EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to check for PDF tampering

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
Posted: 03/13/2013 06:47:31
by kostas - (Basic support level)
Joined: 03/13/2013
Posts: 7


Could you tell me how I can check whether or not a PDF file was modified in any way after it was signed?

Your sample project "TinyProcessor" doesn't do this, right? As far as I understand, it just checks the validity of the embeded certificates?
I see that it allows you to extract the signed version of the PDF but what should I do to check for modification (I don't think a binary comparison of the extracted signed and the target document would work)?

Also, when CertificateValidator.Validate() says that the certificate is not valid and returns 32 in "Reason" (SB_CERT_VALIDITY_REASON_UNKNOWN_CA = 32 Issuer (CA) certificate was not found. ) what does it mean? Should I install a certificate from the certificate autority on my machine?

Thanks in advance.
Posted: 03/13/2013 06:57:51
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

If a file was modified then its signature becomes invalid. Signature validity be checked using TElPDFSignature.Validate() method and its done in TinyProcessor sample.

SB_CERT_VALIDITY_REASON_UNKNOWN_CA error occurs during certificate validation process if a CA certificate was not found for a certificate being validated. You should install CA certificate(s) to a Windows store or alternatively let TElX509CertificateValidator know about it using its AddTrustedCertificates() method.
Posted: 03/13/2013 07:58:05
by kostas - (Basic support level)
Joined: 03/13/2013
Posts: 7

I have a signed PDF file and I modify it adding some "sticky notes", underlines, etc. Then I use the "TinyProcessor" sample and it seems to pass the check:

TElPDFSignature sig = (TElPDFSignature)(objects[cbSignatures.SelectedIndex]);
if (sig.Validate(true)) // I have also tried with false as an input argument.
// Program flow goes in here... Why?

...located inside btnValidate_Click() of SigPropsForm.cs. Adobe Acrobat says: "There have been subsequent changes to the document."
According to your previous post, I would expect that the sig.Validate(true) returns false, but it isn't. Am I missing something?
Posted: 03/13/2013 08:12:11
by Dmytro Bogatskyy (Team)

When you are adding "sticky notes" and etc. the contents of a PDF file is modified and saved incrementally (appended at the end, without the entire file being rewritten). Validate method check the integrity of signed data, that wasn't modified in your case. To get the part of the document that is signed you should use TElPDFSignature.GetSignedVersion method, see: http://www.eldos.com/documentation/sb...rsion.html
Posted: 03/13/2013 08:53:43
by kostas - (Basic support level)
Joined: 03/13/2013
Posts: 7

That solves my questions and problems.
The extracted (signed) PDF file seems to be excactly the same to the original signed file.

Just a final question:
Do you know of any better way(s) to check if the extracted (signed) PDF file is identical to the modified one (from which the 1st was extracted) without comparing them byte to byte?
I doubt that there is an embeded hash on each PDF, based on it's contents, is there?

And, again, thank you very much!
Posted: 03/13/2013 13:22:23
by Dmytro Bogatskyy (Team)

Do you know of any better way(s) to check if the extracted (signed) PDF file is identical to the modified one (from which the 1st was extracted) without comparing them byte to byte?

In fact, you can check if sizes match for signed version and original document. No need to compare data, as signed version is extracted from the original document.
There is no other method to check this at the moment.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages



Topic viewed 2657 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!