based on content. therefore the signature and date fields were not positioned Properly by the co-ordinates specified.
I googled to find solution for a long days. But i didnt get any solutions.
Can u please any one suggest me to create the PDF form fields in the PDF using FOP?
Then i can apply signature and date fields by using iText.
Please tell me any other technology to try to solve this problem?
The problem is that FOP doesn't create signature fields whereas iText needs a page number and coordinates (either defined by you or by a signature field).
Where do you want the signature to be placed?
Is it always on the first page? Always on the last page?
Can you put some unique text at the location where you want the document to be signed?
I'm asking this because you could put words like SIGN HERE on the last page, and then use TextRenderInfo to retrieve the coordinates of those words. See http://itextpdf.com/examples/iia.php?id=275 in combination with http://itextpdf.com/examples/iia.php?id=282
The TextRenderInfo class has methods such as getBaseLine(), getDescentLine(),... who give you LineSegment object which reveal the coordinates of each snippet of text in your PDF.
There are plenty of caveats: FOP could cut the words SIGN HERE in different snippets, such as "SIG", "N", "HE", "RE" which would make it difficult to recognize the unique string, but it's worth investigating.
Using Acrobat 9, if I sign a PDF using a self-signed certificate and then edit the PDF after I sign it, Acrobat will inform me that there is a valid signature on the document but that the document also has unsigned changes. If I then sign the PDF again and look in the signature panel, it will show the first signed revision with a valid signature, notate that changes were made after the first revision was signed and then show a second signed revision with a valid signature.
I am trying to duplicate that behavior using iTextSharp. In code, I create a PDF and sign it. Then, I edit the PDF and sign it again. When I open the document in Acrobat, it shows both revisions but marks the first revision as an invalid signature because the document was altered. From what I can gather, I think iTextSharp is signing the entire document rather than just the first revision inside that document. I have set the Append parameter to true in both the PdfStamper and PdfSignatureAppearance constructors, but it does not seem to have any effect.
Since I can get the desired result using Acrobat, I am assuming I am just not using iTextSharp correctly. Can anyone shed some light on this?
You have to update the existing PDF instead of rewriting it entirely. Set the following attributes to true to enable updating.
PdfReader reader;
...
reader.Appendable = true;
Adobe does this with layers I suppose. Each revision of the PDF is probably placed in a different layer and then signed. If iText supports layers, you may be able to do it in a similar way.