We have code that modifies a PDF and then digitally signs the modified PDF. We use the LGPL version of the iTextSharp library (4.1.6) for digitally signing the PDFs.
public static Stream DigitallyCertifyPdfStream(Stream uncertifiedFileStream, CertificationBundle certificationBundle)
{
using (var memoryStream = new MemoryStream())
{
var pdfReader = new PdfReader(uncertifiedFileStream);
var signatureStamper = PdfStamper.CreateSignature(pdfReader, memoryStream, '\0', null);
signatureStamper.SetEncryption(null, Encoding.UTF8.GetBytes(certificationBundle.Password), PdfWriter.ALLOW_PRINTING | PdfWriter.ALLOW_MODIFY_ANNOTATIONS, PdfWriter.STANDARD_ENCRYPTION_128);
var signatureAppearance = signatureStamper.SignatureAppearance;
signatureAppearance.Reason = "Approval of design";
signatureAppearance.Location = "";
var privateKey = certificationBundle.PrivateKey;
var signingCertificates = new[] { certificationBundle.Certificate };
signatureAppearance.SetCrypto(privateKey, signingCertificates, null, PdfSignatureAppearance.WINCER_SIGNED);
pdfReader.Close();
signatureStamper.Close();
return new MemoryStream(memoryStream.ToArray());
}
}
Here is a sample PDF which exhibits the issue. The PDF will open initially but then freeze and not be navigable. Whether or not you have our certificates to verify this signature installed, the issue seems to occur.
This issue does not seem to be happening consistently, and the problem only exists in Adobe Reader. Browser PDF viewers and Foxit Reader (which does signature verification) handle it just fine. Sometimes an error box will come up after a while that says something like "There was an error opening the stream."
Additionally of interest, on PDFs that have gone through this same digital signature process, we have observed the following in the Appearance Integrity Report
At the moment we are unsure if these are related to the problem. I mention them because they may be relevant.
The question, then, is why does this digitally signed PDF crash Adobe Reader and how can we remedy it?
答案 0 :(得分:3)
您的PDF包含损坏的图片:
16 0 obj
<</Type/XObject/BitsPerComponent 8/Interpolate true/Width 736/ColorSpace/DeviceRGB/Filter/DCTDecode/Length 0/Height 1242/Subtype/Image>>stream
endstream
endobj
此Image XObject声称包含RGB位图图像(736x1242,24位),同时为空(长度 0)。如果遇到这样的丢失数据,PDF查看器可能会失败(尽管Adobe Reader在一段时间内锁定的情况令人印象深刻......)。
请检查源PDF中是否已损坏该流。
顺便提一个问题:
pdfReader.Close();
signatureStamper.Close();
在关闭压模之前关闭阅读器。由于压模可能需要在关闭过程中访问读卡器,这是一个坏主意。只需切换Close
来电的顺序。
顺便说一句,您的代码会生成 adbe.pkcs7.sha1 签名。这在安全方面是一个坏主意,因为无论您在签名中使用哪种安全算法,此机制都将SHA1用于第一个文档哈希,并且SHA1通常不再被认为是安全的。