Improvements to Incremental Digital Signatures and PDF/A-1a Compliance #320
Conversation
…sinatura anterior, ou que já eram pdfa
…ormidade pdf/a-1a
|
@pdizeev I tried to test the incremental sign but getting below error while opening out the PDF after second sign or AppendSignature has been set true. System.InvalidOperationException: 'The file is not a valid PDF document.' This exception was originally thrown at this call stack: PdfSharp.Pdf.IO.PdfReader.OpenFromStream(System.IO.Stream, string, PdfSharp.Pdf.IO.PdfDocumentOpenMode, PdfSharp.Pdf.IO.PdfPasswordProvider, PdfSharp.Pdf.IO.PdfReaderOptions) in PdfReader.cs PdfSharp.Pdf.IO.PdfReader.OpenFromFile(string, string, PdfSharp.Pdf.IO.PdfDocumentOpenMode, PdfSharp.Pdf.IO.PdfPasswordProvider) in PdfReader.cs |
Hi @dixit-atharva , It’s difficult to pinpoint the exact cause without knowing how the incremental signing workflow was implemented on your side. One common scenario that can produce this exception is saving the second signature into a different output file. If this does not match your situation, feel free to share a minimal example of your signing code (without any sensitive data, of course). |
|
@alex-vazz @pdizeev I did not implemented yet just testing out through the DefaultSignerTests.cs Sign_existing_pdf_incrementally_and_preserve_pdfa method. |
|
@dixit-atharva Because of that, the most likely cause is an environment-specific factor (framework version, stream behavior, file permissions, PDF compression settings, etc.).
If possible, the resulting signed PDF after the first signature (before the second one) These details will make it much easier to reproduce the issue and understand what's causing the difference. |
|
Hi @alex-vazz I got the exact same issue when running the test. Your .NET runtime / OS environment : Windows, .NET 8 Here are the two files, after the first one, then second one. I'm managed to be able to open the second file when using a Stream for saving it, but one signature was failing. Hope it helps |
4 participants
📌 Summary
This PR introduces a complete revision of the incremental digital signature workflow and several fixes required to preserve PDF/A-1a conformance when signing documents.
The changes address two long-standing problems in PDFsharp:
Caused by incomplete incremental update logic, missing object registration, and incorrect byte range / catalog updates.
Specifically: forbidden /Group transparency entries, missing metadata field F, and inconsistent XMP updates.
This PR ensures:
✔ Existing signatures remain valid after additional signatures
✔ New signatures are embedded incrementally with correct references
✔ PDF/A-1a conformance is preserved after each signature
✔ No transparency or structural violations are introduced
✔ PDFs remain readable in Adobe Reader, browsers, and validators
🧩 Why These Changes Were Necessary
Anchoring of Prior Signatures (Incremental Signing)
Before this PR, signing an already-signed PDF caused:
ITI validation reported:
This PR updates the incremental signing logic to follow ISO-32000 rules, preserving all previous revisions.
PDF/A-1a Transparency and Metadata Errors
PDF/A validators (Acrobat Preflight, VeraPDF, ITI) reported:
Root causes included:
This PR ensures:
✔ /Group is removed when PDF/A is active
✔ XMP metadata stays synchronized
✔ Required fields (including F) are present
✔ No transparency or forbidden operators are emitted
🛠 Overview of Changes
✔ Incremental Signature Improvements
✔ PDF/A-1a Compliance Fixes
✔ Structural Stability Fixes
📜 Business Rules Implemented
This PR enforces the following rules:
🚀 Impact / Benefits
🧪 Tests Added / Updated
🔄 Backward Compatibility
✔ Final Notes
This PR significantly enhances PDFsharp’s digital signature subsystem, with improvements focused on correctness, compliance, and real-world production reliability—especially in environments that depend on strict digital signature and PDF/A rules.