My question is around metadata amendments to a digitally signed file. Basically:
1. Sign a file using Acrobat.
2. Add an amendment section changing some metadata (modified date, etc)
3. Adobe claims this file is not modified, while in fact it is.
As I understand from your digital signatures guide( https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSig/Acrobat_DigitalSignatures_in_PDF .pdf )
any modification that falls outside of the /ByteRange property should flag that a signed document is modified. I am able to generate a signed file, then add metadata amendments past original %%EOF marker and Acrobat Pro DC (version 2017.012.20098) would report that the document is not modified.
1. Why is this document not reported as modified? Is my interpretation of the guide incorrect?
2. If there are exceptions to metadata amendments on signed files, what amendments exactly are considered "harmless" and "not a modification"?
I have a minimal sample file to demonstrate this, can provide on demand
Could you please share the sample pdf file ?
Sure, here is a one page doc signed by Adobe and with metadata amendments at the end: adobe-signed-with-metadata-amendments.pdf - Google Drive
You can check that the /ByteRange for signature covers from byte 0 until 69,505. At that point you can see %%EOF for original document and start of a single amendments section that spans till end of file.
This document shows as "unmodified since document is signed" in Acrobat.