search

m32 / endesive

en-crypt, de-crypt, si-gn, ve-rify - smime, pdf, xades and plain files in pure python
MIT License
237 stars 93 forks source link

Reference has no DigestMethod #134

Closed oh-mycode closed 1 year ago

oh-mycode commented 1 year ago

Hi! I have a PDF file that was signed before, and when I try to sign it I get KeyError exception about DigestMethod. I did some research and found out that for some reason /Reference has no /DigestMethod. 

for k in ("/Root", "/Perms", "/DocMDP", "/Reference"):
    if k in obj:
        obj = obj[k]
        if isinstance(obj, po.ArrayObject):
            obj = obj[0]
        obj = obj.getObject()
    else:
        obj = None
        break
if obj is not None:
    algomd = obj["/DigestMethod"][1:].lower()

Probably the previous signature is wrong. What do you think if I expend the condition and check if the key /DigestMethodexists? I already tried it and got a successfully signed document. There is a small effect - Adobe shows that the previous signature is invalid, but I also tried to sign with JSignPdf util and got the same result, so it is fine by me. Please tell me WDYT?

oh-mycode commented 1 year ago

https://github.com/m32/endesive/pull/135 - my suggestion

m32 commented 1 year ago

In my opinion, signing incorrect documents sooner or later will end in a catastrophe. Acrobat ignores this error, but there are some that it does not ignore and if you sign such a document, the problem will come back to you, not to the one who generated the incorrect document.

oh-mycode commented 1 year ago

@m32 what if do it optionally?

m32 commented 1 year ago

I still do not like it :) - optionally, you can press it all, but I do not want to explain why the previous signature is incorrect, and somehow I feel that this is how it will be done