search

pymupdf / PyMuPDF

PyMuPDF is a high performance Python library for data extraction, analysis, conversion & manipulation of PDF (and other) documents.
https://pymupdf.readthedocs.io
GNU Affero General Public License v3.0
5.2k stars 498 forks source link

How to verify the signature #2078

Closed rcx986635 closed 7 months ago

rcx986635 commented 1 year ago
  1. get_sigflags() return 3
  2. xref_object is af follows: << /Type /Sig /Prop_Build << /App << /Name (ISC)

    /Reason /M (D:20221101184701+08'00') /Filter /Adobe.PPKLite /SubFilter /adbe.x509.rsa_sha1 /Cert [ 1 0 R ] /ByteRange [ 0 283 805 37894 ] /Contents <0482010017BC152A32906AB36CA01B77FF6C7B22A980C680384E7B14FCFF5B1359C236AAD4D4F9CA967AF9CA5B6062D4324CABD0F6FFB8A21C29ECC5D0A79E279539C566BB7ADDD57CA7345CB134D9794D52322DC30DE5B28EC85DE8FB0E345A295EB8E516552A8CDCBFF7BF8CF02C2E01542427FB376DB4C2E5094B889F70913DFDCD75FB560F528777A1C0A38BA58D778AD1FCAC27C1E0792824DEEFED9B8E1FA25D52C736E6025D96F435FFE4752D706592A2639C851BEB9F617B3E8AAF4A31D69960D598317E1E4F273550BDF6A2370B3C13BF2F1D5D8428880236A0CBAC110B3BDF63C23106365B7F6C0DEA6FAD9B114963904B512B356312A742B26B39948F2713>

then , how to verify the signature, or how to know the signature is valid but modified by someone ,thank you

rcx986635 commented 1 year ago

@JorjMcKie thank u for any suggestions

JorjMcKie commented 1 year ago

Thank you for your post. Creating signature annotations and signing a document are supported in the base library MuPDF, but not yet in PyMuPDF. I am marking this as enhancement request.

rcx986635 commented 1 year ago

@JorjMcKie Thanks for your reply. But I just want to find a way to ensure the signature in the pdf is not fake , some way like that using SubFilter-adbe.x509.rsa_sha1 we can transfer a to b ,then we can verify the signature.

JorjMcKie commented 1 year ago

Once you know / have identified the xref (as you did), you can extract the /ByteRange and /Contents values. These are doc.xref_get_key(xref, "ByteRange")[1], resp. doc.xref_get_key(xref, "Contents")[1]. The ByteRange array shows which parts of the file have been used to compute the Contents string using the Filter/Subfilter algorithms. So if you know how to invoke those filters, you can create a bytes string of the PDF file according to the rule in ByteRange and verify that the result equals the Contents string.

rcx986635 commented 1 year ago

Once you know / have identified the xref (as you did), you can extract the /ByteRange and /Contents values. These are doc.xref_get_key(xref, "ByteRange")[1], resp. doc.xref_get_key(xref, "Contents")[1]. The ByteRange array shows which parts of the file have been used to compute the Contents string using the Filter/Subfilter algorithms. So if you know how to invoke those filters, you can create a bytes string of the PDF file according to the rule in ByteRange and verify that the result equals the Contents string.

Thank you very very very much, I got it.

JorjMcKie commented 7 months ago

This open for some time now. Properly dealing with request is possible only once we implement full signature support. Currently there are no plans to do this in the foreseeable future.