Previous Next 


                                        737
SECTION 8.7                                                       Digital Signatures



In documents intended for form field workflows, the following occurs:

• The author specifies that form fields can be filled in without invalidating the
  author’s signature. The P entry of the DocMDP transform parameters dictionary
  is set to either 2 or 3 (see Table 8.104).
• The author can also specify that after a specific recipient has signed the docu-
  ment, any modifications to specific form fields should invalidate that recipient’s
  signature. There is a separate signature field for each designated recipient, each
  having an associated signature field lock dictionary (see Table 8.82) specifying
  the form fields that should be locked for that user.
• When the recipient signs the field, the signature, signature reference, and trans-
  form parameters dictionaries are created. The Action and Fields entries in the
  transform parameters dictionary are copied from the corresponding fields in
  the signature field lock dictionary.
  Note: This copying is done because all objects in a signature dictionary must be
  direct objects if the dictionary contains a byte range signature. (Even though
  FieldMDP signatures are object signatures, any signature dictionary referred to
  from a signature field must also have a byte range signature.) Therefore, the
  transform parameters dictionary cannot reference the signature field lock dictio-
  nary indirectly.

The object digest is computed over all the form fields specified by the transform
parameters dictionary, sorted in alphabetical order (see Appendix I for details).
The specified form fields are locked to prevent changes by marking them read-
only. Any changes to the form fields can be detected when the recipient’s signa-
ture is verified.

FieldMDP signatures are validated in a similar manner to DocMDP signatures. See
“Validating MDP signatures” on page 732 for details.


Identity

The Identity transform method is used when computing an object digest that is
all-inclusive; that is, no objects are excluded. The entire object tree is walked,
starting with the object specified by Data in the signature reference dictionary
(see Table 8.103). Any changes to the contents of the object invalidate the signa-
ture. This method is used to support the signing of FDF files. The FDF catalog is
the object over which the digest is calculated.

Previous Next