Hello syncfusion team,
i was testing the digital signing of pdf documents and faced an issue when using multiple signatures then lock document with last signer.
All previous signatures became invalid and moreover the PdfSignatureValidationResult.IsSignatureValid is still returning true and PdfSignatureValidationResult.IsDocumentModified returns false while there is an error in adobe Invalid signature "Document has been altered or corrupted since last it was signed"
i am using this code to lock the document by setting certificated flag and document permissions to forbid
signature.DocumentPermissions = PdfCertificationFlags.AllowComments Or PdfCertificationFlags.AllowFormFill
If CheckBox1.Checked Then 'lock
signature.DocumentPermissions = PdfCertificationFlags.ForbidChanges
signature.Certificated = True
End If
if i remove the ForbidChanges line the signatures stay valid but the document permissions show signing is still allowed (while sign button is dimmed) and commenting and annotations are still allowed
this is not the same behaviour while signing using Adobe reader ...
see screen shots below and pdf and pfx are attached
by syncfusion
by syncfusion without forbidchanges
by adobe
Hi Jacobs,
Currently we are analyzing on your requirement. We will check this and provide further details on August 23rd, 2022
Regards,
Irfana J.
Hi Jacobs,
We were able to reproduce the reported behavior with provided details on our end. Currently, we are analyzing on this and we will update the further details on August 25th, 2022.
Meanwhile, we request you to share the password for your
certificate and complete code snippet to analyze on our end. So that it helpful
for us.
Regards,
Gowthamraj K
Thanks
The certificates password is P@ssw0rd
Hi Jacobs,
Thank you for sharing the details. Currently, we are analyzing on this reported issue and we will update the further details on August 25th, 2022.
Regards,
Gowthamraj K
This is the code snippet to sign the document using current user certificates from windows store.
Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click
Dim store As New X509Store("MY", StoreLocation.CurrentUser)
store.Open(OpenFlags.[ReadOnly] Or OpenFlags.OpenExistingOnly)
Dim serial = "" 'certificate serial number
Dim cer As PdfCertificate = New PdfCertificate(store.Certificates.Find(X509FindType.FindBySerialNumber, serial, False)(0))
store.Close()
Dim pdfdoc As New PdfLoadedDocument(OpenFileDialog1.FileName, True)
Dim pdfpage As PdfLoadedPage = TryCast(pdfdoc.Pages(0), PdfLoadedPage)
Dim signature As PdfSignature = New PdfSignature(pdfdoc, pdfpage, cer, serial + Now.ToString("ddMMyyyyhhmmss"))
signature.SignedName = cer.SubjectName
signature.Settings.CryptographicStandard = CryptographicStandard.CADES
signature.DocumentPermissions = PdfCertificationFlags.AllowComments Or PdfCertificationFlags.AllowFormFill
If CheckBox1.Checked Then 'lock
signature.DocumentPermissions = PdfCertificationFlags.ForbidChanges
signature.Certificated = True
End If
Try
My.Computer.FileSystem.CopyFile(OpenFileDialog1.FileName, OpenFileDialog1.FileName.Replace(".pdf", "_backup_" + Now.ToString("ddMMyyyyhhmmss") + ".pdf"), overwrite:=False)
pdfdoc.Save(OpenFileDialog1.FileName)
TextBox1.Text = Now.ToString("dd/MM/yyyy hh:mm:ss") + " signing process completed successfully"
Catch ex As Exception
TextBox1.Text = Now.ToString("dd/MM/yyyy hh:mm:ss") + " error" + Environment.NewLine()
TextBox1.Text += ex.Message
End Try
pdfdoc.Close(True)
End Sub
Hi Jacobs,
Thank you for your patience,
if i remove the ForbidChanges line the signatures stay valid but the document permissions show signing is still allowed (while sign button is dimmed) and commenting and annotations are still allowed
|
On further analysis, we found that the acrobat reader has separate behavior for certificate-based signatures. If a document has already been signed, then the Certify options are disabled. If we add a certificate-based signature to the PDF document and then the digitally sign option is disabled and we can only sign if any unsigned fields are presented in the document based on the permission option level. We have attached the certificate-based signature created using acrobat with all permission options for your reference.
Acrobat certificate-based signature documents are below,
From the above screenshot, you can understand the digital sign options are disabled after adding a certificate-based signature.
