EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to check for PDF tampering

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#24057
Posted: 03/13/2013 06:47:31
by kostas - (Basic support level)
Joined: 03/13/2013
Posts: 7

Hello.

Could you tell me how I can check whether or not a PDF file was modified in any way after it was signed?

Your sample project "TinyProcessor" doesn't do this, right? As far as I understand, it just checks the validity of the embeded certificates?
I see that it allows you to extract the signed version of the PDF but what should I do to check for modification (I don't think a binary comparison of the extracted signed and the target document would work)?

Also, when CertificateValidator.Validate() says that the certificate is not valid and returns 32 in "Reason" (SB_CERT_VALIDITY_REASON_UNKNOWN_CA = 32 Issuer (CA) certificate was not found. ) what does it mean? Should I install a certificate from the certificate autority on my machine?

Thanks in advance.
#24059
Posted: 03/13/2013 06:57:51
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

If a file was modified then its signature becomes invalid. Signature validity be checked using TElPDFSignature.Validate() method and its done in TinyProcessor sample.

SB_CERT_VALIDITY_REASON_UNKNOWN_CA error occurs during certificate validation process if a CA certificate was not found for a certificate being validated. You should install CA certificate(s) to a Windows store or alternatively let TElX509CertificateValidator know about it using its AddTrustedCertificates() method.
#24060
Posted: 03/13/2013 07:58:05
by kostas - (Basic support level)
Joined: 03/13/2013
Posts: 7

I have a signed PDF file and I modify it adding some "sticky notes", underlines, etc. Then I use the "TinyProcessor" sample and it seems to pass the check:

TElPDFSignature sig = (TElPDFSignature)(objects[cbSignatures.SelectedIndex]);
if (sig.Validate(true)) // I have also tried with false as an input argument.
{
// Program flow goes in here... Why?
}

...located inside btnValidate_Click() of SigPropsForm.cs. Adobe Acrobat says: "There have been subsequent changes to the document."
According to your previous post, I would expect that the sig.Validate(true) returns false, but it isn't. Am I missing something?
#24061
Posted: 03/13/2013 08:12:11
by Dmytro Bogatskyy (EldoS Corp.)

When you are adding "sticky notes" and etc. the contents of a PDF file is modified and saved incrementally (appended at the end, without the entire file being rewritten). Validate method check the integrity of signed data, that wasn't modified in your case. To get the part of the document that is signed you should use TElPDFSignature.GetSignedVersion method, see: http://www.eldos.com/documentation/sb...rsion.html
#24062
Posted: 03/13/2013 08:53:43
by kostas - (Basic support level)
Joined: 03/13/2013
Posts: 7

Thanks!
That solves my questions and problems.
The extracted (signed) PDF file seems to be excactly the same to the original signed file.

Just a final question:
Do you know of any better way(s) to check if the extracted (signed) PDF file is identical to the modified one (from which the 1st was extracted) without comparing them byte to byte?
I doubt that there is an embeded hash on each PDF, based on it's contents, is there?

And, again, thank you very much!
#24069
Posted: 03/13/2013 13:22:23
by Dmytro Bogatskyy (EldoS Corp.)

Quote
Do you know of any better way(s) to check if the extracted (signed) PDF file is identical to the modified one (from which the 1st was extracted) without comparing them byte to byte?

In fact, you can check if sizes match for signed version and original document. No need to compare data, as signed version is extracted from the original document.
There is no other method to check this at the moment.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 2222 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!