I would like to know if there is a way to add a file “attachment” to a signed PDF document in a way that doesn’t invalidate the signature. Like for example when you fill in the form fields the signature will not be invalidated.
Currently I add the attachment in this way:
public async Task pdfEmbedAttachment(GemBox.Pdf.PdfDocument pdfDoc, DocumentField field)
{
string attachmentArrayJSON = field.Value;
List<AttachmentFieldValue> attachmentUrns = JsonSerializer.Deserialize<List<AttachmentFieldValue>>(attachmentArrayJSON);
foreach (AttachmentFieldValue attachment in attachmentUrns)
{
if (attachment.Urn != null)
{
attachment.Data = await AzureStorageService.DownloadByteFileStorage($"{this.envelopeId.ToString()}/{attachment.Urn}", Constants.ENVELOPE_ATTACHMENT_STORAGE_TYPE, false);
}
if (string.IsNullOrWhiteSpace(attachment.MimeType) && !string.IsNullOrWhiteSpace(attachment.Name))
{
string mimeType;
var provider = new FileExtensionContentTypeProvider();
if (!provider.TryGetContentType(attachment.Name, out mimeType))
{
mimeType = "application/octet-stream";
}
attachment.MimeType = mimeType;
}
if (attachment.Data != null)
{
if (!pdfDoc.EmbeddedFiles.Any(kvp => kvp.Value.Name == attachment.Name))
{
var fileSpecification = pdfDoc.EmbeddedFiles.AddEmpty(attachment.Name).Value;
var embeddedFile = fileSpecification.EmbeddedFile;
embeddedFile.MediaType = attachment.MimeType ?? "application/octet-stream";
embeddedFile.ModificationDate = System.DateTime.Now;
if (attachment.Data.Length < int.MaxValue)
{
embeddedFile.Size = attachment.Data.Length;
}
using (var memoryStream = new MemoryStream(attachment.Data))
using (var embeddedStream = embeddedFile.OpenWrite(compress: true))
memoryStream.CopyTo(embeddedStream);
}
}
}
}
If the document already has a signature this will invalidate it.
I have full control of the PDF before the first signature in the process gets applied and I prepare the document with all the form fields that the user will have to fill out. Now I just need the solution for adding a “placeholder” for this use case.
Hi,
The only way to add a file attachment to the signed PDF file without invalidating the signature is to add the file attachment annotation (Add comments → Attach file within Adobe Acrobat). However, Adobe Reader will still report the file as “Signed and all signatures are valid, but with unsigned changes after the last signature.”
If only images are going to be attached and the attached image file doesn’t have to be preserved on a byte level, then the solution from the Placeholder to insert image on PDF - #4 by stipo.gembox could be applied. Image button(s) should be added to the file before signing, and the user can click those buttons to insert images into the signed document. In this case, Adobe Reader won’t report unsigned changes after the last signature.
I do not know the exact details of your workflow, but I assume you want the user to download the PDF file you signed, fill in its form fields, and provide attachments to be attached to the file. I recommend that after the user uploads and submits the filled-in PDF file and attachments, you remove the signature from the file, add attachments to it, sign it again, and return that version of the file to the user.
Regards,
Stipo
Hi Stipo,
My workflow is basically very similar to other document signing applications. I send out documents to one or multiple signers for them to populate fields and sign documents. I have full control of the document since before the first signature is applied and until all signers complete and final stamp is added. As first step I am creating all the form fields in the document which the signers will populate and form fill in will not invalidate the signatures in the process. Users are populating these fields through my web app and I use gembox on the server to populate the PDF with those values. The user is not downloading and populating the form fields himself by downloading and re-uploading the file.
I am looking for a way where these attachments would not invalidate the previous signer’s signature when there is more than 1 signer in the process. The issue with annotations is that they don’t really behave as if they are part of the signed data. Someone can open the document in Acrobat and change these annotations without signatures being invalidated.
Hi,
The only way to add a file attachment without invalidating previous signatures is to use the file attachment annotation.
PDF provides a way to support various digital signature workflows, and most PDF viewers support them.
Since you know the number of signers beforehand, you could add the following to the signature field of the last signer (after the signature field is created):
signatureFieldN.SetLockedFields().Permission = PdfUserAccessPermissions.None;
This will lock the document after the last signer has signed it, so any additional form field fill-in or annotation creation, deletion, and modification will be prohibited and will invalidate the signature.
However, the order of signing is essential for this to work. The signer associated with the signature field signatureFieldN must be the last signer of the document. Or you could add an invisible signature field that you would sign after all other signatures have been applied, and your signature would then lock the document.
Regards,
Stipo