PDF signed with certificate

[tomascharad]

Hi @boazsegev ,

Do you know if is possible to watermark a signed pdf?

This is what I get after combining a signed pdf.

I'm enclosing the pdf in question.

b828e301-aeff-4511-abe2-2ad90e390ec1.pdf

[boazsegev]

Hi @tomascharad ,

I'm not sure I understand the issue.

Are you hoping that the signature will remain in the PDF (it will say "Tomas signed, but afterwards changes were made") or the the PDF signature will claim everything is valid?

Unless you can resign the PDF, I'm not sure both options are available.

There are a few discussions on Acrobat's site, such as here and here. The idea is that signatures protect from changes to establish trust that the document is the exact same one that was signed.

CombinePDF changes the PDF itself (I don't use annotations), so it directly opposes the Signatures on the PDF...

...in fact, CombinePDF totally deconstructs the PDF, parsing the PDF into Ruby objects. The new pdf, created by CombinePDF is very different on a binary level (which is how the signature works). The only way to have a valid signature on the new PDF is to sign the new PDF.

[tomascharad]

Hi @boazsegev ,

I get your point and I think you're right.

I think that the base problem is that the signature is a hash computed from the pdf content and the signer private key, so if the content changes, then the signature is not valid anymore right?

I will close this issue then. Thank you very much.

[boazsegev]

Yap, that's the way signing goes...

Good luck finding a solution!