12.8 数字签名¶

12.8 Digital Signatures

12.8.1 概述¶

12.8.1 General

中文英文

数字签名（PDF 1.3）可用于验证用户的身份以及文档的内容。它存储有关签名者的信息以及签署时文档的状态。签名可以是纯数学的，例如通过公钥/私钥加密的文档摘要，或者它可以是生物识别形式的身份验证，例如手写签名、指纹或视网膜扫描。所使用的具体身份验证形式应由称为签名处理程序的特殊软件模块实现。签名处理程序应根据附录 E 中定义的规则进行标识。

ISO 32000 中的数字签名目前支持两项活动：向文档添加数字签名以及稍后检查该签名的有效性。撤销信息是一个已签名的属性，这意味着签名软件必须在签名之前捕获撤销信息。类似的要求适用于证书链。签名软件必须在签名之前捕获并验证证书链。

签名信息应包含在签名字典中，其条目列在表 252 中。签名处理程序可以使用或省略表中标记为可选的条目，但如果使用这些条目，则应以标准方式使用它们。此外，签名处理程序可以添加自己的私有条目。为了避免名称重复，所有这些私有条目的键应以注册的处理程序名称为前缀，并后跟一个句点（2Eh）。

签名应通过计算文档中数据（或部分数据）的摘要并将该摘要存储在文档中来创建。为了验证签名，应重新计算摘要并与存储在文档中的摘要进行比较。摘要值的差异表示自签名以来文档已被修改。

定义了两种计算 PDF 文件所有或部分内容的数字签名的技术：

字节范围摘要应计算文件中一系列字节的摘要，该范围应由签名字典中的 ByteRange 条目指示。此范围应包括整个文件，包含签名字典但不包括签名值本身（即 Contents 条目）。可以使用其他范围，但由于它们未能检查文档的所有更改，因此不推荐使用。当存在字节范围摘要时，签名字典中的所有值应为直接对象。
此外，可以通过 签名引用字典 指定修改检测。TransformMethod 条目应指定用于修改检测的通用方法，TransformParams 条目应指定该方法的可变部分。

PDF 文档可以包含以下标准类型的签名：

一个或多个批准签名。这些签名出现在签名表单字段中（见 12.7.4.5，“签名字段”）。与每个签名对应的签名字典应为该表单字段的值（如其 V 条目所指定）。签名字典应包含一个 ByteRange 条目，表示字节范围摘要，如前所述。通过重新计算摘要并与存储在签名中的摘要进行比较，可以验证签名。

注 1

如果签名的文档被修改并通过增量更新保存（见 7.5.6，“增量更新”），则原始签名的字节范围对应的数据将被保留。因此，如果签名有效，则可以重新创建签署时文档的状态。

最多一个认证签名（PDF 1.5）。认证签名的签名字典应为签名字段的值，并应包含 ByteRange 条目。它还可以通过权限字典中的 DocMDP 条目进行引用（见 12.8.4，“权限”）。签名字典应包含一个签名引用字典（见表 253），该字典具有 DocMDP 转换方法。有关如何创建和验证这些签名的信息，见 12.8.2.2，“DocMDP”。

认证或批准签名的签名字典也可以有一个签名引用字典，具有 FieldMDP 转换方法；见 12.8.2.4，“FieldMDP”。
最多两个使用权签名（PDF 1.5）。其签名字典应通过权限字典中的 UR3（PDF 1.6）条目进行引用，其条目列在表 258 中（而不是从签名字段中引用）。签名字典应包含一个 Reference 条目，其值是一个签名引用字典，具有 UR 转换方法。有关如何创建和验证这些签名的信息，见 12.8.2.3，“UR”。

