Aspose PDF - You cannot change this document because it is certified

I try to digital sign a pdf file by certify function with a self-sign cert. and the access permission of DocMDPSignature has already set to “DocMDPAccessPermissions.AnnotationModification”, then I digital sign the certified pdf file by another self-sign cert., but failed with error message “You cannot change this document because it is certified.”

@Shum

This needs to be investigated. Can you please share your sample PDF document along with your sample code snippet? We will log an investigation ticket in our issue tracking system and share the ID with you.

Actually, I am using aspose pdf example code download from git, below is my source code, and I am using the sample pdf in this project

FYI., I am using aspoes.pdf library v20.3

using System.IO;
using System;
using Aspose.Pdf;
using Aspose.Pdf.Facades;
using System.Collections;
using Aspose.Pdf.Forms;
using System.Collections.Generic;

namespace Aspose.Pdf.Examples.CSharp.AsposePDF.SecuritySignatures
{
public class DigitallySign
{
public static void Run()
{
try
{
// ExStart:DigitallySign
// The path to the documents directory.
string dataDir = RunExamples.GetDataDir_AsposePdf_SecuritySignatures();
string pbxFile = @“C:\Users\skh397\esign\HAHO-ERP-170.pfx”;
string inFile = dataDir + @“DigitallySign.pdf”;
string outFile = dataDir + @“DigitallySign_out.pdf”;
using (Document document = new Document(inFile))
{
using (PdfFileSignature signature = new PdfFileSignature(document))
{
PKCS7Detached pkcs = new PKCS7Detached(pbxFile, “1234”);

                    DocMDPSignature docMdpSignature = new DocMDPSignature(pkcs, DocMDPAccessPermissions.FillingInForms);                        
                    System.Drawing.Rectangle rect = new System.Drawing.Rectangle(100, 100, 200, 100);
                    // Set signature appearance
                    signature.SignatureAppearance = dataDir + @"aspose-logo.jpg";
                    // Create any of the three signature types
                    
                    signature.Certify(1, "Signature Reason", "Contact", "Location", false, rect, docMdpSignature);

                    // Save output PDF file
                    signature.Save(outFile);
                }
            }

            using (Document document = new Document(outFile))
            {
                using (PdfFileSignature signature = new PdfFileSignature(document))
                {
                    IList<string> sigNames = signature.GetSignNames();
                    if (sigNames.Count > 0) // Any signatures?
                    {
                        if (signature.VerifySigned(sigNames[0] as string)) // Verify first one
                        {
                            if (signature.IsCertified) // Certified?
                            {
                                if (signature.GetAccessPermissions() == DocMDPAccessPermissions.FillingInForms) // Get access permission
                                {
                                    // Do something  
                                    PKCS7Detached pkcs = new PKCS7Detached(pbxFile, "1234");
                                    signature.Sign("Signature2", "sign 2", "sign contract 2", "sign location 2", pkcs);
                                    signature.Save(outFile);

                                }
                            }
                        }
                    }
                }
            }
            // ExEnd:DigitallySign
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
    }
}

}

@Shum

Looks like you are using a quite old version of the API. Can you please try to use 23.10 version of the API and in case issue still persists, please let us know.

image.png (34.1 KB)

I just tested with Aspose.pdf v23.10 but it still failed

Actually, I would like to multiple sign a same pdf file with all valid cert.

Am I correct to certify the pdf file then sign by multiple cert.?

@Shum

Yes, you can sign a document more than one time. Please check below code snippet that we used in our environment and it generated output without any issues:

using (var doc = new Aspose.Pdf.Document(dataDir + "test.pdf"))
{
    using (var pdfFileSignature = new PdfFileSignature(doc))
    {
        var pkcs = new PKCS1(dataDir + "mykey2.pfx", "aa");
        string Contact = "Yourself";
        string Reason = "Contract";
        string Location = "Catalonia";
        pdfFileSignature.Sign(1, Reason, Contact, Location, false, new System.Drawing.Rectangle(10, 10, 100, 100), pkcs);
        pdfFileSignature.Save(dataDir + "docsignCompany.pdf");
    }
}
using (var doc = new Aspose.Pdf.Document(dataDir + "docsignCompany.pdf"))
{
    using (var pdfFileSignature = new PdfFileSignature(doc))
    {
        var pkcs = new PKCS1(dataDir + "mykey2.pfx", "aa");
        string Contact = "Yourself";
        string Reason = "Contract";
        string Location = "Catalonia";
        pdfFileSignature.Sign(1, Reason, Contact, Location, false, new System.Drawing.Rectangle(50, 50, 200, 200), pkcs);
        pdfFileSignature.Save(dataDir + "docsignWorker.pdf");
    }
}

@asad.ali
Thanks!

As tested your code, it can be sign 2 times but 1 of the signature is invalid in the pdf

is it possible to have 2 valid signatures in pdf after sign?

image.png (9.4 KB)

As read this page How to digitally sign PDF|Aspose.PDF for Java, it is mentioning “Certifying a document first, allows you to specify the changes that a user can make to the document without invalidating the certification.”

However, I am failed to sign after certify my pdf, is it anything wrong or missing in my code above?

@Shum

We have opened the following new ticket(s) in our internal issue tracking system and will deliver their fixes according to the terms mentioned in Free Support Policies.

Issue ID(s): PDFNET-55799

You can obtain Paid Support Services if you need support on a priority basis, along with the direct access to our Paid Support management team.

@asad.ali

I am succeed to certify, add signature field and sign in the pdf file, but unexpected got invalid cert. in the certify level.

image.png (45.1 KB)

Is it can be make all the cert. valid like this image.png (14.8 KB) by Aspose code? I found this sentence exists “Changes have been made to this document that are permitted by the certifying party” if certify and sign success.

Many thanks

@Shum

Yes, this enhancement was recently made in the API and you will keep noticing it while working with this functionality.

@asad.ali

Is this function ready in Aspose PDF v22.x? if yes, may I have sample code for ref.?

Many thanks

@Shum

Hopefully, this will work with 22.x versions of the API but we always recommend using the latest available version of the API because of the maximum fixes and enhancements. Furthermore, there is no specific code snippet for it. In older versions, there was an issue i.e. when we signed a PDF with more than one signatures, first signature became invalid. This issue was resolved later and from now on multiple signatures will work and user will see the message in Adobe Reader saying that “Changes have been made to this document that are permitted by the certifying party”.