Digital signatures not able to be verified by Adobe after adding the signature image

ralpha / pdf_signing

Rust library for adding signatures and digitally sign PDF documents.

Apache License 2.0

20 stars 8 forks source link

Digital signatures not able to be verified by Adobe after adding the signature image #2

Open SergenN opened 2 years ago

SergenN commented 2 years ago

Currently there is an issue with this package that does not allow the signatures to be verified in Adobe after the image objects have been inserted into the document.

In the code after the graphics are inserted into the document the graphics state is restored:

content.operations.push(Operation::new("Q", vec![]));

Commenting out this line will result in a valid signed document with signature images embedded in the document. What is the purpose of this line and is it fine if we remove this?

ralpha commented 2 years ago

The line: https://github.com/ralpha/pdf_signing/blob/c1f7fb21087b9fe07f93a3afdd2fd6a31b898713/src/image_insert.rs#L79-L80 Is the opposite of: https://github.com/ralpha/pdf_signing/blob/c1f7fb21087b9fe07f93a3afdd2fd6a31b898713/src/image_insert.rs#L60-L61

One saves the graphics state the other restores it. This means that the matrix transformations does not apply to all other graphic states in the document.

We where aware of this issue and tried to resolve it though https://stackoverflow.com/questions/72935931/pdf-signature-expected-a-dict-object But this has yet to be tested and fixed.