endesive icon indicating copy to clipboard operation
endesive copied to clipboard
verified publisher icon m32

I have tampered the pdf but still verify script hash returns True

Open chawla-gagandeep opened this issue 4 years ago • 5 comments

''' signature ok? True hash ok? True cert ok? True ''' following steps to reproduce the issue 1)I have created certifications file via using the cert-make.py file and this script generate these file 'demo2_ca.crt.pem', 'demo2_ca.key.pem', 'demo2_user1.crt.pem', 'demo2_user1.key.pem', 'demo2_user1.p12', 'demo2_user1.pub.pem'.

2)After that I have used the custom_pdf_sign_cms.py to add the signature on the pdf.

3)After that I have run the custom_pdf-verify.py script to check the is certification is True and its return the true

''' signature ok? True hash ok? True cert ok? True ''' after that I have added highlights in the newly created pdf's then again run the custom_pdf-verify.py script but output I get is

''' signature ok? True hash ok? True cert ok? True ''' in this condition the hash must returns the false because the value of the hash has been changed after the highlight is added please correct me if I am wrong

I have attached all the scripts on zip file which I have used add signature on the pdf custom_endesive.zip

any suggestions will be appreciated

@m32

chawla-gagandeep avatar Feb 26 '21 13:02 chawla-gagandeep

after chaning one letter: signature ok? True hash ok? False cert ok? True

Show the file (pdf) before and after your modification. :) check what you are verifying - hashok = false if signed hash! = computed hash maybe your modifications are saved in a different file ?

m32 avatar Feb 26 '21 21:02 m32

@m32 thanks for replay

'pdf-signed-cms.pdf' is signed-pdf without any modifications pdf-signed-cms.pdf

and here the the custom_pdf-verify.py returns the ''' signature ok? True hash ok? True cert ok? True ''' and pdf-signed-cms (copy).pdf on which I have added the highlights the text and then the hash value and its return pdf-signed-cms (copy).pdf

''' ignature ok? True hash ok? True cert ok? True ''' I am also sharing the script as well please let know if I have make any modification required on it

https://github.com/47billion-gagandeep/custom_endesive/blob/main/custom_pdf-verify.py

in the above script url in line number 22 I have replaced the pdf name by pdf-signed-cms (copy).pdf.

chawla-gagandeep avatar Mar 01 '21 06:03 chawla-gagandeep

Everything is fine, the document is signed and two annotations are added, but the signed piece remains unchanged. The signature enables changes to the document (adding elements (pages) / filling in forms). Open the document in Acrobat Reader (windows) and see what he thinks about the document and your changes.

m32 avatar Mar 01 '21 09:03 m32

What should I do if I want to disable the following features? The signature enables changes to the document (adding elements (pages) / filling in forms).

Andyye-jx avatar Aug 12 '21 06:08 Andyye-jx

the only way out is to set a password on the document and set the privileges allowed, and then sign the document

m32 avatar Aug 23 '21 09:08 m32