Updating Digitally signed PDF and sign again

0
votes

There are a few changes coming to the Company's Act in India. Of which notably, there is a provision where a company can maintain its registers in an electronic form if its digitally signed. There are a couple of points as below that leave me confused:

  • the records, once dated and signed digitally, shall not be capable of being edited or altered;

  • the records shall be capable of being updated, according to the provisions of the Act or the rules made there under, and the date of updating shall be capable of being recorded on every updating.

Imagine we are digitally signing entries made to a table in a PDF. If there are 2 rows in the table initially, and the user digitally signs the pdf. Now, we add 2 more rows to the pdf, can we sign the same document again? In doing so are we not invalidating the previous signature? Or can we say that the previous signature was only validating the first 2 rows in the table and the second signature validates the remaining?

Is this even possible? If it is can it be done using itext and java.

PS: the above is a drop in replacement for a physical register book that keeps getting updated. Whenever the register is updated, a person has to put in a wet-ink signature on the new records certifying it. This what the government wants to achieve electronically.

4
javapdfitextdigital-signaturedigital-certificate

4 Answers

1
votes

First of all I assume

  • that the OP is talking about integrated PDF signatures,
  • that he wants to keep the original signature in the document,
  • and that changes are applied to signed documents using incremental updates.

In this context it is indeed possible to apply changes to the document without mathematically invalidating the original signature covering the originally signed byte ranges, cf. this answer for the backgrounds.

The PDF specification for this situation rules, though, that only certain changes are allowed. Concerning this cf. this answer. Essentially the best one can hope for (depending on the type of the original signature) are these allowed changes:

  • Adding signature fields
  • Adding or editing annotations
  • Supplying form field values
  • Digitally signing

Thus,

If there are 2 rows in the table initially, and the user digitally signs the pdf. Now, we add 2 more rows to the pdf, can we sign the same document again? In doing so are we not invalidating the previous signature?

the OP may only add 2 more rows if he does so by means of filling existing form fields or creating some kind of annotation. The former requires to have planned for those additional information and provided form fields accordingly, and the latter, using mere annotations, may not be accepted in each and every context (some previewers do not show annotations...).

So it is possible to add certain changes to a signed document but one have to plan for them beforehand.

1
votes

I suggest that the "register" is a collection of PDF documents. Each individual entry in the register will be a signed PDF.

Each entry in the register is a signed PDF, and they may be as short as one page.

I suggest that you do not want to try and create forms with "open fields," incrementally adding to a signed PDF or anything similar. You (and the government) want the digitally signed version of the register to be simple to understand and simple to implement.

The solution should also be do-able using off the shelf signing systems. It is easy to understand a stack of paperwork making up (in total), a "register." Do the same thing with a collection of PDFs.

If there is a concern that an individual PDF might be removed from the "register" then an additional "Index" can be created (and signed). Then whenever a page is added to the register, the Index can be revised and re-signed. Or a new Index version can be signed.

Better than signing an Index pdf would be to create the index in XML format and sign the XML. That way the XML can be read by a computer program, the individual PDFs verified for both their existence and valid signatures. -- You want to give the clerk some easy way to be sure that all of the individual parts of the register are present and accounted for.

0
votes

You can meet both of those requirements by including the date that a PDF was last updated within the PDF itself and then by digitally signing the PDF.

The digital signature proves the document hasn't been altered and the date is part of the digitally signed PDF. You would have to keep a list of the document each time it is updated. So you would have to permanently store all versions of the document.

You are correct that making any changes to a document will invalidate its digital signature. But this is not a problem since you can just store old versions of the document in a database. Once the document is updated, digitally sign it again.

0
votes

Once a PDF has been digitally signed, it is possible to modify it, and apply another signature.

Of course, the modification "breaks the seal" of the first signature, but with the subsequent signature, you will add a new seal. Also, in this workflow, you will have incremental savings, which mean that the changes between the individual signatures can be displayed (and even rolled back).

Rephrasing the above paragraph to get closer to the question:

  1. You digitally sing a document. The digital signature is a seal around what is there (as in the example the two rows).

  2. You make a modification (add two more rows). This breaks the digital signature, because the seal does not cover the two additional rows.

  3. You apply another digital signature. The digital signature is a seal around what is there (as in the example it is now the four rows).

  4. You analyze the document, and notice that there are two signatures on top of each other. You will be able to see what the first signature covered, as well what the second signature covered.

One little additional idea, which would make things also visually clearer, would be to work with Template pages in the document, and for each addition, you would spawn a page from that template. You could set up the template in a way that it already has a visible Signature field. This would also allow to present signature information visually.

I am not aware of how the Indian regulations are, but it might also be worthwile establishing what kind of workflow would be PDF/A compliant.