Signing PDF - multiple signatures with a single revision

Question

To put it simply - I want to add multiple signatures on a PDF (using iText), without adding new revision for each.

I've read the following thread, and it makes much sense (since Bruno wrote the answer)

It is obvious, that if the document has 2 revisions, the first signature doesn't cover the second revision. However, is it possible (according to the PDF standard, and in iText) to have two signatures for the same revision? (I have set a certification level to CERTIFIED_FORM_FILLING_AND_ANNOTATIONS).

The point is that the document is created once and is not altered at all, except for adding the signatures. And since the signed PDFs will be sent to non-technical people, seeing the "the document has been changed" can trigger some 'disbelief' (due to lack of knowledge about PDF, which, alas, I can't expect of them). So, to put it again - it it possible to have 2 signatures in 1 revision, added at different times by different people.

Answer 1

I got a useful answer on the iText mailing list, which I'm going to share. Here, a guy nick-named mkl explains that with Adobe products this is down to a hen-and-egg problem.

ISO 32000-1:2008, section 12.8.1 says: "A byte range digest shall be computed over a range of bytes in the file, that shall be indicated by the ByteRange entry in the signature dictionary. This range should be the entire file, including the signature dictionary but excluding the signature value itself (the Contents entry). Other ranges may be used but since they do not check for all changes to the document, their use is not recommended. When a byte range digest is present, all values in the signature dictionary shall be direct objects."

Thus, according to this norm, more piecewise byte ranges are permissible. Therefore, it especially is permissible to have multiple signature containers excluded from the bytes to sign.

BUT...

if you want Adobe products to accept your signatures out-of-the-box, you'll find that they expect a signature to sign everything in its revision but itself. For two signatures this would imply that each signature would have to sign a range that includes each other, a hen-or-egg problem.

If your signatures only have to be verifiable with you own software and Adobe products may mark your signatures as invalid, then you can quite easily create such independent double signatures. Cf.

http://old.nabble.com/Uncommon-ByteRange-entry-in-signature-dictionary-to23670277.html

for some inspiration. iText can be changed to do that without too much much trouble. But keep in mind Leonard's words there:

"Adobe Acrobat and Reader will IMMEDIATELY invalidate a ByteRange that is more than 2 pairs. So anything with multiple ranges won’t validate."

As a third way you may build a custom Adobe plugin which verify your custom signatures.

---

just one afterthought... if you seriously want to be in the signature business, you should not only keep in mind the current plain PDF standard (i.e. ISO-32000-1:2008) but also additional standards.

E.g., confer ETSI TS 102 778-1; section 4.1 in v1.1.1 says: "As with other CMS-based signature implementations, a digest is computed over a range of bytes of the file. However with PDF, as the signature information is to be embedded into the document itself, this range is the entire file, including the signature dictionary but excluding the PDF Signature itself. The range is then indicated by the ByteRange entry of the signature dictionary.

By restricting the ByteRange entry this way, it ensures that there are no bytes in the PDF that are not covered by the digest, other than the PDF signature itself.

NOTE: The profiles defined in part 2 and 3 make normative this requirement which is a recommendation in ISO 32000-1 [1], clause 12.8.1."

Therefore, as soon as you're into signatures seriously, the signed byte range simply has to cover all of the revision but the one signature container which signs this very byte range.

(From iText mailing list, December 1st, 2009)