2
votes

We have code that modifies a PDF and then digitally signs the modified PDF. We use the LGPL version of the iTextSharp library (4.1.6) for digitally signing the PDFs.

public static Stream DigitallyCertifyPdfStream(Stream uncertifiedFileStream, CertificationBundle certificationBundle)
{
    using (var memoryStream = new MemoryStream())
    {
        var pdfReader = new PdfReader(uncertifiedFileStream);
        var signatureStamper = PdfStamper.CreateSignature(pdfReader, memoryStream, '\0', null);
        signatureStamper.SetEncryption(null, Encoding.UTF8.GetBytes(certificationBundle.Password), PdfWriter.ALLOW_PRINTING | PdfWriter.ALLOW_MODIFY_ANNOTATIONS, PdfWriter.STANDARD_ENCRYPTION_128);

        var signatureAppearance = signatureStamper.SignatureAppearance;
        signatureAppearance.Reason = "Approval of design";
        signatureAppearance.Location = "";

        var privateKey = certificationBundle.PrivateKey;
        var signingCertificates = new[] { certificationBundle.Certificate };
        signatureAppearance.SetCrypto(privateKey, signingCertificates, null, PdfSignatureAppearance.WINCER_SIGNED);

        pdfReader.Close();
        signatureStamper.Close();

        return new MemoryStream(memoryStream.ToArray());
    }
}

Here is a sample PDF which exhibits the issue. The PDF will open initially but then freeze and not be navigable. Whether or not you have our certificates to verify this signature installed, the issue seems to occur.

This issue does not seem to be happening consistently, and the problem only exists in Adobe Reader. Browser PDF viewers and Foxit Reader (which does signature verification) handle it just fine. Sometimes an error box will come up after a while that says something like "There was an error opening the stream."

Additionally of interest, on PDFs that have gone through this same digital signature process, we have observed the following in the Appearance Integrity Report

Adobe Appearance Integrity Report

At the moment we are unsure if these are related to the problem. I mention them because they may be relevant.

The question, then, is why does this digitally signed PDF crash Adobe Reader and how can we remedy it?

1
I hope that the users of your signature application know that the signatures you are creating are deprecated (no longer valid in PDF 2.0) and unsafe. What is your use case for creating unsafe signatures?Bruno Lowagie
For more info: itextpdf.com/blog/are-pdf-signatures-shattered (you are using SHA-1). Anyone with some processing power can change your PDF without breaking the signature.Bruno Lowagie
@BrunoLowagie Is it true then that the LGPL version of iTextSharp cannot create safe signatures? The options I see for encryption algorithms are PdfWriter.STANDARD_ENCRYPTION_128, PdfWriter.ENCRYPTION_AES_128, and PdfWriter.STANDARD_ENCRYPTION_40. What encryption algorithm does the current iTextSharp distribution use?Scotty H
You are using a version of iTextSharp that predates the PAdES standard (released in 2009), hence it is normal that this old version doesn't support all PAdES features. Your question reveals a lack of knowledge of digital signatures. The main problem with your signatures isn't as much the encryption algorithm. It's the fact that you are using a broken hashing algorithm and a deprecated security handler. The most recent versions of iText are compliant with PAdES.Bruno Lowagie
Also: in your comment you mention encryption (with a public key), whereas I was talking about signing (which requires encrypting with a private key). There's a huge difference! If your question is really about encryption (as opposed to signing), you should know that all encryption algorithms are deprecated in PDF 2.0, except AES 256. AES 256 is not supported in iText 5 or earlier; only in iText 7.Bruno Lowagie

1 Answers

3
votes

Your PDF contains a broken image:

16 0 obj
<</Type/XObject/BitsPerComponent 8/Interpolate true/Width 736/ColorSpace/DeviceRGB/Filter/DCTDecode/Length 0/Height 1242/Subtype/Image>>stream

endstream
endobj 

This Image XObject claims to contain an RGB bitmap image (736x1242, 24bit) and at the same time is empty (Length 0). PDF viewers may fail if encountering such missing data (though it is impressive how Adobe Reader locks up for some time...).

Please check whether that stream already is broken in your source PDF.


One issue by the way:

    pdfReader.Close();
    signatureStamper.Close();

You close the reader before closing the stamper. As the stamper may need to access the reader in the process of closing, this is a bad idea. Simply switch the order of the Close calls.


By the way, your code produces a adbe.pkcs7.sha1 signature. This is a bad idea security-wise as this mechanism uses SHA1 for a first document hash no matter which security algorithms you use in you signature otherwise, and SHA1 is generally not considered safe anymore.