Previous Next
732
CHAPTER 8 Interactive Features
Note: When creating an author signature, applications are encouraged to create a
legal attestation dictionary (see Section 8.7.4, “Legal Content Attestations”) that
specifies all content that might result in unexpected rendering of the document con-
tents, along with the author’s attestation to such content. This dictionary can be
used to establish an author’s intent if the integrity of the document is questioned.
The P entry in the DocMDP transform parameters dictionary (see Table 8.104) in-
dicates the author’s specification of which changes to the document will invali-
date the signature. (These changes to the document are also prevented if the
signature dictionary is referred to from the DocMDP entry in the permissions dic-
tionary.) A value of 1 for P indicates that the document is intended to be final;
that is, any changes invalidate the signature. The values 2 and 3 permit modifica-
tions that are appropriate for form field or comment workflows.
The DocMDP object digest is computed over a subset of the PDF objects in the
document. Specifically, this subset consists of the objects that are not permitted
to be modified, directly or indirectly, as specified by the transform parameters
dictionary. Appendix I describes the object digest computation.
Validating MDP signatures
To validate an MDP signature, an application first verifies the byte range digest.
Next, it verifies that any modifications that have been made to the document are
permitted by the transform parameters by using one of the following techniques:
• PDF 1.5 required the calculated value of the object digest at the time of signing
to be stored in the DigestValue entry in the signature reference dictionary (see
Table 8.103). Therefore, an application can compare this entry to its calculated
object digest when validating. If the values are different, the signature is invalid.
• In PDF 1.6, the DigestValue entry is not required. Once the byte range digest is
validated, the portion of the document specified by the ByteRange entry in the
signature dictionary (see Table 8.102) is known to correspond to the state of the
document at the time of signing. Therefore, applications can compare the
signed and current versions of the document to see whether there have been
modifications to any objects that are not permitted by the transform parame-
ters. See implementation note 141 in Appendix H.
Previous Next