Bug 121133 - Adobe Reader DC claims that the PDF has been modified after signing
Summary: Adobe Reader DC claims that the PDF has been modified after signing
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Printing and PDF export (show other bugs)
(earliest affected) release
Hardware: All All
: medium normal
Assignee: Not Assigned
Keywords: filter:pdf
Depends on:
Blocks: PDF-Export Digital-Signatures
  Show dependency treegraph
Reported: 2018-11-02 19:58 UTC by Alexander E. Patrakov
Modified: 2019-03-16 18:21 UTC (History)
1 user (show)

See Also:
Crash report or crash signature:

Test document signed in LibreOffice Writer on Linux (69.00 KB, application/pdf)
2018-11-02 19:58 UTC, Alexander E. Patrakov
Test document signed in jSignPDF 1.6.4 on Linux (49.59 KB, application/pdf)
2018-11-02 19:59 UTC, Alexander E. Patrakov
Warning displayed by Adobe Reader DC (38.87 KB, image/jpeg)
2018-11-02 20:05 UTC, Alexander E. Patrakov

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander E. Patrakov 2018-11-02 19:58:08 UTC
If I sign an existing PDF document in LibreOffice Draw, or export PDF from LibreOffice Writer and sign it during export, then Adobe Reader does not like the signature: it claims that the page has been modified. The expectation is that the signature checking should pass without any complaints.

I will attach an example document signed by LibreOffice Writer.

It is also possible to export the same document without signatures, and then use the same certificate in jSignPdf 1.6.4 to sign it. The result does not trigger the "pages modified" alert in Adobe Reader DC, so it is not a problem with the certificate. I will attach a document to demonstrate this, too.

Note: by default, Adobe Reader DC does not trust certificates issued by COMODO. To verify my signature, please, in Adobe Reader DC, go to Edit > Preferences > Signatures > Verification > More... and check the box "Trust ALL root certificates in the Windows certificate store for: [X] Validating signatures".
Comment 1 Alexander E. Patrakov 2018-11-02 19:58:43 UTC
Created attachment 146257 [details]
Test document signed in LibreOffice Writer on Linux
Comment 2 Alexander E. Patrakov 2018-11-02 19:59:16 UTC
Created attachment 146258 [details]
Test document signed in jSignPDF 1.6.4 on Linux
Comment 3 Alexander E. Patrakov 2018-11-02 20:05:15 UTC
Created attachment 146259 [details]
Warning displayed by Adobe Reader DC
Comment 4 Mike Kaganski 2018-11-02 21:02:28 UTC
Thank you for filing the issue!

Could you please describe, step-by-step, how did you sign the PDF in LibreOffice, mentioning every button click and keypress (except for passwords, of course)? My assumption would be that you have saved the PDF after signing.
Comment 5 Alexander E. Patrakov 2018-11-02 21:19:13 UTC
0. Make sure that Firefox is not running (not sure if it is relevant)
1. Open LibreOffice Writer on Arch Linux
2. File > Open, open the odt document. Or just type the text and save it as an odt file.
3. At this stage, the document is not modified. Click File > Export As > Export as PDF...
4. A dialog appears.
5. On the general tab, leave all settings as the defaults. However, I remember that, in the past, i have specifically unticked the "Create a PDF form" box on the General tab, and LibreOffice remembers this. Anyway, the settings on the general tab are: All pages, JPEG compression at 90%, reduce image resolution to 300 dpi, no watermark, no checkboxes in the right column.
5. On all other tabs except Digital signatures, leave all the settings as defaults.
6. On the Digital Signatures tab, select my certificate (that is, click Select, double-click the certificate), type the password, leave all other fields empty.
7. Press the Export button in the bottom right corner of the dialog.
8. Type the desired filename for the PDF file, press Save.
Comment 6 Alexander E. Patrakov 2018-11-02 21:48:19 UTC
This bug is reproducible on Arch Linux but not under Windows 10.
Comment 7 Miklos Vajna 2018-11-06 13:28:49 UTC
FWIW xmlsecurity/qa/create-certs/ has a shell script you can run on Linux and use the resulting test certificates on both Windows an Linux if you want to reproduce this.
Comment 8 Alexander E. Patrakov 2018-11-06 15:01:13 UTC
You can also get free email certificates from COMODO, just as I did.
Comment 9 shara valery 2018-11-19 07:48:26 UTC
I was Unable to edit PDF files in Acrobat DC. i visited https://www.adobesupportphonenumber.com/blog/unblock-adobe-flash-player/ I got to know that These issues can occur when you open a PDF file in Adobe Reader DC instead of Adobe Acrobat DC, which is used for editing PDF file. after download and install again Acrobat DC it all solved.
Comment 10 Alexander E. Patrakov 2018-11-19 07:51:27 UTC
Sorry, I can't just tell my correspondents to install Acrobat DC. They open my files in Adobe Reader DC, they don't need to edit the PDF.