为什么这两个itext 7签名和验证文档中的一个对Adobe DC阅读器无效? [英] Why is one of these two itext 7 signed and validated document is not valid with Adobe DC reader?
问题描述
我有两个pdf文件经过认证(使用基于Itext 7的相同机制进行签名和验证),当我使用adobe reader DC检查其有效性时,只有一个有绿色标记。
好的:
不幸的是,在特定情况下,iText 7在非附加模式下使用时会引入规范不允许的更改。问题是iText引入了小节。这是规范允许你做的事情,但第一次修订明确禁止这样做:
第7.5.4节交叉引用表
[...]对于从未进行过增量更新的文件,交叉引用部分只应包含一个子部分,其对象编号从0开始。[...]
下面你会发现在非附加模式下使用iText后第一个版本的外部参照,每个彩色矩形都是一个新的子部分。为了顺从,应该只有一个矩形。
这将在即将推出的计划于7月底发布的7.0.4版本中修复。
I've two pdf documents certified (signed and validated with the same mechanism based on Itext 7 ) and when i use adobe reader DC to check their validity, only one has the green mark.
the good one: https://1drv.ms/b/s!AkF6t4TavwMvgxWaidlUqvPvHH1r
the bad one: https://1drv.ms/b/s!AkF6t4TavwMvgxQCMdGY61S1EvUh
Regards
David L
This is not an Adobe bug, it's a feature. (And an iText bug)
When Adobe performs the cryptographic validation, it will also perform additional checks to see if a signature was attacked or not. It analyses several suspects and if that analysis turns out negative, Adobe will show you an error message. This is Adobe misreporting the analysis and validity. However, there is a work around for these hidden requirements.
First of, iText was used in non-append mode to modify the document:
Unfortunately, in specific cases iText 7, when used in non-append mode, introduces changes that are disallowed by the specification. The issue is that iText introduces subsections. That is something the specification allows you to do, but this is explicitly disallowed for the first revision:
Section 7.5.4 Cross-Reference Table [...] For a file that has never been incrementally updated, the cross-reference section shall contain only one subsection, whose object numbering begins at 0. [...]
Below you'll find the xref of the first revision after iText was used in non-append mode, every colored rectangle is a new subsection. To be compliant there should only be one rectangle.
This will be fixed in the upcoming 7.0.4 release, planned for end of July.
这篇关于为什么这两个itext 7签名和验证文档中的一个对Adobe DC阅读器无效?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
