Sample of the Week:
Pharming attacks are fairly ubiquitous on the web these days. According to Wikipedia, “a Pharming attack is a cyber attack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.” The idea is to get you enter some private information in an HTML form that will give the attacker a way to leverage that information for further attacks… like identity theft.
There are some basic, though not foolproof, ways to protect yourself from these sorts of attacks while in a browser. But what about PDF. It’s pretty easy to download an image of your bank’s logo and create a realistic looking form and mail it around as a PDF. How can a user verify that the PDF came from the company that claims to have sent it?… With Certified Documents of course.
John Landwehr of Adobe Systems perfectly expresses the use of Certified Documents in his article What is a Certified Document and when should you use it?
A Certified Document provides PDF document and forms recipients with added assurances of its authenticity and integrity. Here are two frequent uses cases for Certified Documents that illustrate these capabilities:
- You publish files and want the recipients to know that the files really did originate from you and they have not been accidentally or maliciously modified since you published them.
- You distribute electronic forms with pre-populated information, and want to make sure recipients are not accidentally or maliciously modifying your form data when returning them to you.
In addition to the methods of certifying documents mentioned in John’s article, the Datalogics PDF Java Toolkit is capable of both certifying a document and manipulating already certified documents.
What You Need to Know First:
A PDF file is considered a Certified Document when it has been digitally signed using a certifying signature by the author. The certifying signature is the first one applied to the document and also established the permissions that control what changes are permissible without breaking the certification. Because signatures rely on a checksum of the document content to verify their validity, changing the document in unauthorized or unexpected ways will result in the certifying signature becoming invalid. Adobe Acrobat and a few other viewers ensure that the user is warned or simply prevent features from being used if those features would change the document in an unauthorized way. Because the certified version of the document must remain unchanged, the PDF Specification allows for “changes” to be appended to the end of the original document. The extra bit of PDF at the end essentially overwrites or augments objects in the original without actually modifying it. This also allows the user to “roll-back” the document to it’s original, signed state to see the differences. This technique of changing the document by appending PDF content to the end of a file is known as an “Incremental Save”. I’ll discuss the different save methods in a future post.
One of the most common – and encouraged, not just authorized – changes that one might make to a Certified Document is filling a form. When Adobe Acrobat opens a Certified Document, it will disable features other than filling the form, signing it or adding comments and then do an incremental save automatically.
To accomplish the same thing using the Datalogics PDF Java Toolkit, you’d use the PDFSaveIncrementalOptions class in the PDFDocument.Save() method.
The PDFSaveIncrementalOptions provides options that can be used to control how a PDF is saved during an “incremental save” operation. In an incremental save operation, the PDF document is not rewritten from scratch. Instead, changes that were made to the document are appended to the end of the file. Incremental saves are beneficial in that they are usually faster than full saves. In the case of a Certified Document, incremental saves are the only useful save operation. Performing a full save on a PDF document that contains a digital signature invalidates the signature because it rewrites every part of the file reordering objects as it goes.
To get started working with Certified PDF, download this Gist and request an evaluation copy of The Datalogics PDF Java Toolkit.