
How to Break PDF Signatures - hannob
https://www.pdf-insecurity.org/
======
weinzierl
I used to love PDF but the more time passes the more I think it is broken
beyond any repair.

HTML/CSS/JS covers almost any usecase. Then there is ePub (kind of HTML..
anyway) for eBooks, CBR for Comics, DJVU for scanned content and so on. There
probably is a better format for any niche usecase you can imagine.

~~~
gowld
PDF _consistently_ generates documents that anyone can see and verify the
content. HTML/CSS/JS change the content different depending on how you look at
them and with which tools.

~~~
weinzierl
> PDF consistently generates documents that anyone can see and verify the
> content.

You cannot rely on that. PDF combined with font and vector graphics rendering
is just an insanely complex beast and there is lots of trickery that can
change the appearance of the document. For example there is a font that
changes its characters with font size and therefore zoom level.

When it comes to verification: see OP how well that works.

If you want verifieable content use plain text and bitmaps. Really that's your
best bet.

------
cmurf
The article lists 'Adobe Acrobat Reader DC' for Linux but I don't see a Linux
option at
[https://get.adobe.com/reader/otherversions/](https://get.adobe.com/reader/otherversions/)
although there is an Android option, maybe there's a way to make that work on
Linux, or use e.g. Windows 7 version of Acrobat with Wine. This page doesn't
make it totally clear if the free reader is sane to use.
[https://appdb.winehq.org/objectManager.php?sClass=applicatio...](https://appdb.winehq.org/objectManager.php?sClass=application&iId=847)

~~~
amaccuish
*wouldn't recommend since it hasn't been updated in a long time

ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.5.5/enu/

------
vxNsr
Well this is bad news for everyone.

------
xvilka
Choice of Linux PDF viewers is very strange[1] - basically, no open source
viewers listed.

[1] [https://www.pdf-insecurity.org/signature/viewer.html](https://www.pdf-
insecurity.org/signature/viewer.html)

~~~
weinzierl
Does any of them support signature verification at all? Last time I checked
there was pdfsig and that was it.

~~~
johnisgood
I think mupdf supports it if you compile it with that feature enabled, and I
also heard about "mutool sign", which is supposed to be able to sign and
verify, but I never used it. In fact, I don't even have the binary for some
reason. I will try to compile mupdf from scratch now and see if it supports
signatures properly. It would be good if it supported it right out of the box.
Maybe some of their devs can clarify this.

So... I compiled it and now I have mutool.

I tried to run `mutool sign SampleSignedPDFDocument.pdf` and it gave me this
output:

verifying signature on page 1

    
    
      result: ''
    

The PDF I am using:
[https://blogs.adobe.com/security/SampleSignedPDFDocument.pdf](https://blogs.adobe.com/security/SampleSignedPDFDocument.pdf)

I have no idea how I can format the output. Is there a way to use code blocks
on here?

------
adrianmonk
Is this a flaw in the format or just bugs in implementations of viewers?

Seems like it must just be fixable bugs. On the chart showing which viewers
are vulnerable, some of them have no vulnerabilities.

So in theory other viewers should be able to be fixed.

