search

digitorus / pdfsign

Add/verify Advanced Electronic Signature (AES) and Qualified Electronic Signature (QES) in PDF (usign pure Go)
BSD 2-Clause "Simplified" License
72 stars 16 forks source link

Signing a PDF with attachment results in a signed PDF without attachment #10

Closed dhernandez closed 7 months ago

dhernandez commented 1 year ago

I'm trying to sign a PDF with a zip file attached. The execution looks good and no errors are shown. Also, the signed PDF size is a bit higher than the original one, so the attachment should be there, but I cannot see it with any reader after signing.

Steps to reproduce:

$ rm -rf files_original files_signed && mkdir files_original files_signed

$ pdftk simple.pdf attach_files file.zip output simple_with_file.pdf
$ pdftk simple_with_file.pdf unpack_files output files_original
$ ls -hs files_original
total 876K
876K file.zip

$ ./pdfsign -name "Jon Doe" sign simple_with_file.pdf signed.pdf certificate.crt private_key.key
2023/07/03 11:59:45 Signed PDF written to signed.pdf
$ ./pdfsign verify signed.pdf | jq . | head -25
{
  "Error": "",
  "DocumentInfo": {
    "author": "",
    "creator": "",
    "hash": "",
    "name": "Jon Doe",
    "permission": "",
    "producer": "pdfcpu v0.4.1 dev",
    "subject": "",
    "title": "",
    "pages": 0,
    "keywords": null,
    "mod_date": "2023-07-03T11:59:44+02:00",
    "creation_date": "2023-07-03T11:02:31+02:00"
  },
  "Signers": [
    {
      "name": "Jon Doe",
      "reason": "",
      "location": "",
      "contact_info": "",
      "valid_signature": true,
      "trusted_issuer": true,
      "revoked_certificate": false,

$ pdftk signed.pdf unpack_files output files_signed
$ ls -hs files_signed
total 0
$ ls -hs simple.pdf file.zip simple_with_file.pdf signed.pdf
876K file.zip  928K signed.pdf   32K simple.pdf  904K simple_with_file.pdf
vanbroup commented 1 year ago

Does it work if you do not attach the zip file?

dhernandez commented 1 year ago

Yes. Also, it "works" if I attach the file. I mean, I get no errors and the generated file is signed fine, but it does not contain the attached file anymore. Take a look at the output on my first comment.

vanbroup commented 1 year ago

I think this must be related to #4, a problem that needs further investigation but I haven't been able to fix yet.

Some help fixing #4 would be welcome, I do not expect to be able to fix this anytime soon.

dhernandez commented 1 year ago

Ok, I understand this is not a priority. Just to add some more info I think it is not related to https://github.com/digitorus/pdfsign/issues/4, since my testing file has only one xref:

$ cat simple_with_file.pdf | grep -a startxref | wc -l
1
$ cat Acrobat_DigitalSignatures_in_PDF.pdf | grep -a startxref | wc -l
2

I've never worked with PDF files, so I do not think I can help. Anyway, I will take a look and try to figure out what is going on.

dhernandez commented 7 months ago

I opened a PR to fix this issue. https://github.com/digitorus/pdfsign/pull/27