**表 252 – 签名字典中的条目**
键	类型	值
Type	name	(可选) 此字典描述的 PDF 对象类型；如果存在，则应为 Sig，表示签名字典。
Filter	name	(必需；可继承) 用于验证此签名时的首选签名处理程序的名称。如果 Prop_Build 条目不存在，则它也应为创建签名时使用的签名处理程序的名称。如果 Prop_Build 存在，可以用来确定创建签名的处理程序的名称（通常与 Filter 相同，但不必相同）。符合要求的阅读器可以在验证签名时替换为支持指定 SubFilter 格式的不同处理程序。示例签名处理程序有 Adobe.PPKLite、Entrust.PPKEF、CICI.SignIt 和 VeriSign.PPKVS。签名处理程序的名称（即签名处理程序）应根据附录 E 中定义的规则进行标识。
SubFilter	name	(可选) 描述签名字典中签名值和密钥信息编码的名称。符合要求的阅读器可以使用任何支持此格式的处理程序来验证签名。（PDF 1.6）公共密钥密码签名的以下值应使用：adbe.x509.rsa_sha1、adbe.pkcs7.detached 和 adbe.pkcs7.sha1（见 12.8.3，“签名互操作性”）。开发者可以定义其他值，使用时应以注册的开发者标识符为前缀。所有前缀名称应进行注册（见附录 E）。前缀“adbe”由 Adobe Systems 注册，以上列出的三个子过滤器名称以及在 12.8.3 中定义的“签名互操作性”可以由任何开发者使用。
Contents	字节字符串	(必需) 签名值。当 ByteRange 存在时，值应为一个十六进制字符串（见 7.3.4.3，“十六进制字符串”），表示字节范围摘要的值。对于公共密钥签名，Contents 应该是一个 DER 编码的 PKCS#1 二进制数据对象或 DER 编码的 PKCS#7 二进制数据对象。必须在计算消息摘要之前为 Contents 分配空间。（见 7.3.4，“字符串对象”）
Cert	数组或字节字符串	(当 SubFilter 为 adbe.x509.rsa_sha1 时必需) 一个字节字符串数组，表示签署和验证使用公共密钥加密签名的 X.509 证书链，或者如果链中只有一个条目，则为一个字节字符串。签名证书应出现在数组中的第一个位置；它应用于验证 Contents 中的签名值，其他证书应用于验证签名证书的真实性。如果 SubFilter 为 adbe.pkcs7.detached 或 adbe.pkcs7.sha1，则不应使用此条目，证书链应放入 Contents 中的 PKCS#7 信封。
ByteRange	数组	(对于所有属于签名字段的签名以及通过权限字典中的 UR3 条目引用的使用权签名，必需) 一个整数对的数组（起始字节偏移量，字节长度），应描述摘要计算的确切字节范围。多个不连续的字节范围应用于描述不包括签名值（Contents 条目）本身的摘要。
Reference	数组	(可选；PDF 1.5) 一个签名引用字典的数组（见表 253）。
Changes	数组	(可选) 一个包含三个整数的数组，指定从上一个签名到此签名之间对文档所做的更改：按顺序表示修改的页数、修改的字段数和填写的字段数。签名的顺序应由 ByteRange 的值决定。由于每个签名都会导致增量保存，因此后续签名的长度值较大。
Name	文本字符串	(可选) 签署文档的个人或机构名称。此值应仅在无法从签名中提取名称时使用。示例 1 来自签署者的证书。
M	日期	(可选) 签名时间。根据签名处理程序的不同，这可能是未验证的计算机时间，或是通过安全时间服务器以可验证的方式生成的时间。此值应仅在签名时间不可用时使用。示例 2 时间戳可以嵌入到 PKCS#7 二进制数据对象中（见 12.8.3.3，“ISO 32000 中使用的 PKCS#7 签名”）。
Location	文本字符串	(可选) 签署时的 CPU 主机名或物理位置。
Reason	文本字符串	(可选) 签署的原因，例如（我同意……）。
ContactInfo	文本字符串	(可选) 签署者提供的信息，帮助接收者联系签署者以验证签名。示例 3 电话号码。
R	整数	(可选) 用于创建签名的签名处理程序的版本号。（PDF 1.5）此条目不应使用，信息应存储在 Prop_Build 字典中。
V	整数	(可选；PDF 1.5) 签名字典格式的版本号。它对应于在 SubFilter 的值上下文中使用签名字典。如果 Reference 字典应被视为验证签名的关键，则值为 1。默认值：0。
Prop_Build	字典	(可选；PDF 1.5) 一个字典，签名处理程序可以使用它记录用于签名时计算机环境的状态信息，如用于创建签名的处理程序名称、软件构建日期、版本和操作系统等。 PDF 签名构建字典规范提供了使用此字典的实施指南。
Prop_AuthTime	整数	(可选；PDF 1.5) 签署者上次验证的秒数，用于签名否认声明。如果值未知，则应省略此值。
Prop_AuthType	name	(可选；PDF 1.5) 用于验证签署者的方法，用于签名否认声明。有效值应为 PIN、密码和指纹。

注意 2

签名字典中的条目可以被概念化为不同字典中的条目；它们由于历史和加密原因都在同一个字典中。这些类别包括签名属性（R、M、Name、Reason、Location、Prop_Build、Prop_AuthTime 和 Prop_AuthType）；关键信息（当签名值为 PKCS#7 对象时，Cert 和 Contents 的部分内容）；引用（Reference 和 ByteRange）；以及签名值（当签名值为 PKCS#1 对象时，Contents）。

**表 253 – 签名引用字典中的条目**
键	类型	值
Type	name	(可选) 此字典描述的 PDF 对象类型；如果存在，应为 SigRef，表示签名引用字典。
TransformMethod	name	(必需) 指定的转换方法名称（参见第 12.8.2 节，“转换方法”），该方法将指导签名验证时进行的修改分析。有效值包括： DocMDP 用于检测相对于由文档发起人签署的签名字段的文档修改；见 12.8.2.2 节，“DocMDP”。 UR 用于检测在受权限启用的文档中可能使签名失效的修改；见 12.8.2.3 节，“UR”。 FieldMDP 用于检测对 TransformParams 中指定的表单字段列表的修改；见 12.8.2.4 节，“FieldMDP”。
TransformParams	dictionary	(可选) 一个字典，指定用于 TransformMethod 中指定的转换方法的转换参数（可变数据）。每个方法都需要自己的参数集。有关每个转换参数字典的详细信息，请参阅先前指定的每个子条款。
Data	(各种)	(当 TransformMethod 为 FieldMDP 时必需) 指向文档中应执行对象修改分析的对象的间接引用。对于除 FieldMDP 外的转换方法，此对象是隐式定义的。
DigestMethod	name	(可选；PDF 1.5 必需) 一个名称，标识在计算摘要时应使用的算法。有效值包括 MD5 和 SHA1。默认值为 MD5。出于安全原因，不应使用 MD5。它被提及是为了向后兼容，因为它仍然是默认值。