Reference link: https://helpx.adobe.com/in/acrobat/using/certificate-based-signatures.html
|
||||||||||||
i was testing the digital signing of pdf documents and faced an issue when using multiple signatures then lock document with last signer. All previous signatures became invalid and moreover the PdfSignatureValidationResult.IsSignatureValid is still returning true and PdfSignatureValidationResult.IsDocumentModified returns false while there is an error in adobe Invalid signature "Document has been altered or corrupted since last it was signed" i am using this code to lock the document by setting certificated flag and document permissions to forbid signature.DocumentPermissions = PdfCertificationFlags.AllowComments Or PdfCertificationFlags.AllowFormFill
|
We have checked the reported problem by signing the multiple signatures and adding the certificate-based signature with not allowed permission level we faced similar behavior in all other competitors and, we found the signature is not valid and not modified by viewing the PDF using the Foxit PDF reader/Editor tool. Acrobat reader only shows the signature is invalid if we add the certificate-based signature with not allowed permission level. So, it seems to be acrobat behavior for the certificate-based signature with not allowed permission level. |
||||||||||||
|
Currently, we don’t have support to lock digital signatures in the PDF document. We have considered “Support to lock digital signature in the PDF document” to be a usability feature and the patch for this feature implementation will be included in our weekly NuGet and which is expected to be published on September 13th, 2022.
The status of this feature implementation can be tracked using following link https://www.syncfusion.com/feedback/37322/support-to-lock-digital-signature-in-the-pdf-document
Note: If you require a patch for the reported issue in any of our Essential Studio Main or SP release versions, then kindly let us know the version, so that we can provide a patch in that version based on our SLA policy. |
Please let me know if you have any further questions
Regards,
Moorthy K
Thanks for the detailed reply
Regarding the second point
Adobe reader DC shows the previous signature invalid and shows error "Document has been altered or corrupted since last it was signed" however older version Adobe reader XI shows them valid
i don't know if this information could be retrieved in code or not while validation by any means .
Hi Jacobs,
Thanks for the update.
Yes. Adobe reader XI shows the signature is valid and the document is not modified. On further investigation, we found the signature is invalid seems to be a problem in the Acrobat Reader DC itself. We found some related threads in acrobat-reader-discussions, and we have tried suggested solutions by uninstalling Acrobat Reader DC and installing again and updating the signature-related patch from the below link, and then the Acrobat Reader DC shows the signature is valid. We request you to follow the same to overcome the problem.
Reference link: Solved: Adobe reader - This signature is invalid because t... - Adobe Support Community - 11832546
Acrobat Reader DC patch update for signature related bug fix 21.001.20140 Optional update, Feb 22, 2021 — Acrobat & Acrobat Reader DC Release Notes (adobe.com)
Regards,
Gowthamraj K
Thanks but i am using the latest version of adobe reader 2022.002.20191 32/64-bit which are after the mentioned the version you mentioned 21.001.20140 and i still have the issue
Hi Jacobs,
Thanks for the details, We also noticed that issue in the latest Adobe Acrobat DC version. As we said earlier, it is the behavior of adobe reader and we could not proceed further to validate this case because this issue is specific to Adobe Reader not at the code level also, other readers like Foxit readers are working as expected. As per the adobe acrobat behavior, we could not certify the PDF document which is already signed. So, we assume, by providing the locking support on our end will achieve your requirement. The locking support is expected to be available on 13th September 2022.
Regards,
Gowthamraj K
Thanks a lot for your efforts.
Hi Jacobs,
Sorry for the inconvenience caused.
Due to stability concerns, we are unable to include the support in our today's weekly release. Currently, we are working on this and the lock digital signature support will be available on 20th September 2022 weekly release.
Please use the below feedback link to track the status of the feature,
https://www.syncfusion.com/feedback/37322/support-to-lock-digital-signature-in-the-pdf-document.
Regards,
Gowthamraj K
Hi Jacobs,
We have implemented the usability feature “Support to lock digital signature in the PDF document”. The patch for this support can be downloaded from the following location.
API sample code below,
PdfSignature signature = new PdfSignature(doc, page, pdfCert, "Signature"); signature.IsLocked = true; |
Recommended approach - exe will perform automatic configuration
Please find the patch setup from below location:
Advanced approach – use only if you have specific needs and can directly replace existing assemblies for your build environment
Please find the patch assemblies alone from below location:
NuGet package:
You can track the status of the
implementation using the below feedback link,
Assembly Version: 20.2.0.43
Installation Directions :
This patch should replace the files “Syncfusion.Pdf.Base.dll” under the following folder.
$system drive:\ Files\Syncfusion\Essential Studio\20.2.0.43\precompiledassemblies\20.2.0.43\4.6
Eg : $system drive:\Program Files\Syncfusion\Essential Studio\20.2.0.43\precompiledassemblies\20.2.0.43\4.0
To automatically run the Assembly Manager, please check the Run assembly manager checkbox option while installing the patch. If this option is unchecked, the patch will replace the assemblies in precompiled assemblies’ folder only. Then, you will have to manually copy and paste them to the preferred location or you will have to run the Syncfusion Assembly Manager application (available from the Syncfusion Dashboard, installed as a shortcut in the Application menu) to re-install assemblies.
Note :
To change how you receive bug fixes, ask your license management portal admin to change your project’s patch delivery mode.
https://www.syncfusion.com/account/license
Disclaimer :
Please note that we have created this patch for version 20.2.0.43 specifically to resolve the following issue(s) reported in this/the ticket(s). 176901
If you have received other patches for the same version for other products, please apply all patches in the order received.
and we will include the fix for the reported issue in our upcoming weekly NuGet release, once 2022 Volume 3 main release rolled out which we excepted on end of September 2022 tentatively.
