Don't decrypt the Contents field of Sig dictionaries
I could not find whre in the PDF spec says that this field in particular is not encrypted, but i think it makes sense because how you write it, you have to reserve space first write the whole file, and then calculate the real signature and write it in the space you left blank before.
If we encrypt the text, we can't know how long it'll be so we can't calculate how much space to leave available.
Also i have a pdf where the Contents field is not encrypted (but the rest of the document is) and Adobe opens it fine, so that seems to imply this is the right thing to do.