A digital signature (PDF 1.3) may be used to authenticate the identity of a user and the document’s contents. It stores information about the signer and the state of the document when it was signed. The signature may be purely mathematical, such as a public/private-key encrypted document digest, or it may be a biometric form of identification, such as a handwritten signature, fingerprint, or retinal scan. The specific form of authentication used shall be implemented by a special software module called a signature handler. Signature handlers shall be identified in accordance with the rules defined in Annex E.

Digital signatures in ISO 32000 currently support two activities: adding a digital signature to a document and later checking that signature for validity. Revocation information is a signed attribute, which means that the signing software must capture the revocation information before signing. A similar requirement applies to the chain of certificates. The signing software must capture and validate the certificate's chain before signing.

Signature information shall be contained in a signature dictionary, whose entries are listed in Table 252. Signature handlers may use or omit those entries that are marked optional in the table but should use them in a standard way if they are used at all. In addition, signature handlers may add private entries of their own. To avoid name duplication, the keys for all such private entries shall be prefixed with the registered handler name followed by a PERIOD (2Eh).

Signatures shall be created by computing a digest of the data (or part of the data) in a document, and storing the digest in the document. To verify the signature, the digest shall be re-computed and compared with the one stored in the document. Differences in the digest values indicate that modifications have been made since the document was signed.

There are two defined techniques for computing a digital signature of the contents of all or part of a PDF file:

A byte range digest shall be computed over a range of bytes in the file, that shall be indicated by the ByteRange entry in the signature dictionary. This range should be the entire file, including the signature dictionary but excluding the signature value itself (the Contents entry). Other ranges may be used but since they do not check for all changes to the document, their use is not recommended. When a byte range digest is present, all values in the signature dictionary shall be direct objects.
Additionally, modification detection may be specified by a signature reference dictionary. The TransformMethod entry shall specify the general method for modification detection, and the TransformParams entry shall specify the variable portions of the method.

A PDF document may contain the following standard types of signatures:

One or more approval signatures. These signatures appear in signature form fields (see 12.7.4.5, “Signature Fields”). The signature dictionary corresponding to each signature shall be the value of the form field (as specified by its V entry). The signature dictionary shall contain a ByteRange entry representing a byte range digest, as described previously. A signature shall be validated by recomputing the digest and comparing it with the one stored in the signature.

NOTE 1

If a signed document is modified and saved by incremental update (see 7.5.6, “Incremental Updates”), the data corresponding to the byte range of the original signature is preserved. Therefore, if the signature is valid, it is possible to recreate the state of the document as it existed at the time of signing.

At most one certification signature (PDF 1.5). The signature dictionary of a certification signature shall be the value of a signature field and shall contain a ByteRange entry. It may also be referenced from the DocMDP entry in the permissions dictionary (see 12.8.4, “Permissions”). The signature dictionary shall contain a signature reference dictionary (see Table 253) that has a DocMDP transform method. See 12.8.2.2, “DocMDP” for information on how these signatures shall be created and validated.

A signature dictionary for a certification or approval signature may also have a signature reference dictionary with a FieldMDP transform method; see 12.8.2.4, “FieldMDP.”

At most two usage rights signatures (PDF 1.5). Its signature dictionary shall be referenced from the UR3 (PDF 1.6) entry in the permissions dictionary, whose entries are listed in Table 258, (not from a signature field). The signature dictionary shall contain a Reference entry whose value is a signature reference dictionary that has a UR transform method. See 12.8.2.3, “UR” for information on how these signatures shall be created and validated.

