Locking a PDF file after certification and signing

1
votes

I'm trying to find a way to lock a signed and certified PDF for modification using iText in a way that viewers like Abode Reader DC tell me the document is not open for modification like this

(which I can do if I sign the document using Adobe) using PDF version 1.7 and iText version 7.1.6.

When I certify and sign my pdf however, I end up with this:

During a process, this PDF is first signed with a certification signature with the certification level set to form filling PdfSigner.CERTIFIED_FORM_FILLING.

After that the PDF is to be digitally signed by any number of people.

I've tried placing the certification signature and setting the certification level to PdfSigner.CERTIFIED_NO_CHANGES after signing. This breaks all signatures other than the certification signature.

I've also tried to 'lock' the file with a password, but this also didn't have the desired effect.

Is there any way to lock a pdf file after the last signature has been placed using the iText library so that the first message shows after signing and certifying?

1
javapdfkotlinitextitext7
Have you studied the white paper Digital Signatures for PDF documents by Bruno Lowagie? Section 2.5.5 Locking fields and documents after signing is about locking after signing...mkl
I've seen that document referenced before but i can not download it from the link you provided. Is there any mirror available, or could you paste the relevant section?mthoolen
It's a free book offered by iText. If you have problems retrieving the PDF via their site, you should try and contact them. If you explain your download problems to them, they'll surely send you a copy via a different channel.mkl
Apparently the iText API had a breaking change and the 7.1.6 version seems to use PdfSigFieldLock instead of the PdfSigLockDictionary used in the example you posted. I'm still looking for a way to make this work, but will come back if I find a way myself.mthoolen
@grog PDF signatures sign a revision of the document, and the PDF format defines incremental updates, a way to extend a PDF file so that the signed bytes of such a signed revision are not damaged. Read here for some backgrounds and pointers to specifications etc.mkl

1 Answers

1
votes

The white paper Digital Signatures for PDF documents by Bruno Lowagie still is a good source for everything related to signing with iText. The contained Java example code is for iText 5.5.x (actually 5.3.x through 5.5.x) but you can find the port to iText 7 in the itext/i7js-signatures github repository.

In section 2.5.5 the white paper discusses Locking fields and documents after signing, it contains an example in which several signatures successively lock more and more fields of a form and the final one also locks the document, switching it from "The certifier has specified that Form Fill-in and Signing is allowed for this document. No other changes are permitted." to "The certifier has specified that no changes are allowed to be made to this document." as desired in this question.

The example code is available here for iText 5.x, and here is the port to iText 7.

Unfortunately there is a small bug in the current code of the iText 7 port which causes the result of step 4, the signing that locks down the whole document, to result in this signature panel appearance:

Signature Panel of output of step 4

(The yellow triangles are there because I don't trust the test certificates but the red circle and the error text shouldn't be there.)

This can be fixed easily, though, the original example currently prepares the final signature field like this

lock = new PdfSigFieldLock().setDocumentPermissions(PdfSigFieldLock.LockPermissions.NO_CHANGES_ALLOWED);
table.addCell(createSignatureFieldCell("sig4", lock));

(C2_12_LockFields method createForm)

which unfortunately forgets to set the required Action entry in the signature field lock dictionary. You can add that to the code like this:

lock = new PdfSigFieldLock().setFieldLock(PdfSigFieldLock.LockAction.ALL).setDocumentPermissions(PdfSigFieldLock.LockPermissions.NO_CHANGES_ALLOWED);
table.addCell(createSignatureFieldCell("sig4", lock));

Now the signature panel looks like this:

Signature Panel of output of step 4 with fixed lock dictionary

(As mentioned above the yellow triangles are there because I don't trust the test certificates.)

Furthermore, as desired the signature properties of all signatures now claim

"The certifier has specified that no changes are allowed to be made to this document"