iText detached signature means

3
votes

Could you please explain me more in details eventually giving me some example (one for attached and one for detached) of what iText detached signature exactly means?

I found this wonderful documentation: iText digital signature pdf about iText digital signature but I'm still not sure I understand the iText detached signature concept.

Reading the documentation (see the link) I found this definition:

In PDF, we sometimes refer to a detached signature. According to Wikipedia, a detached signature is a type of digital signature that is kept ‘separate from its signed data’, as opposed to ‘bundled together into a single file’. This definition isn’t entirely correct in the context of PDF: the signature is enclosed in the PDF file, but the attributes of the signature are ‘part of the signature’, as opposed to ‘stored in the signature dictionary’.

where is not clear for me what "attributes of the signature" means (what signature attributes it's refer?)

Note that the author of the article (iText documentation) is working with this snippets of a signed PDF file:

%PDF-1.4
%âãÏÓ
3 0 obj
<</F 132/Type/Annot/Subtype/Widget/Rect[0 0 0 0]/FT/Sig
/DR<<>>/T(signature)/V 1 0 R/P 4 0 R/AP<</N 2 0 R>>>>
endobj
1 0 obj
<</Contents <0481801e6d931d561563fb254e27c846e08325570847ed63d6f9e35 ... b2c8788a5>
/Type/Sig/SubFilter/adbe.pkcs7.detached/Location(Ghent)/M(D:20120928104114+02'00')
/ByteRange [0 160 16546 1745 ]/Filter/Adobe.PPKLite/Reason(Test)/ContactInfo()>>
endobj
...
9 0 obj
<</Length 63>>stream
q
BT
36 806 Td
0 -18 Td
/F1 12 Tf
(Hello World!)Tj
0 0 Td
ET
Q
endstream
endobj
...
11 0 obj
<</Type/Catalog/AcroForm<</Fields[3 0 R]/DR<</Font<</Helv 5 0 R
/ZaDb 6 0 R>>>>/DA(/Helv 0 Tf 0 g )/SigFlags 3>>/Pages 10 0 R>>
endobj
xref
0 12
0000000000 65535 f
...
0000017736 00000 n
trailer
<</Root 11 0 R/ID [<08ed1afb8ac41e841738c8b24d592465><bd91a30f9c94b8facf5673e7d7c998dc>]/Info 7 0 R/Size 12>>
startxref
17879
%%EOF
1
itextdigital-signature

1 Answers

6
votes

While the white paper you quoted from, Digital Signatures for PDF documents by Bruno Lowagie, indeed is a must-read for anyone attempting to create integrated PDF signatures using iText (and a good source of information even if you are not using iText), I concur that the explanation therein of the use of the word "detached" in "detached PDF signature" doesn't really hit home:

NOTE: In PDF, we sometimes refer to a detached signature. According to Wikipedia, a detached signature is a type of digital signature that is kept ‘separate from its signed data’, as opposed to ‘bundled together into a single file’. This definition isn’t entirely correct in the context of PDF: the signature is enclosed in the PDF file, but the attributes of the signature are ‘part of the signature’, as opposed to ‘stored in the signature dictionary’.

First of all, calling these signatures "detached" is not a term enforced by any current specification. The reason why we do so anyway, is that the identifier used in the signature dictionaries of such signatures (adbe.pkcs7.detached or ETSI.CAdES.detached) contains that word.

Thus, the question actually should be: Why do these identifiers contain the word "detached"?

To understand this one needs to know that originally there were two kinds of integrated PDF signatures which embed a PKCS#7 signature container into the PDF, respectively identified by adbe.pkcs7.detached and adbe.pkcs7.sha1.

The difference between these two types of signatures is that

  • for adbe.pkcs7.sha1 signatures a SHA1 digest for the signed byte ranges of the PDF is calculated and embedded in the ContentInfo structure of the signature container and this embedded data packet is signed in the PKCS#7 way;
  • for adbe.pkcs7.detached signatures, on the other hand, the ContentInfo structure of the signature container is left empty and the signed data ranges of the external document are signed in the PKCS#7 way.

Thus, in case of adbe.pkcs7.sha1 signatures the actually signed data are embedded in the container while in case of adbe.pkcs7.detached signatures the actually signed data are not.

Thus, on the level of the PKCS#7 signature containers signed data and signature are detached from each other in the latter case.

(The fact that signing in the PKCS#7 way can --- and usually does --- include calculating a hash of the data to sign, adding this hash to a number of so-called authenticated attributes, and eventually signing these special attributes, shouldn't distract us.)

The other type of detached signatures (ETSI.CAdES.detached) are constructed similarly to the adbe.pkcs7.detached containers. The differences between them mostly are the profiling of additional attributes of the container.

The white paper's argumentation concerning attributes being part of the signature container actually illustrate the difference between all the signature types mentioned before and adbe.x509.rsa_sha1 signatures which is the third original integrated PDF signature type. This type is not based on signature containers but fairly naked signatures; thus, any extra information in that case has to be stored in their own structures in the PDF