**Table 252 – Entries in a signature dictionary**
Key	Type	Value
Type	name	(Optional) The type of PDF object that this dictionary describes; if present, shall be Sig for a signature dictionary.
Filter	name	(Required; inheritable) The name of the preferred signature handler to use when validating this signature. If the Prop_Build entry is not present, it shall be also the name of the signature handler that was used to create the signature. If Prop_Build is present, it may be used to determine the name of the handler that created the signature (which is typically the same as Filter but is not needed to be). A conforming reader may substitute a different handler when verifying the signature, as long as it supports the specified SubFilter format. Example signature handlers are Adobe.PPKLite, Entrust.PPKEF, CICI.SignIt, and VeriSign.PPKVS. The name of the filter (i.e. signature handler) shall be identified in accordance with the rules defined in Annex E.
SubFilter	name	(Optional) A name that describes the encoding of the signature value and key information in the signature dictionary. A conforming reader may use any handler that supports this format to validate the signature. (PDF 1.6) The following values for public-key cryptographic signatures shall be used: adbe.x509.rsa_sha1, adbe.pkcs7.detached, and adbe.pkcs7.sha1 (see 12.8.3, “Signature Interoperability”). Other values may be defined by developers, and when used, shall be prefixed with the registered developer identification. All prefix names shall be registered (see Annex E). The prefix “adbe” has been registered by Adobe Systems and the three subfilter names listed above and defined in 12.8.3, “Signature Interoperability“ may be used by any developer.
Contents	byte string	(Required) The signature value. When ByteRange is present, the value shall be a hexadecimal string (see 7.3.4.3, “Hexadecimal Strings”) representing the value of the byte range digest. For public-key signatures, Contents should be either a DER-encoded PKCS#1 binary data object or a DER-encoded PKCS#7 binary data object. Space for the Contents value must be allocated before the message digest is computed. (See 7.3.4, “String Objects“)
Cert	array or byte string	(Required when SubFilter is adbe.x509.rsa_sha1) An array of byte strings that shall represent the X.509 certificate chain used when signing and verifying signatures that use public-key cryptography, or a byte string if the chain has only one entry. The signing certificate shall appear first in the array; it shall be used to verify the signature value in Contents, and the other certificates shall be used to verify the authenticity of the signing certificate. If SubFilter is adbe.pkcs7.detached or adbe.pkcs7.sha1, this entry shall not be used, and the certificate chain shall be put in the PKCS#7 envelope in Contents.
ByteRange	array	(Required for all signatures that are part of a signature field and usage rights signatures referenced from the UR3 entry in the permissions dictionary) An array of pairs of integers (starting byte offset, length in bytes) that shall describe the exact byte range for the digest calculation. Multiple discontiguous byte ranges shall be used to describe a digest that does not include the signature value (the Contents entry) itself.
Reference	array	(Optional; PDF 1.5) An array of signature reference dictionaries (see Table 253).
Changes	array	(Optional) An array of three integers that shall specify changes to the document that have been made between the previous signature and this signature: in this order, the number of pages altered, the number of fields altered, and the number of fields filled in. The ordering of signatures shall be determined by the value of ByteRange. Since each signature results in an incremental save, later signatures have a greater length value.
Name	text string	(Optional) The name of the person or authority signing the document. This value should be used only when it is not possible to extract the name from the signature. EXAMPLE 1 From the certificate of the signer.
M	date	(Optional) The time of signing. Depending on the signature handler, this may be a normal unverified computer time or a time generated in a verifiable way from a secure time server. This value should be used only when the time of signing is not available in the signature. EXAMPLE 2 A time stamp can be embedded in a PKCS#7 binary data object (see 12.8.3.3, “PKCS#7 Signatures as used in ISO 32000”).
Location	text string	(Optional) The CPU host name or physical location of the signing.
Reason	text string	(Optional) The reason for the signing, such as ( I agree … ).
ContactInfo	text string	(Optional) Information provided by the signer to enable a recipient to contact the signer to verify the signature. EXAMPLE 3 A phone number.
R	integer	(Optional) The version of the signature handler that was used to create the signature. (PDF 1.5) This entry shall not be used, and the information shall be stored in the Prop_Build dictionary.
V	integer	(Optional; PDF 1.5) The version of the signature dictionary format. It corresponds to the usage of the signature dictionary in the context of the value of SubFilter. The value is 1 if the Reference dictionary shall be considered critical to the validation of the signature. Default value: 0.
Prop_Build	dictionary	(Optional; PDF 1.5) A dictionary that may be used by a signature handler to record information that captures the state of the computer environment used for signing, such as the name of the handler used to create the signature, software build date, version, and operating system. he PDF Signature Build Dictionary Specification, provides implementation guidelines for the use of this dictionary.
Prop_AuthTime	integer	(Optional; PDF 1.5) The number of seconds since the signer was last authenticated, used in claims of signature repudiation. It should be omitted if the value is unknown.
Prop_AuthType	name	(Optional; PDF 1.5) The method that shall be used to authenticate the signer, used in claims of signature repudiation. Valid values shall be PIN, Password, and Fingerprint.

NOTE 2

The entries in the signature dictionary can be conceptualized as being in different dictionaries; they are in one dictionary for historical and cryptographic reasons. The categories are signature properties (R, M, Name, Reason, Location, Prop_Build, Prop_AuthTime, and Prop_AuthType); key information (Cert and portions of Contents when the signature value is a PKCS#7 object); reference (Reference and ByteRange); and signature value (Contents when the signature value is a PKCS#1 object).

