Read the details of the signature throws exception


#1

Hello,

With Aspose.PDF 19.7, accessing to Form Fields property throw an exception: The document uses signature wrapping. The digital signature is compromised.

Please look at the given item in order to get the PDF document and have more information:

I can verify manually that the given PDF is not subject to an SWA attack.
First signature:
In Line 29932 : /ByteRange [0 2032629 2092631 684]
That means that we can isolate two parts we want to seal: [0 to 1F03F4] then [1FEE57 to 1FF102]. It also means that the bloc [1F03F5 to 1FEE56] must contain the value of the signature. Let’s verify it:
Position 1F03F5, we can find the beginning of the /Contents value of the object 1629 0 obj: « <3082507F06… »
Position 1FEE56, we can find the end of the /Contents value of the object 1629 0 obj: « 0000> ».
Then in position 1FEE57, we can find the end of the definition of the object 1629 0 obj:
/ByteRange [0 2032629 2092631 684]
>>
endobj
In our understandings, there is no room for an SWA attack.

Second signature:
In Line 30024: /ByteRange [0 2093854 2153856 374]
That means that we can isolate two parts we want to seal: [0 to 1FF31D] then [20DD80 to 20DEF5]. It also means that the bloc [1FF31E to 20DD7F] must contain the value of the signature. Let’s verify it:
Position 1FF31E, we can find the beginning of the /Contents value of the object 1634 0 obj: « <3082506E06092A864886F70D010702… »
Position 20DD7F, we can find the end of the /Contents value of the object 1634 0 obj: « 0000> ».
Then in position 20DD80, we can find the end of the definition of the object 1634 0 obj:
/ByteRange [0 2093854 2153856 374]
>>
endobj
In our understandings, there is no room for an SWA attack.
On top of that, the position 20DEF5 is the last byte of this document. It means that the second signature covers entirely the document and that there is no change after that the document was signed.

Thank you in advance.
Alexandre.


Read the details of the signature takes a very long time
#2

@ach

Thank you for posting separately.

We have addressed your concerns in the other thread created by you. Kindly follow up in respective thread.