PDF signature ignored by Acrobat but visible in other validation tools
We're making a webapp whose one of the functionalities is to make PaDES signature. The code is too big to share here, but here is how the workflow looks like:
- PDF is prepared for signing by doing all the necessary transformations in browser
- Digest is calculated using the chosen algorithm
- Digest is sent to the backend were the detached CaDES signature is made using the DSS library
- The detached signature that is generated on the backend is sent back to the browser to be inserted into the prepared PDF to make a PaDES signature
The solution is working good, for most of the PDF files. However, there are some files in which Acrobat doesn't display the signature as if it doesn't exist, but when trying to do the verification with our webapp (which uses DSS in the backend for verification) everything is displayed fine. It is also displayed fine when checking it with the DSS online verification tool.
Here are the most relevant parts of the signed PDF:
1 0 obj
<</AcroForm<</Fields[1057 0 R] /SigFlags 3>>/Type /Catalog /Pages 3 0 R
/Dests 8 0 R
/Metadata 1056 0 R
>>
.
.
.
1057 0 obj
<<
/FT /Sig
/Type /Annot
/Subtype /Widget
/F 132
/T (Signature1057)
/V 1059 0 R
/P 3 0 R
/Rect [335.17360432942706 796.500010172526 535.173604329427 746.500010172526]
/AP <<
/N 1060 0 R
>>
>>
endobj
.
.
.
1059 0 obj
<<
/Type/Sig
/Filter/Adobe.PPKLite
/SubFilter/ETSI.CAdES.detached
/Name (Name)
/ContactInfo ()
/Location (Location)
/Reason ()
/M (D:20200813165733+02'00')
/Contents <3082104b06092a864886f70d010702a082103c30821038020101310f300d06096086480165030402010500300b06092a864886f70d010701a0820d57308206e2308204caa003020102020944e5524cc00bede260300d06092a864886f70d01010b0500304a310b30090603550406130252533110300e06035504070c0742656f67726164310f300d060355040a0c064e65745365543118301606035504030c0f436c6f7564204341204e6574536554301e170d3139313231383133343231395a170d3232313231383133343231395a30819d310b3009060355040613025253310f300d06035504080c065365726269613111300f06035504070c0842656c6772616465310e300c06035504110c053131303730311a301806035504090c1150617269736b65206b6f6d756e652032343112301006035504040c095261646f7365766963310f300d060355042a0c064e696b6f6c613119301706035504030c104e696b6f6c61205261646f736576696330820122300d06092a864886f70d01010105000382010f003082010a0282010100cf2e36a81919b993cb52b88235a258b2b008a770862a42c1724e9652826a6394bf2426ca450946bb3726306162474e75003d532182b3fe492e099503a11e10429624611998ac2ff0942f729d3d275228bdcee172ffab42fb10509aa796cad95fd79a82fc8ee29f74c4ca0d76aa64f6f16d5b6f5c281eea870ea7054633a5b5b6eb06b7abbb60752f6cf5c17c3967e1d4b1a401d54d7579c256c04b9f7c293a7d9c8c566e4ad92c32574de1da9afcddb282506e2cf77de31c543f5291e439480705d246142d41e7566e92f1cf4115c286e88a7a3a564a9395cf64a2570fc691c74393907695d7c76a6317123a5342b0ea39239ba0e93a2c862e2eafe87a3064ad0203010001a38202753082027130090603551d1304023000300e0603551d0f0101ff0404030206c0301f0603551d2304183016801403e93e995d06eef7519b67deff9cea818009e456301d0603551d0e04160414e930d3083630ac3da05cefaf64efceb6256ddf5430400603551d1f043930373035a033a031862f687474703a2f2f7374617266697368746573742e6e6574736574676c6f62616c2e72732f636c6f756463612e63726c30819d06082b060105050701030101ff04818d30818a303a06082b06010505070b02302e060704008bec49010130238621687474703a2f2f63612e6e65747365742e72732