I am reading carefully the Digital Signature white paper and ITEXT IN ACTION: CHAPTER 12: PROTECTING YOUR PDF.. I have successfully added multiple signatures in append mode to a source PDF, and I have client who will add 2 or 3, or 4 signatures as a method of approving a source as a change management document.
Question: Is there a way to treat the 'last' chosen signature as somehow final? We will be already using the field name as the signing persons Id, the Location as the persistent Id of the signing machine, and the reason as well the reason for signing.
This is for internal purposes so are OK with using the computers clock, and at the moment the only method I have come up with is to sign all detached signatures as CMS, except the last as CADES - so that if the last signature in the current file is ETSI rather than ADBE, then I will not allow more signatures. This feels however not very elegant, and if the starting PDF has a validated timestamp then this basic methodology will fail. It also relies on text parsing which also feels a little flimsy.
I have read the section on attaching actions but this seems a huge hammer to crack what should, in theory at least, be a much simpler exercise.
