SECTION 8.7
731
Digital Signatures
KEY
TYPE
VALUE
DigestValue
string
(Required in some situations)
When present, the computed value of
the digest. See Section 8.7.1, “Transform Methods, for details on
when this entry is required.
(Required when
DigestValue
is required and
TransformMethod
is
FieldMDP
or
DocMDP
)
An array of two integers specifying the loca-
tion in the PDF file of the
DigestValue
string. The integers represent
the starting offset and length in bytes, respectively.
This entry is required when
DigestValue
is written directly to the
PDF file, bypassing any encryption that has been performed on the
document. When specified, the values must be used to read
DigestValue
directly from the file during validation.
DigestLocation
array
8.7.1 Transform Methods
Transform methods, along with transform parameters, determine which objects
are included and excluded in object digest computation or revision comparison.
The following sections discuss the types of transform methods, their transform
parameters, and when they are used. Appendix I, “Computation of Object Di-
Note:
All transform methods exclude the signature dictionary from the object digest.
DocMDP
The
DocMDP
transform method is used to detect modifications relative to a sig-
nature field that is signed by the author of a document (the person applying the
first signature). A document can contain only one signature field that contains a
DocMDP
transform method; it must be the first signed field in the document. It
enables the author to specify what changes are permitted to be made the docu-
ment and what changes invalidate the author’s signature.
As discussed earlier, “MDP” stands for
modification detection and prevention.
Such signatures enable
detection
of disallowed changes specified by the author. In
addition, disallowed changes can also be
prevented
when the signature dictionary
is referred to by the
DocMDP
entry in the permissions dictionary (see Section