f646f6b756d656e746163696a613008060604008e4601013008060604008e4601043016060604008e460102300c1303657572020100020203e8300b060604008e4601030201143013060604008e4601063009060704008e4601060130819806082b0601050507010104818b308188303b06082b06010505073002862f687474703a2f2f7374617266697368746573742e6e6574736574676c6f62616c2e72732f636c6f756463612e637274304906082b06010505073001863d687474703a2f2f706b7363612e6e6574736574676c6f62616c2e72733a383038302f6f6373702f726573706f6e6465722f706b73636c6f75646f6373703081960603551d2004818e30818b3027060604008b300101301d301b06082b06010505070201160f687474703a2f2f657473692e636f6d3027060604008b300102301d301b06082b06010505070201160f687474703a2f2f657473692e636f6d300b060704008bec4001023000302a06092a817a01690a040103301d301b06082b06010505070201160f687474703a2f2f6e656b692e636f6d300d06092a864886f70d01010b05000382020100269f2baeed5bc772c3606da57ebba2b4ef6a715d82c2018d5973edd74cc08bf9f266363f1ef3289e34060bce9b52463210cc36d5c8d87c7742b3c04b5227792391db8f686d19866f457c7e47a722d279619b35d7bf569cc2cf599fd13c81f938ce8b08f2d1eb2613e7259b8f59c0e34b5403246e94ef891b4293762677ccd9516f5e2ca36f4b7827f671b2463785bf8804454f2fc2a7de84114cf602d241040aad943d991198a3858a65acf1b468a9b006dc859ffaa46510d16253e72385d57535802288c9ddeb8114ebecdbc4e267d17e188c9cf4d7180b79a4b8bab89d03d6a5011e601f12fc2c132f33e8b872092a4dff6182e0b45536a23dfb2b7eeeffb34540e306c4d1e6e4d595086f76ecf5e2e1ab713a87a5785aea9eea518d391b8982893f2bae03a14ed13cbff25494713c1b79e6dbcdc50059f9df92b4000c597c499b0e654e7defb348ddcf35cb3f51ebb4d934b0395dcd7952a2ac1c1ab5dcc8271b21f54276c0da3a91a54dcf68d9b30c274e968c467d5b3f188535987ed8898444bc8779b405889c54960681863986ebccd4266ae3de4cebc0bf15f7d91bfb41708df87a95a6da46fb951b7b9aaffee53b38e75f582f9b851ea61685f1e60014264fc8bfcb31697653fa68c997cacb033fd4cafdffdfd9fb6d6a52027cc6680c1418d7902ddb11245cc006df2332234740d7d4579f56733308d97d9208e1803082066d30820455a003020102020917664a8436102867b6300d06092a864886f70d01010b05003049310b30090603550406130252533110300e06035504070c0742656f67726164310f300d060355040a0c064e65745365543117301506035504030c0e526f6f74204341204e6574536554301e170d3139313231373038343234355a170d3434313231363137333034355a304a310b30090603550406130252533110300e06035504070c0742656f67726164310f300d060355040a0c064e65745365543118301606035504030c0f436c6f7564204341204e657453655430820222300d06092a864886f70d01010105000382020f003082020a0282020100b47b0b9d976f18457719af6a147880e006ec1cd472bacc31a58327eb2aa7e162e0e113128b0a0bed1950a8ae0bff962f132928bd434a7e0c887c17e610f243ebda0419fa4b2fba4bda643796cf7d97a7e8e0b0828b383c850e95d87210dee367f64520ffbc093720658a899f9f988eb7a08d8bca0615e1b6e4fa058d0c1f00b7b2c09b05099aa193aec4e989bae4d59bfc9d044e281927fbb88e9d23cf9676c75b27890cf04de07a38b0d129fa1de1fd10cc360757738adc9bd9677bfea812aa8611729cf3a114cd6233ed9c4c705a10e5c6f03f7117bfeb04988c3d96a193e18506ddc44819db7d083bc0cdad8335bae0a7a44b2a56c404bb43c87673e9ab9ec321f341cbad17176ad77db663a20b676cc338c6b36e58aa13f1e61ad596ed176d9d2b0bdd36c3cabab22410607d62f97c8349877efabdaf16dce49ef4a67c7780b1bb30b9250bdb5fbdad84d56d43be3484ca6e5bdec3666a230ab5fec46b056beedc8b2e43bb6106f682d5026d3393d73f652f2a83db15d3ad4a5be9b7df0d04d8a0bcbbabc2f791c72ece6d3911936a9c3ea99d4b7f6f101d15ab45032f693fbef1a78d90b48de23ef3b70148c1833e563bcc9259677ed15f869dff111492bd986221082abdac1d0ce1d2c5683a25e4db27c849a818d8fe1cc01207345653305749