**Table 252 – Entries in a signature dictionary**
Key	Type	Value
Type	name	(Optional) The type of PDF object that this dictionary describes; if present, shall be SigRef for a signature reference dictionary.
TransformMethod	name	(Required) The name of the transform method (see Section 12.8.2, “Transform Methods”) that shall guide the modification analysis that takes place when the signature is validated. Valid values shall be: DocMDP Used to detect modifications to a document relative to a signature field that is signed by the originator of a document; see 12.8.2.2, “DocMDP.” UR Used to detect modifications to a document that would invalidate a signature in a rights-enabled document; see 12.8.2.3, “UR.” FieldMDP Used to detect modifications to a list of form fields specified in TransformParams; see 12.8.2.4, “FieldMDP.”
TransformParams	dictionary	(Optional) A dictionary specifying transform parameters (variable data) for the transform method specified by TransformMethod. Each method takes its own set of parameters. See each of the sub-clauses specified previously for details on the individual transform parameter dictionaries
Data	(various)	(Required when TransformMethod is FieldMDP) An indirect reference to the object in the document upon which the object modification analysis should be performed. For transform methods other than FieldMDP, this object is implicitly defined.
DigestMethod	name	(Optional; PDF 1.5 required) A name identifying the algorithm that shall be used when computing the digest. Valid values are MD5 and SHA1. Default value: MD5. For security reasons, MD5 should not be used. It is mentioned for backwards compatibility, since it remains the default value.

12.8.2 变换方法¶

12.8.2 Transform Methods

12.8.2.1 概述¶

12.8.2.1 General

中文英文

变换方法以及变换参数应确定在修订比较中包含和排除哪些对象。以下子条款讨论了变换方法的类型、它们的变换参数以及何时应使用它们。

Transform methods, along with transform parameters, shall determine which objects are included and excluded in revision comparison. The following sub-clauses discuss the types of transform methods, their transform parameters, and when they shall be used.

12.8.2.2 文档MDP¶

12.8.2.2 DocMDP

12.8.2.2.1 概述¶

12.8.2.2.1 General

中文英文

DocMDP 转换方法应当用于检测相对于由文档作者（即应用第一个签名的人员）签署的签名字段的修改。一个文档只能包含一个包含 DocMDP 转换方法的签名字段；该字段应为文档中第一个签署的字段。它允许作者指定哪些修改可以进行，哪些修改会使作者的签名无效。

注意

如前所述，“MDP”代表 修改检测与防止。使用 DocMDP 转换方法的认证签名能够检测到作者指定的不允许的修改。此外，当签名字典通过权限字典中的 DocMDP 条目进行引用时，还可以防止不允许的修改（见 12.8.4 节，“权限”）。

认证签名应当具有合法的认证字典（见 [12.8.5] 节，“合法内容认证”），该字典指定可能导致文档内容意外呈现的所有内容，并包含作者对这些内容的认证。若文档的完整性受到质疑，该字典可用于建立作者的意图。

DocMDP 转换参数字典中的 P 条目（见表 254）应指示作者指定哪些文档修改会使签名无效。（如果签名字典通过权限字典中的 DocMDP 条目进行引用，这些修改也应被防止。）P 的值为 1 表示文档应为最终版本；即任何修改都会使签名无效。值为 2 和 3 表示允许适用于表单字段或评论工作流的修改。

The DocMDP transform method shall be used to detect modifications relative to a signature field that is signed by the author of a document (the person applying the first signature). A document can contain only one signature field that contains a DocMDP transform method; it shall be the first signed field in the document. It enables the author to specify what changes shall be permitted to be made the document and what changes invalidate the author’s signature.

NOTE

As discussed earlier, “MDP” stands for modification detection and prevention. Certification signatures that use the DocMDP transform method enable detection of disallowed changes specified by the author. In addition, disallowed changes can also be prevented when the signature dictionary is referred to by the DocMDP entry in the permissions dictionary (see 12.8.4, “Permissions”).

A certification signature should have a legal attestation dictionary (see [12.8.5], “Legal Content Attestations”) that specifies all content that might result in unexpected rendering of the document contents, along with the author’s attestation to such content. This dictionary may be used to establish an author’s intent if the integrity of the document is questioned.

The P entry in the DocMDP transform parameters dictionary (see Table 254) shall indicate the author’s specification of which changes to the document will invalidate the signature. (These changes to the document shall also be prevented if the signature dictionary is referred from the DocMDP entry in the permissions dictionary.) A value of 1 for P indicates that the document shall be final; that is, any changes shall invalidate the signature. The values 2 and 3 shall permit modifications that are appropriate for form field or comment workflows.

12.8.2.2.2 验证使用 DocMDP 转换方法的签名¶

12.8.2.2.2 Validating Signatures That Use the DocMDP Transform Method

中文英文

为了验证使用 DocMDP 转换方法的签名，符合规范的阅读器首先应验证字节范围摘要。接下来，它应验证文档中所做的任何修改是否被转换参数所允许。

一旦字节范围摘要被验证，签名字典中 ByteRange 条目（见表 252）指定的文档部分就已知对应于签署时文档的状态。

因此，符合规范的阅读器可以比较签署版和当前版本的文档，检查是否对任何不被转换参数允许的对象进行了修改。

**表 254 – DocMDP 转换参数字典中的条目**
键	类型	值
Type	name	(可选) 此字典描述的 PDF 对象类型；如果存在，应为 TransformParams，表示转换参数字典。
P	number	(可选) 为此文档授予的访问权限。有效值应为： 1 不允许对文档进行任何更改；对文档的任何更改都将使签名无效。 2 允许的更改应为填写表单、实例化页面模板和签名；其他更改将使签名无效。 3 允许的更改应与 2 相同，此外还允许创建、删除和修改注释；其他更改将使签名无效。默认值：2。
V	name	(可选) DocMDP 转换参数字典的版本。唯一有效的值应为 1.2。注意此值是一个名称对象，而不是数字。默认值：1.2。

To validate a signature that uses the DocMDP transform method, a conforming reader first shall verify the byte range digest. Next, it shall verify that any modifications that have been made to the document are permitted by the transform parameters.

