Digitally signed PDF correctly verified by ItextSharp 5.5.12 but not by Adobe Reader DC

0
votes

This link (Document) contains a digitally signed PDF that is correctly verified by IText (version 5.5.12) but not by Adobe Reader DC which issues the following message:

Error during signature verification.

Unexpected byte range values defining scope of signed data. Details: The signature byte range is invalid

Whos is correct? Adobe DC or IText? IText Bug?

Sample ITextSharp code used to PDF digital sign verification:

using System;
using System.Collections.Generic;
using iTextSharp.text.pdf;
using iTextSharp.text.pdf.security;

namespace ClassLibrary1
{
    public class Class1
    {
        public Boolean PDFVerify(String file)
        {
            PdfReader pdfr = new PdfReader(file);

            AcroFields af = pdfr.AcroFields;
            List<String> names = af.GetSignatureNames();

            foreach (String name in names)
            {
                PdfPKCS7 pk = af.VerifySignature(name);
                if (!pk.Verify()) return false;
            }
            return true;
        }

    }
}
1
itext

1 Answers

0
votes

The problem is that the PDF itself is broken.

The PDF has two revisions,

  • a first revision apparently created using "Marvell Semiconductor, Inc. -- http://www.marvell.com" (according to the Producer info dictionary entry)
  • an incremental update to a second revision containing the signature apparently created using iTextSharp 5.4.3.

The first revision is broken in many ways, two obvious errors are:

  • Invalid header; according to ISO 32000-1 the first line of a PDF file shall be a header consisting of the 5 characters %PDF– followed by a version number of the form 1.N, where N is a digit between 0 and 7. Here the header line is

    %PDF-1.4 Marvell Semiconductor

    The above quoted rule does not allow for more than %PDF-1.N.

  • Invalid cross reference table entries; according to ISO 32000-1 each entry shall be exactly 20 bytes long, including the end-of-line marker. Here each entry is only 19 bytes long, including the end-of-line marker.

There might be more less obvious issues.

There are no obvious errors in the incremental update to the second revision.

When Adobe Reader opens this file, it recognizes that it is broken, creates a repaired version internally, and from now on uses this repaired version. When the signature is verified, it is verified in this repaired version. Such repairs, though, obviously will change the hash of the PDF and most likely will move the position of the signature. The signature byte range is expected to be the entire file, including the signature dictionary but excluding the signature value itself. If the repair moved the embedded signature, this requirement is not fulfilled anymore, resulting in the observed error message.

When iText opens this file, it probably also recognizes the errors but it merely creates its internal cross reference table and for every purpose besides cross reference lookups, it still works with the original file. Thus, the hash is correct and everything is located where it belongs, resulting in a verification success.