878c6d09db0e3f04bdae444046a8294c640eafff35114b9f71a1e874750203010001a38201553082015130120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301f0603551d23041830168014e265e5d9a4b6b03700cd20a6d65b7140f1be4e5b301d0603551d0e0416041403e93e995d06eef7519b67deff9cea818009e456303f0603551d1f043830363034a032a030862e687474703a2f2f7374617266697368746573742e6e6574736574676c6f62616c2e72732f726f6f7463612e63726c304a06082b06010505070101043e303c303a06082b06010505073002862e687474703a2f2f7374617266697368746573742e6e6574736574676c6f62616c2e72732f726f6f7463612e637274305e0603551d200457305530530604551d2000304b302e06082b060105050702011622687474703a2f2f6e65747365742e72732f646f6b756d656e746163696a612e706466301906082b06010505070202300d0c0b4e657453657420646f6373300d06092a864886f70d01010b050003820201001ac4e839342cc09ec23dbb6f4e325b6e2f494d502fd6bda7095e4699f4b477464fb10898eff7a09d40c51fc9e3ad67f08ca9762955ce89b9d6076551618d665b65532b426c2101abad0f528a19aa9c18d99f71dbd8c9299cbb50b610867af26c3a59e9ed995677ab490a75d88fd2452dacfcb88b7520b500f54ab66eba612c082448dd51202cce3ea5084a8ccf8045dea6804d6a9d399414f2c86a012aa9beb5773d88e67056023e203a006e93080805ee3d7b57c8537217145be51c3c96583e981a0f10a3f31ffa914ea531caa3960baf02336a9ccf271439057217899e77d7d86b46bf02354abb7ba18578434a20918b4eb1d4b753947c07457a682d69f8938c5c25d80bc0cd24fc2b41bbe4ecb8ccbecdab68755706c9f9df462fe3266f1c1c6cbc405587db22e210d847c19210bfe1cbda5af5994a6651527a819ae27bd09de8359c50a7c80155978e17c32e64e6e191c3ee39f92e82699457b644a4b36e26bbfd803fc37b15d41f3bb855c3e199d01a26d6d6b97ea1b9fbc50964246449c6c580299884e741656ac907dc44f348b171b581ffd23bfd962ba42e7c89876ee3c5212a5dd1046ad5a5547fd762881b3045b809bc492317d73e9ebd9788028ab428a2178db972466c16b595002670f089154516f0cc17f6352575fe8d314b17fee1aa610c5e2a70c7c9f8f9880b1dc99a50d9ba9f4db469f7bc2c61af90ae4d318202b8308202b40201013057304a310b30090603550406130252533110300e06035504070c0742656f67726164310f300d060355040a0c064e65745365543118301606035504030c0f436c6f7564204341204e6574536554020944e5524cc00bede260300d06096086480165030402010500a0820132301806092a864886f70d010903310b06092a864886f70d010701301c06092a864886f70d010905310f170d3230303831333134353830325a302d06092a864886f70d0109343120301e300d06096086480165030402010500a10d06092a864886f70d01010b0500302f06092a864886f70d01090431220420e1e4ce48e389182ecc1ea924190b2ac21fe9a967542fd3d86db0ae1f63019575308197060b2a864886f70d010910022f318187308184308181307f04201e7237e91573f4cd8f76c4c57f2db25be8efe728f4f916cebee707c3bd23f512305b304ea44c304a310b30090603550406130252533110300e06035504070c0742656f67726164310f300d060355040a0c064e65745365543118301606035504030c0f436c6f7564204341204e6574536554020944e5524cc00bede260300d06092a864886f70d01010b050004820100c4d080863e1edce5cd5d7d8634e477ac6697e9e881b21fa4b6033a5b0d1fa8adf2afab5d972e4637bda97b49017308f78ff2329fbd16e31642d5f38f4fa27f44fbb50725c76bfb951cbd8f3b0a492bee6f0d9e7bc2ea41a7c67e97c3ea58deabcb5799d558c350822b4a2689ed1ff2991d9322a0b66574aa83e0d16607adff088a11723eff1ef0c5505e7f98b57ddbe3bb66b2cd94d1ab62b3f32cb8af80f3dcb6a13aeca316f0ac7c448884fa77fb01bf67be38fab46f9b40fe08202d118e56a1b5c0db45a4cf368aa3f586b585fd63805ec316b338498d8873be2c9e2663f880e48b99993ade775d3584d412222ae5014bdf064d83715cfb90d40be20aba910000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000>
/ByteRange [0000000000 0000220234 0000236618 0000022770]>>
endobj
.
