Signature invalid if certifying a ISO19005-1 PDF-Document (PDF/A)

Hi!


If im certifying a PDF document which was created by MSWord (2016 in my case), the signature gets invalid if the “Save as PDF/A”-Option was enabled in MSWord.

This only happens, if i save and reload the source pdf document before.
I have to save the document because i’m adding a page.

This only happens if the sourcedocument was saved with the PDFA-Option enabled in MSWord.
This not applies to a document without checking the PDFA Option in word!

I have attached a sample project including the 2 PDFs.

Best Regards
Johannes






Hi Johannes,


Thanks for contacting support.

I have tested the scenario using one of my sample signature files and as per my observations, its getting corrupted for both documents.

Also please note that the purpose of digital signature is to ensure that file contents are not modified and when contents of digitally signed PDF file are updated, the digital signature gets corrupted. Furthermore, we request you to please share your signature file, so that we can again test the scenario in our environment. We are sorry for this inconvenience.

Hi!


Thank you for your response!
Have you tested it with my provided PDF’s & DemoApplication?
I know im unable to update a document after signing. Please read my 1rst post carefully - maybe my question was not clear enough: Yes i’m editing the PDF - But i sign it after adding a page and after a save & reload progress. So i’m not editing a signed document! - Signing (certifying in my case) is the last step.

As you can see in my demo application, im using the same code for both PDF-Files.
The certification of the PDF which is i “PDF-A”-Format fails, but not for the "PDF-15"formatted file (certified with same codebase).

Best regards
Johannes

Ps: I removed the license in my demo application - please define a valid license - thats maybe the reason why both failing in your case (because of the “NOT LICENSED” hint, printed on the document by aspose?). (just a guess)





Hi Johannes,


Thanks for sharing the details. I am further looking into this matter and will get back to you soon.

Hi Team!


Do you have any updates on this?

Thanks in advance
Johannes

Hi Johannes,


Thanks for contacting support.

I have tested the scenario using console application which you have shared earlier, where I have used one of my sample .pfx file and as per my observations, the output of both file shows “Certification by Test Signing Certificate is invalid” when viewing the files in Adobe Reader. However when trying to view the files in Adobe Acrobat, I am getting “The validity of document certification is Unknown”. Can you please share your sample certificate, so that we can again test the scenario in our environment.

For your reference, I have also attached the output generated over my end. We are sorry for this delay and inconvenience.

Hi, i have sent you an E-Mail with the sensitive data because i was unable to select "Keep this post private"


Thanks in advance
Johannes

Hi Johannes,


Thanks for sharing the resource files.

I have tested the scenario and have managed to reproduce same problem. For the sake of correction, I have logged it as PDFNEWNET-40895 in our issue tracking system. We will further look into the details of this problem and will keep you posted on the status of correction. Please be patient and spare us little time. We are sorry for this inconvenience.

Hello!


I’d want to ask if you have any updates on this?
I’m facing this problem from a different source too now - and im not able to provide my customers a soultion to Certify this kind of documents with this kind of certificates…


Thanks in advance

Hi,


Thanks for your patience.

I am afraid the earlier reported issue is not yet resolved. However I have intimated the product team to share the current updates regarding its resolution and as soon as we have some further updates, we will let you know.We are sorry for this delay and inconvenience.

Hi, I am facing the same problem and I do not know waht to do because convert PDF to PDFA is mandatory before signing it and always I try two sign it for the second time the first signature got invalid.


Please help me.

It’s domething Urgent and as I could see it’s a known problem.

Thanks in advance

I have attached a PDF file converted to PDFA by aspose pdf

If you try to sign it twice or more, the first signature will get invalid

If I do not use Aspose to convert it, it works fine.

Hi Andre,

Thanks for contacting support.

As per my understanding, you are first converting PDF file to PDF/A_1b format and then digitally signing the PDF/A file. In order to test the scenario, I have used one of my sample digital signatures and when I have tried digitally signing PDF/A document, the PDF/A compliance is lost. Because as per PDF/A standards, the documents cannot be modified and if we make any changes, the compliance is lost.

Furthermore, when signing the document twice, it corrupts/invalidates the signature inside the document and it has already been logged in our issue tracking system as PDFNET-40288. However request you to please share some more details on why you need to sign the document twice and your digital signature so that we can further look into this matter. For your reference, I have also attached the output generated over my end.

We are sorry for this inconvenience.

