pdfunite must remove invalidated digital signatures
Submitted by Alexander E. Patrakov
Assigned to poppler-bugs
Link to original bug (#106952)
Description
Created attachment 140204 First document with a signature
If I run pdfunite on pdf files, at least one of which is signed, then the result has an invalid digital signature. I think that any signatures that cannot be properly preserved must be removed.
To reproduce:
[aep@aep-haswell tmp]$ pdfsig 'Untitled 1.pdf' Digital Signature Info of: Untitled 1.pdf Signature #1:
- Signer Certificate Common Name: (null)
- Signer full Distinguished Name: E=patrakov@gmail.com
- Signing Time: Jun 18 2018 21:43:41
- Signing Hash Algorithm: SHA-256
- Signature Type: adbe.pkcs7.detached
- Signed Ranges: [0 - 9563], [59565 - 60513]
- Total document signed
- Signature Validation: Signature is Valid.
- Certificate Validation: Certificate is Trusted. [aep@aep-haswell tmp]$ pdfsig 'Untitled 2.pdf' Digital Signature Info of: Untitled 2.pdf Signature #1:
- Signer Certificate Common Name: (null)
- Signer full Distinguished Name: E=patrakov@gmail.com
- Signing Time: Jun 18 2018 21:44:21
- Signing Hash Algorithm: SHA-256
- Signature Type: adbe.pkcs7.detached
- Signed Ranges: [0 - 9426], [59428 - 60376]
- Total document signed
- Signature Validation: Signature is Valid.
- Certificate Validation: Certificate is Trusted. [aep@aep-haswell tmp]$ pdfunite 'Untitled 1.pdf' 'Untitled 2.pdf' 'Untitled 12.pdf' [aep@aep-haswell tmp]$ pdfsig 'Untitled 12.pdf' Digital Signature Info of: Untitled 12.pdf Signature #1:
- Signer Certificate Common Name: (null)
- Signer full Distinguished Name: E=patrakov@gmail.com
- Signing Time: Jun 18 2018 21:43:41
- Signing Hash Algorithm: SHA-256
- Signature Type: adbe.pkcs7.detached
- Signed Ranges: [0 - 9563], [59565 - 60513]
- Not total document signed
- Signature Validation: Digest Mismatch. Signature #2 (closed):
- Signer Certificate Common Name: (null)
- Signer full Distinguished Name: E=patrakov@gmail.com
- Signing Time: Jun 18 2018 21:44:21
- Signing Hash Algorithm: SHA-256
- Signature Type: adbe.pkcs7.detached
- Signed Ranges: [0 - 9426], [59428 - 60376]
- Not total document signed
- Signature Validation: Digest Mismatch.
Attachment 140204, "First document with a signature":
Untitled_1.pdf