.
.
trailer <<
/Size 1064
/Root 1 0 R
/Info 2 0 R
/ID [<a48978cd2c166094b3e771ab606ea301><531ccc430c71ee517274ec4d5f6e2c34>]
>>
Everything seems fine, but for some reason Acrobat is ignoring the signature. Here's the whole file if you'd like to take a look: https://easyupload.io/2lrfg8
Solution
There are multiple errors in the signed PDF.
As @David in his answer mentioned, there are two Annots entries in the first page.
As I already wrote in a comment, the P entry of the signature (field and) widget object points to a Pages inner node of the page tree, not a Page leaf node.
The FRM form XObject has an error in its content stream:
q 1 0 0 1 0 0 cm /n2 Do Q\n(That "\n" is indeed a backslash and an 'n', not a newline character.)
There is a broken object 1062 containing stream content in the dictionary
1062 0 obj << /Length q 1 0 0 1 0 0 cm /img1 Do QThe cross reference offsets are incorrect, at least for the objects related to the signature.
If one fixes these issues by
- joining the two Annots entries into one,
- changing the P entry to point to the correct Page dictionary,
- removing that "\n" sequence,
- replacing the stream content in the dictionary by the actual stream length, and
- correcting the signature related cross reference entries,
Adobe Reader displays the signature; obviously as invalid, though, after all those repairs changed the file:
Thus,
Everything seems fine, but for some reason Acrobat is ignoring the signature.
as explained above there are many errors in the file, so Adobe Acrobat cannot be blamed for not showing your signature. So it's actually the other way around, any signature validation software that ignores that many errors and then still validates the signature without any warning, is buggy. Such errors might cause the file to display differently on different viewers, so the trustworthiness of the signature is limited. This could actually be used as another attack vector on PDF signature validation.
(Be aware, the errors mentioned above probably are not the only ones, merely those I stumbled over when analyzing the issue at hand.)
- How to get rid of the red box around hyperlink in PDF?
- How to rotate only Table, using borb (PDF library) python?
- How to insert a page break in HTML so wkhtmltopdf parses it?
- How do I determine the size of a pdf with pdf.js so I can scale to the screen size?
- How to interpret signatureCoversWholeDocument() == false?
- How to embed a local pdf file in mkdocs generated website on github-pages?
- How to skip choosing folder in microsoft pdf printer?
- Efficient multipage PDF creation using matplotlib subplots in Python
- ! LaTeX Error: Missing \begin{document}. Error: LaTeX failed to compile paper_template.tex
- Understanding PDF operators - for iOS app
- send DDE command to pdf document in SUMATRA PDF on subform
- How to add page number for every page in laravel dompdf?
- Where can I a mapping of Identity-H encoded characters to ASCII or Unicode characters?
- Reading ascii data with iText fails
- How do I center the entire DataTable in the pdf using JQuery pdfHtml5
- Signing a PDF with an external signature using a smartcard using iTextSharp 5 gives formatting errors C#
- How can I put JavaScript code into a PDF document?
- PDF Blob - Pop up window not showing content
- .doc to pdf using python
- Extract text per page with Python pdfMiner?
- ImageMagick: How do I convert pdf to jpg? I get ERROR: no decode delegate for this image format
- Overlaying two PDFs with an alpha mask at 50%
- React pdf-renderer does not display characters č, ć and đ
- Python converting DXF files to PDF or PNG or JPEG
- how to implement the Eurion constellation security measure
- Create PDF from a list of images
- How to download PDF automatically using js?
- Trying to deploy puppeteer on vercel using nodejs
- ghostscript: how to marge in a single pdf different pages from multiple pdf
- How to convert a PDF into JPG with command line in Linux?