pdfdigital-signatureacrobatpkcs#7pades

Signature is still valid after adding some extra bytes to the end of the PDF file


I wonder if someone knows why Adobe Acrobat Reader allows one to add like 3 extra bytes to the end of a signed PDF without saying that the signature is invalid and also if there is a way to prevent this?

enter image description here


Solution

  • First of all, the file with your manipulation is not a valid pdf anymore, according to the PDF specification the last line of a PDF must contain "%%EOF" and nothing else. Thus, any strict validator must reject your file.

    Unfortunately Adobe for many years has declared that they accept files as pdfs in which the final "%%EOF" only occurs somewhere in the final kilobyte instead of at the actual end. Thus, Adobe Acrobat (and many other pdf viewers following its lead) will accept your file in spite of its error.

    This of course means that they have to deal with such extra bytes somehow during signature validation. As according to spec those files are invalid, they had to come up with their own criteria here, the spec is not applicable.

    You found out that

    it was ok [to add] up to 3-4 extra chars but if I added more then Adobe realises that you have modified the file.

    Thus, apparently Adobe decided that up to 4 additional characters cannot be used to manipulate a pdf while more characters potentially can. Beware, though, this is a mere internal Adobe decision, nothing universal.