Previous Next

                                    APPENDIX I

              I   Computation of Object
                        Digests
   This appendix describes the algorithm for computing object digests (discussed in
   Section 8.7, “Digital Signatures”). The computation uses a hashing method, spec-
   ified by the DigestMethod entry of the signature reference dictionary (see Table
   8.103). Its value can be SHA1 for the Secure Hash Algorithm 1 (SHA-1) or MD5
   for the MD5 message-digest algorithm; see the Bibliography. Both algorithms op-
   erate on an arbitrary-length stream of bytes to produce a digest of fixed length (16
   bytes for MD5, 20 bytes for SHA-1).

   The following sections describe how the stream of bytes to be digested is generat-
   ed, starting with a specific object within a PDF file. A PDF object is digested by re-
   cursively traversing the object hierarchy beginning with the given object. Objects
   encountered during the traversal are categorized as basic PDF types, described in
   Section I.1, “Basic Object Types,” or more complex types, described in Section I.2,
   “Selective Computation.” Each object is digested as it is processed. Not all objects
   may be included, depending on the transform method and parameters (see Sec-
   tion 8.7.1, “Transform Methods”) that are being used.


I.1 Basic Object Types

   The basic PDF object types are listed in Table I.1. For each type, the following
   data is digested:

   • a single-byte type identifier
   • other bytes representing the value of the data, as described in Table I.1
   Dictionaries and arrays can contain indirect references to other objects; therefore,
   the data can be recursive. To prevent infinite recursions, the algorithm keeps
   track of all indirect objects visited during a recursive descent into a given object.


                                           1131

Previous Next