SanitizationException when checking for Signatures

Hello,

we try to get the signature count with following code:

using (var pdfFileSignature = new PdfFileSignature())
{
pdfFileSignature.BindPdf(InputPdf);
return pdfFileSignature.GetSignNames().Count;
}

With attached PDF a SanitizationException will be thrown.

Can you tell me the cause of this exception? We have some other signed PDFs which triggers this exception too.

Compromised.pdf (363.9 KB)

Kind regards,
Andy

@AStelzner

We have managed to reproduce the same issue at our side. For the sake of correction, we have logged this problem in our issue tracking system as PDFNET-51748. You will be notified via this forum thread once this issue is resolved.

We apologize for your inconvenience.

Here is another PDF to reproduce this issue.

Signatur.pdf (68,7 KB)

@AStelzner

We have logged this problem in our issue tracking system as PDFNET-52087. You will be notified via this forum thread once this issue is resolved.

We apologize for your inconvenience.

Hello,

one question about this exception.

Due to the error message which says that the signature has been compromised, can we sure that there exists at least one signature (valid or not) in the PDF?

Kind Regards,
Andy

@AStelzner

If you open your PDF in Adobe reader, you will see the same signature issue. We logged this issue for investigation. Once we complete the analysis of this issue, we will then provide you more information on it.

Hi,

yes, i know that :blush: My question is a fundamental one.

We are not interessted if the sig is valid or not, we want only to know if there is at least one signature in the PDF, independent oft he state oft he signature :blush:

Kind regards,
Andy

Hi,

yes, i know that :blush: My question is a fundamental one.

We are not interessted if the sig is valid or not, we want only to know if there is at least one signature in the PDF, independent oft he state oft he signature :blush:

Kind regards,

ANdy

dfX3_fdc7b91e-6c57-4128-92c2-5b9fbad02274.png (1.42 KB)

QR8c341bc8-75b7-4e2c-99c3-2d2ba4031ede.png (458 Bytes)

@AStelzner

Please note that you cannot rely on exception or error message to determine whether a PDF contains signatures or not. Aspose.PDF offers a separate functionality to do that i.e. Verify Whether the PDF File is Signed Using a Signature.

If this does not help you, please share some more detail about your use case. We will then provide you more information on it.

In the end, we need the number of signatures, but this error does not allow us to determine the correct number of signatures. My idea was that if the message “SIGNATURE has been compromised” appears, we can assume that at least one signature is included (valid or not) and until the error is fixed, we return a 1 here, valid or not. I’m right. ? The indicator if at least one signature exists is more important than the REAL number of signatures :slight_smile:

I try your proposed approach as fallback but the same error appears: Verify Whether the PDF File is Signed Using a Signature.

@AStelzner

As shared in my previous post, you cannot rely on this exception (The digital signature is compromised). This issue is currently pending for analysis. Once we complete the analysis, we will then provide you more information on it.

Hi,

any news here? :slight_smile:
A year has passed.

Kind Regards,
Andy

@AStelzner

We are afraid that the earlier logged tickets could not get resolved yet due to other pending issues in the queue. However, these tickets are under the phase of the investigation and as soon as they are resolved, we will inform you via this forum thread. Please be patient and spare us some time.

We are sorry for the inconvenience.