We have code that modifies a PDF and then digitally signs the modified PDF. We use the LGPL version of the iTextSharp library (4.1.6) for digitally signing the PDFs.
public static Stream DigitallyCertifyPdfStream(Stream uncertifiedFileStream, CertificationBundle certificationBundle)
{
using (var memoryStream = new MemoryStream())
{
var pdfReader = new PdfReader(uncertifiedFileStream);
var signatureStamper = PdfStamper.CreateSignature(pdfReader, memoryStream, '\0', null);
signatureStamper.SetEncryption(null, Encoding.UTF8.GetBytes(certificationBundle.Password), PdfWriter.ALLOW_PRINTING | PdfWriter.ALLOW_MODIFY_ANNOTATIONS, PdfWriter.STANDARD_ENCRYPTION_128);
var signatureAppearance = signatureStamper.SignatureAppearance;
signatureAppearance.Reason = "Approval of design";
signatureAppearance.Location = "";
var privateKey = certificationBundle.PrivateKey;
var signingCertificates = new[] { certificationBundle.Certificate };
signatureAppearance.SetCrypto(privateKey, signingCertificates, null, PdfSignatureAppearance.WINCER_SIGNED);
pdfReader.Close();
signatureStamper.Close();
return new MemoryStream(memoryStream.ToArray());
}
}
Here is a sample PDF which exhibits the issue. The PDF will open initially but then freeze and not be navigable. Whether or not you have our certificates to verify this signature installed, the issue seems to occur.
This issue does not seem to be happening consistently, and the problem only exists in Adobe Reader. Browser PDF viewers and Foxit Reader (which does signature verification) handle it just fine. Sometimes an error box will come up after a while that says something like "There was an error opening the stream."
Additionally of interest, on PDFs that have gone through this same digital signature process, we have observed the following in the Appearance Integrity Report
At the moment we are unsure if these are related to the problem. I mention them because they may be relevant.
The question, then, is why does this digitally signed PDF crash Adobe Reader and how can we remedy it?
PdfWriter.STANDARD_ENCRYPTION_128
,PdfWriter.ENCRYPTION_AES_128
, andPdfWriter.STANDARD_ENCRYPTION_40
. What encryption algorithm does the current iTextSharp distribution use? – Scotty H