[C#]

// Path to digital signature
string pbxFile = "c:/pdftest/MySPC.pfx";
string inFile = @"c:/pdftest/99180_d8390159-b0f0-45c8-bdff-683472a31cc1.pdf";

// Load input PDF file
Document doc = new Document(inFile);

// Convert document to PDF/A compliance format
doc.Convert(new MemoryStream(), PdfFormat.PDF_A_1B, ConvertErrorAction.Delete);

// Save PDF/A output
doc.Save("c:/pdftest/ConvertedPDF_A_1b.pdf");

string outFile = @"c:/pdftest/99180_d8390159-b0f0-45c8-bdff-683472a31cc1_DigitallySign_out.pdf";

using (Document document = new Document("c:/pdftest/ConvertedPDF_A_1b.pdf"))
{
    using (PdfFileSignature signature = new PdfFileSignature(document))
    {
        Aspose.Pdf.Forms.PKCS7 pkcs = new Aspose.Pdf.Forms.PKCS7(pbxFile, "test");
        Aspose.Pdf.Forms.DocMDPSignature docMdpSignature = new Aspose.Pdf.Forms.DocMDPSignature(pkcs, Aspose.Pdf.Forms.DocMDPAccessPermissions.FillingInForms);
        
        System.Drawing.Rectangle rect = new System.Drawing.Rectangle(100, 100, 200, 100);

        // Set signature appearance
        signature.SignatureAppearance = @"c:/pdftest/Conversion.PNG";

        // Create a certified signature
        signature.Certify(1, "Signature Reason", "Contact", "Location", true, rect, docMdpSignature);

        // Save output PDF file
        signature.Save(outFile);
    }
}

using (Document document = new Document(outFile))
{
    using (PdfFileSignature signature = new PdfFileSignature(document))
    {
        System.Collections.IList sigNames = signature.GetSignNames();
        
        if (sigNames.Count > 0) // Any signatures?
        {
            if (signature.VerifySigned(sigNames[0] as string)) // Verify first one
            {
                if (signature.IsCertified) // Certified?
                {
                    if (signature.GetAccessPermissions() == Aspose.Pdf.Forms.DocMDPAccessPermissions.FillingInForms) // Get access permission
                    {
                        // Do something
                    }
                }
            }
        }
    }
}

@Jonatas

Thanks for your patience.

Our product team has further investigated the earlier logged issue PDFNET-40895, which was related to certifying PDF Document(s). Please note note that this is not the issue/bug related to the Aspose.Pdf API, but you need to add certificate into trusted store. Here you can find more details about setting [signature trust in Adobe Reader](http://blogs.adobe.com/security/2008/08/setting_signature_trust_in_ado_2.html).

Please take a look on attached screenshot and file certified2_DOESNTWORK.out.pdf, produced after adding certificate to trust store. As far as other logged issue PDFNET-40288 is concerned, we will let you know, once it is resolved. Please spare us little time.

cert.png (34.6 KB)
certified2_DOESNTWORK.out.pdf (115.7 KB)

We are sorry for the inconvenience.

Hi!

The issue is not resolved yet! - your mixing up things! - Read the thread carefully from the beginning!
And dont get confused by the post of “Jonatas” - he is talking from something different in the end!!
I know i’m unable to a sign a document again or change its content after signing - i am aware of it!!

@fankhauser.kufgem.at

Thanks for contacting support.

We have again tested the scenario with Aspose.PDF for .NET 18.2 and noticed following:

Before Adding the Certificate to Trust Store:

Both output PDF documents showed invalid certificate prompt in Adobe Reader 9 Pro and Adobe Acrobat Reader DC 2018.011.20038.

After Adding the Certificate to Trust Store:

We added the certificate to trust store in both versions of Adobe Reader and certificate was validated in Adobe Reader 9 Pro - whereas the Adobe Acrobat Reader DC kept showing invalid certificate message. Certificate_Validity.png (71.4 KB)

Furthermore, we have also noticed your comments that you are facing invalid certificate error, only in case when document is in PDF/A format. Standard PDF-15 format document, does not cause any issue at your side. Would you please share the Adobe Reader Version which you are using at your end along with some screenshots showing the certificate validity problem.

We have re-opened the relevant issue, so we will provide these details to the respective team. This would definitely help in investigating the issue.

We are sorry for the inconvenience.

The issues you have found earlier (filed as PDFNET-40288) have been fixed in Aspose.PDF for .NET 21.7.