Once the byte range digest is validated, the portion of the document specified by the ByteRange entry in the signature dictionary (see Table 252) is known to correspond to the state of the document at the time of signing.

Therefore, conforming readers may compare the signed and current versions of the document to see whether there have been modifications to any objects that are not permitted by the transform parameters.

**Table 254 – Entries in the DocMDP transform parameters dictionary**
Key	Type	Value
Type	name	(Optional) The type of PDF object that this dictionary describes; if present, shall be TransformParams for a transform parameters dictionary.
P	number	(Optional) The access permissions granted for this document. Valid values shall be: 1 No changes to the document shall be permitted; any change to the document shall invalidate the signature. 2 Permitted changes shall be filling in forms, instantiating page templates, and signing; other changes shall invalidate the signature. 3 Permitted changes shall be the same as for 2, as well as annotation creation, deletion, and modification; other changes shall invalidate the signature. Default value: 2.
V	name	(Optional) The DocMDP transform parameters dictionary version. The only valid value shall be 1.2. NOTE this value is a name object, not a number. Default value: 1.2.

12.8.2.3 UR¶

12.8.2.3 UR

中文英文

UR 转换方法用于检测文档中的更改，这些更改将使使用权限签名无效，该签名在权限字典的 UR3 条目中被引用（见 12.8.4，“权限”）。使用权限签名用于启用在符合规范的阅读器中默认不可用的额外交互功能。该签名用于验证权限是否已由合法的授权机构授予。转换参数字典（见表 255）指定了如果签名有效，将启用的额外权限。如果签名无效，因为文档已被以不允许的方式修改，或者签署者的身份未获得扩展权限，则不会授予额外权限。

示例

Adobe Systems 使用公钥加密为 Adobe Reader 启用额外功能。它通过证书颁发机构向与其建立业务关系的文档创建者发放公钥证书。Adobe Reader 验证使用的权限启用签名是否来自 Adobe 授权的证书颁发机构。其他符合规范的阅读器可以自由地为自己的目的使用相同的机制。

UR3（PDF 1.6）：签名字典中的 ByteRange 条目（见表 252）必须存在。首先，符合规范的阅读器应验证字节范围摘要，以确定 ByteRange 指定的文档部分是否与签署时文档的状态相符。接下来，符合规范的阅读器应检查文档的当前版本，查看是否对任何不被转换参数允许的对象进行了修改。

**表 255 – UR 转换参数字典中的条目**
键	类型	值
Type	name	(可选) 此字典描述的 PDF 对象类型；如果存在，应为 TransformParams，表示转换参数字典。
Document	array	(可选) 一个名称数组，指定文档的额外文档范围使用权限。唯一定义的值应为 FullSave，允许用户保存文档及其修改的表单和/或注释数据。（PDF 1.5）任何允许文档被修改的使用权限应隐式启用 FullSave 权限。如果 PDF 文档包含 UR3 字典，只有 Annots 条目中指定的允许文档被修改的权限应隐式启用 FullSave 权限。对于所有其他权限，必须显式启用 FullSave 权限以保存文档。（签名权限应允许在签署过程中保存，但不允许其他情况保存）。如果 UR 转换参数字典中的 P 条目为 true（PDF 1.6）并且更高版本的符合规范阅读器将仅允许由字典条目启用的权限。然而，符合规范的阅读器应允许保存文档，只要启用了任何允许修改文档的权限。
Msg	text string	(可选) 一个文本字符串，可用于指定任何任意信息，例如将使用权限添加到文档的原因。
V	name	(可选) UR 转换参数字典版本。值应为 2.2。如果存在未知版本，则不会启用任何权限。注意此值是一个名称对象，而不是数字。默认值：2.2。
Annots	array	(可选) 一个名称数组，指定文档的额外注释相关使用权限。有效名称（PDF 1.5）为 Create、Delete、Modify、Copy、Import 和 Export，允许用户对注释执行指定操作。以下名称（PDF 1.6）仅在签名字典通过权限字典中的 UR3 条目进行引用时允许（见表 258）： Online 允许在线评论；即，能够从服务器上传或下载标注注释。 SummaryView 允许显示用户界面，汇总文档中的评论（标注注释）。
Form	array	(可选) 一个名称数组，指定文档的额外表单字段相关使用权限。有效名称（PDF 1.5）为： Add 允许用户向文档中添加表单字段。 Delete 允许用户删除文档中的表单字段。 FillIn 允许用户保存已填写表单的文档。 Import 允许用户导入 FDF、XFDF 和文本（CSV/TSV）格式的表单数据文件。 Export 允许用户将表单数据文件导出为 FDF 或 XFDF。 SubmitStandalone 允许用户在文档未在 Web 浏览器中打开时提交表单数据。 SpawnTemplate 允许从命名的页面模板实例化新页面。以下名称（PDF 1.6）仅在签名字典通过权限字典中的 UR3 条目进行引用时允许；见表 258： BarcodePlaintext 允许（PDF 1.6）将文本表单字段数据编码为明文二维条形码。 Online 允许（PDF 1.6）使用表单特定的在线机制，如 SOAP 或 Active Data Object。
Signature	array	(可选) 一个名称数组，指定文档的额外签名相关使用权限。唯一定义的值应为 Modify，允许用户对现有的签名表单字段应用数字签名或清除已签署的签名表单字段。
EF	array	(可选；PDF 1.6) 一个名称数组，指定文档中命名嵌入文件的额外使用权限。有效名称应为 Create、Delete、Modify 和 Import，允许用户对命名嵌入文件执行指定操作。
P	boolean	(可选；PDF 1.6) 如果为 true，则文档的权限将在所有消费者应用程序中仅限于由符合规范的阅读器授予的权限，同时允许其他条目启用的权限。默认值：false。

