I have 2 questions regarding to certification level "not certified".
1. When document is signed with certification level "not certified" - Adobe Reader says (Signature Properties -> Document tab) something like: "..Form Fill-in, Signing and Commenting are allowed… No other changes are permitted." Is this OK? I understand that this is not directly related to JSignPDF project but please help if you can :)
2. When I re-sign document (original document is already signed but I choose not to append signature) and select certification level "not certified" - new signature has old certification level (same level that overwritten signature had). I assume this is a bug (probably on itext side). What do you think?
Thanks!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've investigated this behavior and here is what I found regarding to my questions:
1. I tested this with some other signing tools. This message in Adobe Reader is OK but keep reading…
2. I've commented 2 occurrences of
if(certificationLevel>0)
in PdfSignatureAppearance.preClose(HashMap) and I get document with certification level "not certified". And here is what Adobe Reader says: "There are no restrictions on the changes that are permitted to be made to this document after signatures are applied. To view what was actually signed, click View Signed Version."
What we should do?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes, it seems that 0 shouldn't be used…
But P key (for storing cert level) is optional.
Can we omit this key? Or we should remove usage of 0 level ("Not certified") from JSignPDF?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When the P is omitted I assume the default value is taken. Default if 2 - Permitted changes are filling in forms, instantiating page templates,and signing; other changes invalidate the signature.
When we have "Not certified" now, the DocMDP is not inserted (only the signature is added). So from my point of view it seems as a correct behavior.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Josef,
I have 2 questions regarding to certification level "not certified".
1. When document is signed with certification level "not certified" - Adobe Reader says (Signature Properties -> Document tab) something like: "..Form Fill-in, Signing and Commenting are allowed… No other changes are permitted." Is this OK? I understand that this is not directly related to JSignPDF project but please help if you can :)
2. When I re-sign document (original document is already signed but I choose not to append signature) and select certification level "not certified" - new signature has old certification level (same level that overwritten signature had). I assume this is a bug (probably on itext side). What do you think?
Thanks!
I've investigated this behavior and here is what I found regarding to my questions:
1. I tested this with some other signing tools. This message in Adobe Reader is OK but keep reading…
2. I've commented 2 occurrences of
in PdfSignatureAppearance.preClose(HashMap) and I get document with certification level "not certified". And here is what Adobe Reader says: "There are no restrictions on the changes that are permitted to be made to this document after signatures are applied. To view what was actually signed, click View Signed Version."
What we should do?
It seems, the 0 should not be used as a value for certification (DocMDP)
c.f. http://www.scribd.com/doc/51215316/PDF-Reference-1-7#outer_page_733
Yes, it seems that 0 shouldn't be used…
But P key (for storing cert level) is optional.
Can we omit this key? Or we should remove usage of 0 level ("Not certified") from JSignPDF?
When the P is omitted I assume the default value is taken. Default if 2 - Permitted changes are filling in forms, instantiating page templates,and signing; other changes invalidate the signature.
When we have "Not certified" now, the DocMDP is not inserted (only the signature is added). So from my point of view it seems as a correct behavior.