0

I am reading carefully the Digital Signature white paper and ITEXT IN ACTION: CHAPTER 12: PROTECTING YOUR PDF.. I have successfully added multiple signatures in append mode to a source PDF, and I have client who will add 2 or 3, or 4 signatures as a method of approving a source as a change management document.

Question: Is there a way to treat the 'last' chosen signature as somehow final? We will be already using the field name as the signing persons Id, the Location as the persistent Id of the signing machine, and the reason as well the reason for signing.

This is for internal purposes so are OK with using the computers clock, and at the moment the only method I have come up with is to sign all detached signatures as CMS, except the last as CADES - so that if the last signature in the current file is ETSI rather than ADBE, then I will not allow more signatures. This feels however not very elegant, and if the starting PDF has a validated timestamp then this basic methodology will fail. It also relies on text parsing which also feels a little flimsy.

I have read the section on attaching actions but this seems a huge hammer to crack what should, in theory at least, be a much simpler exercise.

john renfrew
  • 393
  • 1
  • 9
  • 30

1 Answers1

0

Did you get a chance to read 2.5.5 Locking fields and documents after signing?

In this case, the dictionary defining the signature field has a /Lock entry of which the value is a signature lock dictionary. One of the lock permissions could be LockPermissions.NO_CHANGES_ALLOWED.

The result would then be what you can see in figure 2.31 (locked fields after final approval). In this screen shot, you can see that sig4 locks the document.

Bruno Lowagie
  • 75,994
  • 9
  • 109
  • 165
  • got that in front of me..the createSignature method only works with a writer not a stamper though.. adding the 4th sig is being done with a stamper in append mode. – john renfrew Apr 06 '15 at 14:32
  • When you sign, are the signature fields already present or not? – Bruno Lowagie Apr 06 '15 at 14:43
  • start with a plain PDf, add a signature which adds the Acrofield for it, then add another... forgot to use stamper.getWriter() with the 2.31 example code, but where do I locate the /Lock, in the annotation or in the page dictionary? – john renfrew Apr 06 '15 at 15:13
  • The example I have found is from mkl at http://stackoverflow.com/questions/20008256/how-can-i-lock-a-pdf-document-after-signing-it -- but this is a two stage process. Has iText added methods, and s there an example of this in one stage? – john renfrew Apr 09 '15 at 08:06
  • I just tested my own comment and I noticed that the `/Lock` entry isn't part of the signature dictionary, but of the field dictionary (I should have known: it *had* to be present at the level of the field). You are asking something that is currently not supported, but that is very easy to implement. – Bruno Lowagie Apr 09 '15 at 08:55