The UR transform method shall be used to detect changes to a document that shall invalidate a usage rights signature, which is referred to from the UR3 entry in the permissions dictionary (see 12.8.4, “Permissions”). Usage rights signatures shall be used to enable additional interactive features that may not available by default in a conforming reader. The signature shall be used to validate that the permissions have been granted by a bonafide granting authority. The transform parameters dictionary (see Table 255) specifies the additional rights that shall be enabled if the signature is valid. If the signature is invalid because the document has been modified in a way that is not permitted or the identity of the signer is not granted the extended permissions, additional rights shall not be granted.

EXAMPLE

Adobe Systems grants permissions to enable additional features in Adobe Reader, using public-key cryptography. It uses certificate authorities to issue public key certificates to document creators with which it has entered into a business relationship. Adobe Reader verifies that the rights-enabling signature uses a certificate from an Adobe-authorized certificate authority. Other conforming readers are free to use this same mechanism for their own purposes.

UR3 (PDF 1.6): The ByteRange entry in the signature dictionary (see Table 252) shall be present. First, a conforming reader shall verify the byte range digest to determine whether the portion of the document specified by ByteRange corresponds to the state of the document at the time of signing. Next, a conforming reader shall examine the current version of the document to see whether there have been modifications to any objects that are not permitted by the transform parameters.

**Table 255 – Entries in the UR transform parameters dictionary**
Key	Type	Value
Type	name	(Optional) The type of PDF object that this dictionary describes; if present, shall be TransformParams for a transform parameters dictionary.
Document	array	(Optional) An array of names specifying additional document-wide usage rights for the document. The only defined value shall be FullSave, which permits a user to save the document along with modified form and/or annotation data. (PDF 1.5) Any usage right that permits the document to be modified implicitly shall enable the FullSave right. If the PDF document contains a UR3 dictionary, only rights specified by the Annots entry that permit the document to be modified shall implicitly enable the FullSave right. For all other rights, FullSave shall be explicitly enabled in order to save the document. (Signature rights shall permit saving as part of the signing process but not otherwise). If the P entry in the UR transform parameters dictionary is true (PDF 1.6) and greater conforming readers shall permit only those rights that are enabled by the entries in the dictionary. However, conforming readers shall permit saving the document as long as any rights that permit modifying the document are enabled.
Msg	text string	(Optional) A text string that may be used to specify any arbitrary information, such as the reason for adding usage rights to the document.
V	name	(Optional) The UR transform parameters dictionary version. The value shall be 2.2. If an unknown version is present, no rights shall be enabled. NOTE This value is a name object, not a number. Default value: 2.2.
Annots	array	(Optional) An array of names specifying additional annotation-related usage rights for the document. Valid names (PDF 1.5) are Create, Delete, Modify, Copy, Import, and Export, which shall permit the user to perform the named operation on annotations. The following names (PDF 1.6) shall be permitted only when the signature dictionary is referenced from the UR3 entry of the permissions dictionary (see Table 258): Online Permits online commenting; that is, the ability to upload or download markup annotations from a server. SummaryView Permits a user interface to be shown that summarizes the comments (markup annotations) in a document.
Form	array	(Optional) An array of names specifying additional form-field-related usage rights for the document. Valid names (PDF 1.5) are: Add Permits the user to add form fields to the document. Delete Permits the user to delete form fields to the document. FillIn Permits the user to save a document on which form fill-in has been done. Import Permits the user to import form data files in FDF, XFDF and text (CSV/TSV) formats. Export Permits the user to export form data files as FDF or XFDF. SubmitStandalone Permits the user to submit form data when the document is not open in a Web browser. SpawnTemplate Permits new pages to be instantiated from named page templates. The following names (PDF 1.6) shall be permitted only when the signature dictionary is referenced from the UR3 entry of the permissions dictionary; see Table 258: BarcodePlaintext Permits (PDF 1.6) text form field data to be encoded as a plaintext two-dimensional barcode. Online Permits (PDF 1.6) the use of forms-specific online mechanisms such as SOAP or Active Data Object.
Signature	array	(Optional) An array of names specifying additional signature-related usage rights for the document. The only defined value shall be Modify, which permits a user to apply a digital signature to an existing signature form field or clear a signed signature form field.
EF	array	(Optional; PDF 1.6) An array of names specifying additional usage rights for named embedded files in the document. Valid names shall be Create, Delete, Modify, and Import, which shall permit the user to perform the named operation on named embedded files.
P	boolean	(Optional; PDF 1.6) If true, permissions for the document shall be restricted in all consumer applications to those permissions granted by a conforming reader, while allowing permissions for rights enabled by other entries in this dictionary. Default value: false.

