Sign PDF document with multiple digital signatures

[vizicsaba89]

Hi Vbuch!

First of all, thanks for making node-signpdf!

I was able to figure it out how to sign a pdf document by looking at the tests, and it works nice. Unfortunately i can't find a solution to sign a document with 2 or more different digital signatures. Is there a way to do that with node-signpdf?

[vbuch]

Hi there. Glad to see someone read it and understood it.

There is no such an option currently. Itnis something that I plan to do sometime in the future. A PR would be greatly appreciated, of course. The functionallity is not that hard to implement in fact. If you look at the #play-with-trailers branch, there already is implementation that uses incremental updates. In order to apply two or more signatures, incremental updates are needed. So it needs a bit of extending so that it can read a PDF that already has multiple trailers. If that works, signing will not be limited to only one time.

[vizicsaba89]

Thank you for the fast reply!

We're trying to modify the codebase of #play-with-trailers branch, but we still cannot succeed. As we can see in readPdf.js an exception thrown if there is a /Prev tag exist in pdf (which means it is an incrementally updated pdf) but we cant understand why isn't that allowed.

As far as we know incremental update means that we extend the existing document with a new trailer section contains the modifications on the document.

Do you know some kind of useful docs/resources about the topic?

[vbuch]

The reason for throwing an exception is that some code needs to be triggered in that case and that code is not yet written. Just to make sure it won't mess up your document, following the "better safe than sorry" saying, I'm trying to be safe and sat "I do not support that yet".

Incremental updates in PDF are described in section 7.5.6 here https://www.adobe.com/content/dam/acom/en/devnet/acrobat/pdfs/PDF32000_2008.pdf

[MatthewMarkgraaff]

Hi @vbuch

Firstly thank you for all the time spent on this module it's been a great help!

Please correct me if I'm wrong but it seems this library currently handles the case whereby there is one signature field to be signed by a single signatory?

I have implemented the above without issue but now have come across the case where I have multiple signature fields on each page. I require a user to sign each of these fields. Am I correct in saying that each signature field would need to be identified, signed and the pdf incrementally updated for each signature?

Is this currently unsupported? If so, what can I do to help implement it?

Thank you

Here is a screenshot of Adobe's signature verification after running node-signpdf on a pdf with multiple signature fields:

[vbuch]

Hey there, @MatthewMarkgraaff.

Indeed the main code finds the first ByteRange placeholder and places the signature in it. There are helpers (in a branch) that can also add a placeholder to a document.
Also the specs say that multiple signatures cannot be applied simultaneously. Instead incremental updates need to be made to add them sequentially. And thisnis not supported by any code currently in the lib. As I already wrote (somewhere above) I want to offer this option but I cannot find the time to work on this.
I am curios on how those placeholders you have are implemented. Would it be possible for you to give me an example of such a PDF? I am actually surprised it didn't break when there was more than one placeholder. I'll give myself a high five for that :)

[vizicsaba89]

@MatthewMarkgraaff
As @vbuch wrote before, you cannot achive adding multiple signatures with the libary because it has to be done with incremental updates which involves multiple xref table handling, adding new fields to Acroform etc.
I was able to manage to add as many signatures as i want to, but it costed quite a lot code changes.
I still have to do some refactoring on it, but in the next week i'll create a PR.

If you're in a hurry, and cant wait until next week maybe i can help you with it.

[MatthewMarkgraaff]

This is all starting to make sense, how incremental updates fit in etc..

@vbuch here is the file that I used:

signed.pdf

I can send the script too if it's of interest to you.

@vizicsaba89 I'd really like to have a look at that code if you don't mind pushing it up? 🥇 Perhaps we could all collaborate on your PR if you need a hand? It seems to be quite a popular requirement.

[vbuch]

@vizicsaba89 sounds nice. Would love to take a look. As @MatthewMarkgraaff said, we could help with the PR.

@MatthewMarkgraaff looking at your PDF, you already have the hardest part done. You have two widgets (obj 26 and 27). One of them is referring to a signature placeholder (obj 25). That's why you succeeded signing the first area. What's next for you is to add a new trailer with xref and incrementally update object 26 to include a newly introduced signature placeholder. That would mean that your incremental update would consist of:

• obj 28: The newly introduced placeholder
• obj 26: overridden so it refers to object 28
• xref: A new one that includes 28 and updates 26
• trailer: Because a document always ends with a trailer.

Some of the code on those points is already written (see https://github.com/vbuch/node-signpdf/tree/play-with-trailers/src/helpers/plainAddPlaceholder) and with @vizicsaba89's code, I believe there will be much progress on the topic.

[vizicsaba89]

Okay, tomorrow i'll push the modifications.

[MatthewMarkgraaff]

@vbuch Thank you for being so thorough, that totally makes sense 💯

I did previously play around with the play-with-trailers branch and it got me quite far. Let's check out @vizicsaba89 modifications and evaluate what else needs to be done from there

[vizicsaba89]

Pull request sent.
FYI @vbuch i also have an another version, where i fixed handling stream objects, so you can add images, fonts and text boxes to signature widgets, let me know if you're intrested in a PR for that modification.

And btw shout-out to @pankucsi too, we've been cooperated together to make this finally work.

[MatthewMarkgraaff]

Thank you @vizicsaba89 🚀
I'll go through it a bit later today

I don't mean to speak on behalf of @vbuch but I would be very interested in the additional features you described and could help contribute if there's any work that needs to be done there

[vbuch]

Hey @vizicsaba89 (and @pankucsi), thank you on behalf of the people who requested this!
I took a brief look of your commits. They do need some refactoring but it seems to be doing the right things. I bet you've spent quite some time on this. Nice to see. My initial thoughts were:

• You need to catch up on play-with-trailers as it is going to be the next released version (1.0.0).
• We have to think of a way to get the "drawing" part out of the lib or synthesized in helpers.

This is just based on 5 minutes of looking at the code.

It is interesting that the main code of the lib remains the part where the signature is created while there is tons more of usable and helpful code in the helpers that we are looking at now.
I'll try to give you code a run some time today and see what I can help with.

[vizicsaba89]

We've modified things based on "play-with-trailers" branch so we dont have to worry about cathing up with it :) But in this case maybe you should merge our modifications to play-with-trailers branch.

I agree with you on the drawing topic.

[vbuch]

So, thanks to the contributions of @vizicsaba89 @pankucsi @andres-blanco and @therpobinski this is now available in the develop branch. As promised in the PR, I will release a version soon, including this change. I need to check something first. I will close the issue once there is a release.

[vbuch]

1.1.0 version is out. 🎉 Thanks again, guys. Hope I didn't miss someone in the list here: https://github.com/vbuch/node-signpdf/blob/develop/CONTRIBUTING.md#contributors

I'm closing the issue. Hopefully, if there are any issues, people will open new ones. :-)