Previous Next
737
SECTION 8.7 Digital Signatures
In documents intended for form field workflows, the following occurs:
• The author specifies that form fields can be filled in without invalidating the
author’s signature. The P entry of the DocMDP transform parameters dictionary
is set to either 2 or 3 (see Table 8.104).
• The author can also specify that after a specific recipient has signed the docu-
ment, any modifications to specific form fields should invalidate that recipient’s
signature. There is a separate signature field for each designated recipient, each
having an associated signature field lock dictionary (see Table 8.82) specifying
the form fields that should be locked for that user.
• When the recipient signs the field, the signature, signature reference, and trans-
form parameters dictionaries are created. The Action and Fields entries in the
transform parameters dictionary are copied from the corresponding fields in
the signature field lock dictionary.
Note: This copying is done because all objects in a signature dictionary must be
direct objects if the dictionary contains a byte range signature. (Even though
FieldMDP signatures are object signatures, any signature dictionary referred to
from a signature field must also have a byte range signature.) Therefore, the
transform parameters dictionary cannot reference the signature field lock dictio-
nary indirectly.
The object digest is computed over all the form fields specified by the transform
parameters dictionary, sorted in alphabetical order (see Appendix I for details).
The specified form fields are locked to prevent changes by marking them read-
only. Any changes to the form fields can be detected when the recipient’s signa-
ture is verified.
FieldMDP signatures are validated in a similar manner to DocMDP signatures. See
“Validating MDP signatures” on page 732 for details.
Identity
The Identity transform method is used when computing an object digest that is
all-inclusive; that is, no objects are excluded. The entire object tree is walked,
starting with the object specified by Data in the signature reference dictionary
(see Table 8.103). Any changes to the contents of the object invalidate the signa-
ture. This method is used to support the signing of FDF files. The FDF catalog is
the object over which the digest is calculated.
Previous Next