Note: Date and version will be update later.
Please use the below feedback link to track the status of the reported feature.
https://www.syncfusion.com/feedback/37322/support-to-lock-digital-signature-in-the-pdf-document
Note: If you require patch for the reported issue in any of our Essential Studio Main or SP release version, then kindly let us know the version, so that we can provide a patch in that version based on our SLA policy.
Regards,
Gowthamraj K
thanks alot
i applied the patch using the exe but i didn't find the dll Syncfusion.Pdf.Base.dll was modified in the mentioned path.
note that i am using winforms .net framework 4.6
i also tried the second option the zip file
but i didn't find the mentioned dll .... only found this dll Syncfusion.Pdf.Portable.dll which i am not using.
Hi Jacobs,
We have create a patch for this usability feature “Support to lock digital signature in the PDF document” in WinForm platform. The patch for this support can be downloaded from the following location.
API sample code below,
PdfSignature signature = new PdfSignature(doc, page, pdfCert, "Signature"); signature.IsLocked = true; |
Recommended approach - exe will perform automatic configuration
Please find the patch setup from below location:
Advanced approach – use only if you have specific needs and can directly replace existing assemblies for your build environment
Please find the patch assemblies alone from below location:
NuGet package: https://syncfusion.com/Installs/support/patch/20.2.0.43/1245516/F176901/SyncfusionNuget_20.2.0.43_1245516_9212022071502347_F176901.zip
Assembly Version: 20.2.0.43
Installation Directions :
This patch should replace the files “Syncfusion.Pdf.Base.dll” under the following folder.
$system drive:\ Files\Syncfusion\Essential Studio\20.2.0.43\precompiledassemblies\20.2.0.43\4.6
Eg : $system drive:\Program Files\Syncfusion\Essential Studio\20.2.0.43\precompiledassemblies\20.2.0.43\4.0
To automatically run the Assembly Manager, please check the Run assembly manager checkbox option while installing the patch. If this option is unchecked, the patch will replace the assemblies in precompiled assemblies’ folder only. Then, you will have to manually copy and paste them to the preferred location or you will have to run the Syncfusion Assembly Manager application (available from the Syncfusion Dashboard, installed as a shortcut in the Application menu) to re-install assemblies.
Note :
To change how you receive bug fixes, ask your license management portal admin to change your project’s patch delivery mode.
https://www.syncfusion.com/account/license
Disclaimer :
Please note that we have created this patch for version 20.2.0.43 specifically to resolve the following issue(s) reported in this/the ticket(s). 176901
If you have received other patches for the same version for other products, please apply all patches in the order received.
and we will include the fix for the reported issue in our upcoming weekly NuGet release, once 2022 Volume 3 main release rolled out which we excepted on end of September 2022 tentatively.
Note: Date and version will be update later.
Please use the below feedback link to track the status of the reported feature.
https://www.syncfusion.com/feedback/37322/support-to-lock-digital-signature-in-the-pdf-document
Note: If you require patch for the reported issue in any of our Essential Studio Main or SP release version, then kindly let us know the version, so that we can provide a patch in that version based on our SLA policy.
Regards,
Gowthamraj K
Thanks
i applied the exe patch and the dlls were replaced and the new property isLocked is now available however, i found the license became trial and it was working fine before applying the patch
i tried the second option .... i uninstalled all syncfusion components and installed FileFormts version 20.2.0.43 and the signing is working without trial mark when i replaced the Syncfusion.Pdf.Base.dll and the same trial watermark reappeared again .
so i was not able to test the lock option
Hi Jacobs,
We checked your account and found that you do not have an active license. To fix the watermark problem, you have to purchase the license or activate the 30-day trial license from your account.
Please let us know any concerns on this.
Regards,
Gowthamraj K
will it be working with Community license ?
Hi Jacobs,
The Community License is fully functional. Please follow this help documentation to get your license key into your project.
https://help.syncfusion.com/common/essential-studio/licensing/overview
Regards,
Chad C
Hi Jacobs,
We have included the usability feature “Support to lock digital signature in the PDF document” in our latest Weekly NuGet release (v20.3.0.48). Please find the NuGet package link below,
Link: https://www.nuget.org/packages/Syncfusion.Pdf.WinForms/20.3.0.48
Please let us know if you need any further assistance in this.
Regards,
Gowthamraj K
Hello Gowthamraj ,
Happy new year ... i tested the latest nugget release and the new locking document feature is working properly.
Still pending detecting if the signature is not valid if the locking was done using the old method.
Thanks alot for your support.
At present we do not have any immediate plan to implement this feature. We usually have an interval of at least three months between releases and at the planning stage for every release cycle, we review all open features. We will implement this feature in any of our upcoming releases and update you once it is implemented.
You can track the status of this feature using the feedback link below: