Bug 121133 - Adobe Reader DC claims that the PDF has been modified after signing
Summary: Adobe Reader DC claims that the PDF has been modified after signing
Status: NEW
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Printing and PDF export (show other bugs)
Version:
(earliest affected)
6.1.2.1 release
Hardware: All All
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords: filter:pdf
Depends on:
Blocks: PDF-Export Digital-Signatures
  Show dependency treegraph
 
Reported: 2018-11-02 19:58 UTC by Alexander E. Patrakov
Modified: 2022-08-04 11:52 UTC (History)
1 user (show)

See Also:
Crash report or crash signature:
Regression By:


Attachments
Test document signed in LibreOffice Writer on Linux (69.00 KB, application/pdf)
2018-11-02 19:58 UTC, Alexander E. Patrakov
Details
Test document signed in jSignPDF 1.6.4 on Linux (49.59 KB, application/pdf)
2018-11-02 19:59 UTC, Alexander E. Patrakov
Details
Warning displayed by Adobe Reader DC (38.87 KB, image/jpeg)
2018-11-02 20:05 UTC, Alexander E. Patrakov
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander E. Patrakov 2018-11-02 19:58:08 UTC
If I sign an existing PDF document in LibreOffice Draw, or export PDF from LibreOffice Writer and sign it during export, then Adobe Reader does not like the signature: it claims that the page has been modified. The expectation is that the signature checking should pass without any complaints.

I will attach an example document signed by LibreOffice Writer.

It is also possible to export the same document without signatures, and then use the same certificate in jSignPdf 1.6.4 to sign it. The result does not trigger the "pages modified" alert in Adobe Reader DC, so it is not a problem with the certificate. I will attach a document to demonstrate this, too.

Note: by default, Adobe Reader DC does not trust certificates issued by COMODO. To verify my signature, please, in Adobe Reader DC, go to Edit > Preferences > Signatures > Verification > More... and check the box "Trust ALL root certificates in the Windows certificate store for: [X] Validating signatures".
Comment 1 Alexander E. Patrakov 2018-11-02 19:58:43 UTC
Created attachment 146257 [details]
Test document signed in LibreOffice Writer on Linux
Comment 2 Alexander E. Patrakov 2018-11-02 19:59:16 UTC
Created attachment 146258 [details]
Test document signed in jSignPDF 1.6.4 on Linux
Comment 3 Alexander E. Patrakov 2018-11-02 20:05:15 UTC
Created attachment 146259 [details]
Warning displayed by Adobe Reader DC
Comment 4 Mike Kaganski 2018-11-02 21:02:28 UTC
Thank you for filing the issue!

Could you please describe, step-by-step, how did you sign the PDF in LibreOffice, mentioning every button click and keypress (except for passwords, of course)? My assumption would be that you have saved the PDF after signing.
Comment 5 Alexander E. Patrakov 2018-11-02 21:19:13 UTC
0. Make sure that Firefox is not running (not sure if it is relevant)
1. Open LibreOffice Writer on Arch Linux
2. File > Open, open the odt document. Or just type the text and save it as an odt file.
3. At this stage, the document is not modified. Click File > Export As > Export as PDF...
4. A dialog appears.
5. On the general tab, leave all settings as the defaults. However, I remember that, in the past, i have specifically unticked the "Create a PDF form" box on the General tab, and LibreOffice remembers this. Anyway, the settings on the general tab are: All pages, JPEG compression at 90%, reduce image resolution to 300 dpi, no watermark, no checkboxes in the right column.
5. On all other tabs except Digital signatures, leave all the settings as defaults.
6. On the Digital Signatures tab, select my certificate (that is, click Select, double-click the certificate), type the password, leave all other fields empty.
7. Press the Export button in the bottom right corner of the dialog.
8. Type the desired filename for the PDF file, press Save.
Comment 6 Alexander E. Patrakov 2018-11-02 21:48:19 UTC
This bug is reproducible on Arch Linux but not under Windows 10.
Comment 7 Miklos Vajna 2018-11-06 13:28:49 UTC
FWIW xmlsecurity/qa/create-certs/ has a shell script you can run on Linux and use the resulting test certificates on both Windows an Linux if you want to reproduce this.
Comment 8 Alexander E. Patrakov 2018-11-06 15:01:13 UTC
You can also get free email certificates from COMODO, just as I did.
Comment 9 shara valery 2018-11-19 07:48:26 UTC Comment hidden (spam)
Comment 10 Alexander E. Patrakov 2018-11-19 07:51:27 UTC Comment hidden (obsolete)
Comment 11 Josh George 2019-06-06 06:11:37 UTC Comment hidden (spam)
Comment 12 Andre Russell 2019-06-07 10:19:58 UTC Comment hidden (spam)
Comment 13 dgs 2019-08-01 08:43:13 UTC Comment hidden (spam)
Comment 14 Jems Smith 2019-08-07 12:41:05 UTC Comment hidden (spam)
Comment 15 jones smith 2019-08-16 11:33:10 UTC Comment hidden (spam)
Comment 16 Timur 2019-11-04 15:50:13 UTC
Same warning in LO 6.4+ in Windows 7 as in attachment 146259 [details]: "1 Page(s) Modified". I guess I can put to New. But please also test.
Comment 17 realsciallikes 2019-12-10 09:02:09 UTC Comment hidden (spam)
Comment 18 Jaydeep Dahiwal 2020-04-28 07:39:00 UTC Comment hidden (spam)
Comment 19 Jaydeep Dahiwal 2020-04-28 07:39:44 UTC Comment hidden (spam)
Comment 20 Michal Bozon 2020-04-30 16:05:51 UTC
I have the same problem. Signed PDF document exported by LibreOffice (Writer) signature seems to be OK when verified e.g. by poppler pdfsig utility. However Adobe Reader (used to make sure the exported document is correct for mainstream users utilizing mainstream apps, or rather correct then opened in THE PDF reader app) successfully verifies the signature, but claims that the document was modified after signing. This does not happen e.g. for some randomly chosen PDF document released and signed by the (our) government.

The problem is unaffected by changing "normal" to archive PDF/A (either 2b or 1b) PDF export option (other options left default).

LiberOffice version: 6.4.3.2 (build 6.4.3-1) (but it's a long-term problem, the same problem was months or years ago)
Adobe Reader version: 11.0.10 (for Windows, running in Wine)
OS: Arch linux
Comment 21 Michal Bozon 2020-04-30 20:21:25 UTC
.. to check a different linux flavour,
I have tested in Debian stable (10.3, x86_64), libreoffice 6.1.5.2 (build 1:6.1.5-3+deb10u5).

And the problem is still the same.
Comment 22 Michal Bozon 2020-04-30 22:57:43 UTC
.. I currently do not have resource to inspect and build LibreOffice source, but I've made potentially interesting observation when inspecting/manipulating the resulting PDF file.

When the last (4th) PDF signature /ByteRange [ ... ] component (i.e. 2nd offset) is increased by 1, the signature is of course verified as incorrect, but the "1 Page(s) Modified" no longer appears (it is not the case if the value is decreased by 1).
Comment 23 critic 2020-06-28 03:23:53 UTC Comment hidden (spam)
Comment 24 johan 2020-07-29 07:24:41 UTC Comment hidden (spam)
Comment 25 markwatson1008@gmail.com 2020-11-10 08:45:04 UTC Comment hidden (spam)
Comment 26 June Reeve 2021-02-03 05:48:05 UTC Comment hidden (spam)
Comment 27 Michel Van den Bergh 2021-03-03 06:35:51 UTC
This bug still persists in Ubuntu 20.04  (version: LibreOffice 6.4.6.2 40(Build:2) ).

At least for me this is an important issue since it makes it essentially impossible to directly use the amazing digital signing support in LibreOffice.

