iText无法验证由nitro pro 10/11编辑的签名PDF文档 [英] iText can not verify signed PDF document was edited by nitro pro 10/11

问题描述

我使用nitro pro 10/11编辑签名的PDF文档。

I used nitro pro 10/11 to edit a signed PDF document.

Adob​​e Reader可以识别文档内容已被修改，但iText（V5.5.6 / V7.0.2）可以完整性检查。

Adobe reader can recognize the docs content has been modified, but integrity check is ok by iText (V5.5.6/V7.0.2).

如何使用iText检查完整性是否正确？

How can i check whether the integrity is correct using iText?

推荐答案

iText提供了一个API来验证每个集成签名，并检查它是否涵盖整个文档。但是，它不会检查是否允许更改增量更新。

iText offers an API to validate each integrated signature and to check whether it covers the whole document. It does not check, though, whether changes in incremental updates are allowed changes.

PDF可以通过称为增量更新的机制进行更改。此机制仅附加到文件，保持原始字节不变。每次这样的增量更新时，文件的新版本都会添加到文件中。

PDFs can be changed by a mechanism called incremental updates. This mechanism only appends to the file leaving the original bytes unchanged. With each such incremental update a new revision of the file is added to the file.

集成的PDF签名签署文档的完整修订版本，将文档添加到文件中实际签名字节明显例外。

Integrated PDF signatures sign the complete revision of the document in which they were added to the file with the obvious exception of the actual signature bytes.

因此，前修订版的签名即使后来的版本完全改变了PDF的显示方式，它仍然可以正确地标记其字节范围。

Thus, a signature of a former revision still correctly signs its byte ranges even if a later revision completely changes how the PDF is displayed.

与常见的签名用例一样，签名的内容不应随意更改， PDF规范仅考虑对签名修订的增量更新中的极少数类型的更改有效，参见有关堆栈溢出的此答案以及从那里引用的文档。

As in common signing use cases content someone signed should not be arbitrarily changed, the PDF specification only considers very few types of changes in incremental updates to signed revisions valid, cf. this answer on stack overflow and the documents referenced from there.

iText提供了一个API来验证每个集成签名，特别是此验证检查集成签名是否正确地标记了它应用的字节。

iText offers an API to validate each integrated signature, in particular this validation checks whether that integrated signature correctly signs the bytes it applies to.

iText进一步确定签名是否涵盖整个文件，即文件的最新版本。

iText furthermore determines whether a signature covers the whole file, i.e. the latest revision of the file.

iText 不提供简单的API函数，用于检查是否允许对签名修订的增量更新中的更改。

iText does not offer simple API functions, though, that check whether the changes in incremental updates to signed revisions are all allowed.

此任务实际上肯定是非由于允许的更改没有详细说明，因此很简单;我不知道它有任何适当的开源实现。甚至用于此检查的代码中的Adobe Reader也有许多错误否定的PDF，其中允许的更改的实现方式与Adobe Reader本身所做的不同，例如请参阅此答案。

This task actually is decidedly non-trivial as the allowed changes are not specified in deep detail; I am not aware of any proper open source implementation of it. Even Adobe Reader in its code for this check has many false negatives for PDFs in which the allowed changes are implemented differently than Adobe Reader would have done it itself, e.g. see this answer.

iText确实提供低级别但是，欢迎任何人在iText上实现这些测试。

iText does offer the low-level tools to implement such tests, though, so anyone is welcome to implement them on top of iText.

您可以使用iText 5.5.10执行支票，如下所示：

You can execute the checks with iText 5.5.10 like this:

PdfReader reader = new PdfReader(resource);
AcroFields acroFields = reader.getAcroFields();

List<String> names = acroFields.getSignatureNames();
for (String name : names) {
   System.out.println("Signature name: " + name);
   System.out.println("Signature covers whole document: " + acroFields.signatureCoversWholeDocument(name));
   System.out.println("Document revision: " + acroFields.getRevision(name) + " of " + acroFields.getTotalRevisions());
   PdfPKCS7 pk = acroFields.verifySignature(name);
   System.out.println("Subject: " + CertificateInfo.getSubjectFields(pk.getSigningCertificate()));
   System.out.println("Document verifies: " + pk.verify());
}

（ VerifySignature 测试 testVerifyBabyloveSigned ）

OP示例文件的输出为：

The outputs for the OP's sample files are:

babylove_signed.pdf
===================
Signature name: Fadadaf1a333d3-d51a-4fbb-ad22-bbdcaddd7d8e
Signature covers whole document: true
Document revision: 1 of 1
Subject: {C=[CN], OU=[fabigbig, Individual-1], CN=[051@???@352229198405072013@2], O=[CFCA OCA1]}
Document verifies: true


babylove_signed&modify_by_nitro.pdf
===================
Signature name: Fadadaf1a333d3-d51a-4fbb-ad22-bbdcaddd7d8e
Signature covers whole document: false
Document revision: 1 of 2
Subject: {C=[CN], OU=[fabigbig, Individual-1], CN=[051@???@352229198405072013@2], O=[CFCA OCA1]}
Document verifies: true

如您所见， signed.pdf 只有一个版本，其集成签名有效，并且它涵盖了整个文件。 signed& modify_by_nitro.pdf 有两个版本，其集成签名有效但仅涵盖第一版。

As you see, signed.pdf has only one revision, its integrated signature is valid, and it covers the whole file. signed&modify_by_nitro.pdf has two revisions, its integrated signature is valid but it covers only revision one.

因此，iText表示，虽然后一个文件中的签名确实正确签署了其修订版，但第二版中可能会有任何更改。

Thus, iText says that while the signature in the latter file does correctly sign its revision, there may be any amount of changes in the second revision.

这篇关于iText无法验证由nitro pro 10/11编辑的签名PDF文档的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！