As far as I can tell there are no issues with signing an existing pdf so as a work around one can first export and then sign. But of course this is somewhat less flexible.
Comment 28 addkin 2021-03-03 10:33:13 UTC Comment hidden (spam)
Comment 29 michaelbraco 2021-04-23 10:27:55 UTC Comment hidden (spam)
Comment 30 michaelbraco 2021-04-26 05:48:25 UTC Comment hidden (spam)
Comment 31 james smith 2021-08-03 09:49:49 UTC Comment hidden (spam)
Comment 32 james smith 2021-08-03 09:50:07 UTC Comment hidden (spam)
Comment 33 james smith 2021-08-03 09:50:18 UTC Comment hidden (spam)
Comment 34 windikartika 2021-08-10 08:29:04 UTC Comment hidden (spam)
Comment 35 windikartika 2021-08-10 08:29:55 UTC Comment hidden (spam)
Comment 36 nova smith 2021-08-31 05:42:26 UTC Comment hidden (spam)
Comment 37 brayden lee 2021-09-07 12:18:00 UTC Comment hidden (spam)
Comment 38 brayden lee 2021-09-07 12:21:43 UTC Comment hidden (spam)
Comment 39 Kale Johnson 2021-09-10 12:19:34 UTC Comment hidden (spam)
Comment 40 james joy 2021-09-28 08:14:02 UTC Comment hidden (spam)
Comment 41 james joy 2021-09-28 08:16:31 UTC Comment hidden (spam)
Comment 42 james joy 2021-09-28 08:17:05 UTC Comment hidden (spam)
Comment 43 brayden lee 2021-09-28 11:34:11 UTC Comment hidden (spam)
Comment 44 keikis070 2021-09-30 08:25:33 UTC Comment hidden (spam)
Comment 45 keikis070 2021-09-30 08:25:50 UTC Comment hidden (spam)
Comment 46 keikis070 2021-09-30 08:27:29 UTC Comment hidden (spam)
Comment 47 brayden lee 2021-10-20 06:19:01 UTC Comment hidden (spam)
Comment 48 Marco Wilson 2021-11-10 09:23:51 UTC Comment hidden (spam)
Comment 49 salina era 2021-11-17 07:26:10 UTC Comment hidden (spam)
Comment 50 eliza smith 2021-12-08 05:44:03 UTC Comment hidden (spam)
Comment 51 SaanviShetty 2022-01-21 04:51:37 UTC Comment hidden (spam)
Comment 52 Marco Wilson 2022-02-01 08:24:26 UTC Comment hidden (spam)
Comment 53 Marco Wilson 2022-02-01 08:24:54 UTC Comment hidden (spam)
Comment 54 Golden Price Today 2022-02-19 17:00:16 UTC Comment hidden (spam)
Comment 55 San Wilson 2022-02-23 06:59:21 UTC Comment hidden (spam)
Comment 56 Kurt Russell 2022-03-15 10:58:55 UTC Comment hidden (spam)
Comment 57 lindajonesmhead 2022-03-24 06:54:21 UTC Comment hidden (spam)
Comment 58 jasmeet9451 2022-03-30 13:41:11 UTC Comment hidden (spam)
Comment 59 jasmeet9451 2022-03-30 13:41:51 UTC Comment hidden (spam)
Comment 60 jasmeet9451 2022-03-30 13:42:22 UTC Comment hidden (spam)
Comment 61 jasmeet9451 2022-03-30 13:42:49 UTC Comment hidden (spam)
Comment 62 jasmeet9451 2022-03-30 13:45:34 UTC Comment hidden (spam)
Comment 63 kalu smith 2022-04-07 10:45:58 UTC Comment hidden (spam)
Comment 64 Daniel Anthony 2022-04-18 12:26:25 UTC Comment hidden (spam)
Comment 65 Andrew Williams 2022-05-16 07:25:39 UTC Comment hidden (spam)
Comment 66 Johnbuttler 2022-05-17 06:39:14 UTC Comment hidden (spam)
Comment 67 aaron finch 2022-05-24 08:38:39 UTC Comment hidden (spam)
Comment 68 Lisa Bane 2022-07-15 08:49:29 UTC Comment hidden (spam)
Comment 69 Mike Kaganski 2022-07-15 13:20:45 UTC
(In reply to Alexander E. Patrakov from comment #0)
> If I sign an existing PDF document in LibreOffice Draw,
> or export PDF from LibreOffice Writer

I tried to export an empty Writer file with a signature, and also I created an empty PDF and then tried to sign it using File->Digital Signature->Sign Existing PDF. I used versions 6.1.0.3 and 7.4.0.1 for testing.

(In reply to Alexander E. Patrakov from comment #6)
> This bug is reproducible on Arch Linux but not under Windows 10.

I was able to see the problem on Windows 10 when exporting/signing from Writer (i.e., using PDF export dialog's Digital Signatures tab). The resulting signed PDF shows the "1 Page(s) Modified" warning in Adobe Acrobat Reader DC, both when generator is 6.1, and 7.4. However, PDFs from "Sign Existing PDF" produced by both 6.1 and 7.1 do not show that warning in Acrobat Reader.

The question is: maybe we could unify the signing, to use the process of "Sign Existing PDF", feeding the stream generated by simple export? That puts the signature object after the initial %%EOF.

FTR: the PDF export dialog uses PDFWriterImpl::emitSignature / PDFWriterImpl::finalizeSignature, while Sign Existing PDF uses PDFDocument::Sign.
Comment 70 Thomasallen 2022-08-01 11:51:06 UTC Comment hidden (spam)
Comment 71 appgeek1124 2022-08-04 11:52:43 UTC Comment hidden (spam)