12.8.2.4 FieldMDP¶

12.8.2.4 FieldMDP

中文英文

FieldMDP 转换方法用于检测表单字段列表中的值更改。其转换参数字典中的条目列在表 256 中。

**表 256 – FieldMDP 转换参数字典中的条目**
键	类型	值
Type	name	(可选) 此字典描述的 PDF 对象类型；如果存在，应为 TransformParams，表示转换参数字典。
Action	name	(必需) 一个名称，与 Fields 数组一起描述在签名应用后不允许更改的表单字段。有效值应为： All 所有表单字段。 Include 仅指定在 Fields 中的表单字段。 Exclude 仅那些未在 Fields 中指定的表单字段。
Fields	array	(如果 Action 为 Include 或 Exclude，则必需) 一个包含字段名称的文本字符串数组。
V	name	(可选：PDF 1.5 必需) 转换参数字典版本。PDF 1.5 及更高版本的值应为 1.2。注意此值是一个名称对象，而不是数字。默认值：1.2。

对于包含表单字段和签名的文档，符合规范的写入者应支持以下内容：

作者指定表单字段可以填写而不使批准或认证签名无效。DocMDP 转换参数字典的 P 条目应设置为 2 或 3（见表 254）。
作者还可以指定，在特定接收者签署文档后，对特定表单字段的任何修改应使该接收者的签名无效。应为每个指定的接收者提供一个单独的签名字段，并为每个接收者设置相关的签名字段锁定字典（见表 233），该字典指定该用户应锁定的表单字段。
当接收者签署该字段时，应创建签名、签名引用和转换参数字典。转换参数字典中的 Action 和 Fields 条目应从签名字段锁定字典中的相应字段复制。

注意

之所以进行此复制，是因为签名字典中的所有对象必须是直接对象，如果字典包含字节范围签名。因此，转换参数字典不能间接引用签名字段锁定字典。

FieldMDP 签名应以类似于 DocMDP 签名的方式进行验证。有关详细信息，请参见 12.8.2.2，“DocMDP” 中验证使用 DocMDP 转换方法的签名。

The FieldMDP transform method shall be used to detect changes to the values of a list of form fields. The entries in its transform parameters dictionary are listed in Table 256.

**Table 256 – Entries in the FieldMDP transform parameters dictionary**
Key	Type	Value
Type	name	(Optional) The type of PDF object that this dictionary describes; if present, shall be TransformParams for a transform parameters dictionary.
Action	name	(Required) A name that, along with the Fields array, describes which form fields do not permit changes after the signature is applied. Valid values shall be: All All form fields. Include Only those form fields that specified in Fields. Exclude Only those form fields not specified in Fields.
Fields	array	(Required if Action is Include or Exclude) An array of text strings containing field names.
V	name	(Optional: PDF 1.5 required) The transform parameters dictionary version. The value for PDF 1.5 and later shall be 1.2. NOTE This value is a name object, not a number. Default value: 1.2.

On behalf of a document author creating a document containing both form fields and signatures the following shall be supported by conforming writers:

The author specifies that form fields shall be filled in without invalidating the approval or certification signature. The P entry of the DocMDP transform parameters dictionary shall be set to either 2 or 3 (see Table 254).
The author can also specify that after a specific recipient has signed the document, any modifications to specific form fields shall invalidate that recipient’s signature. There shall be a separate signature field for each designated recipient, each having an associated signature field lock dictionary (see Table 233) specifying the form fields that shall be locked for that user.
When the recipient signs the field, the signature, signature reference, and transform parameters dictionaries shall be created. The Action and Fields entries in the transform parameters dictionary shall be copied from the corresponding fields in the signature field lock dictionary.

NOTE

This copying is done because all objects in a signature dictionary must be direct objects if the dictionary contains a byte range signature. Therefore, the transform parameters dictionary cannot reference the signature field lock dictionary indirectly.

FieldMDP signatures shall be validated in a similar manner to DocMDP signatures. See Validating Signatures That Use the DocMDP Transform Method in 12.8.2.2, “DocMDP” for details.

12.8.3 签名互操作性¶

12.8.3 Signature Interoperability

12.8.3.1 概述¶

12.8.3.1 General

中文英文

符合要求的阅读器旨在允许签名处理程序之间的互操作性；也就是说，使用一个供应商的处理程序签名的 PDF 文件应能够使用来自不同供应商的处理程序进行验证。

如果存在，签名字典中的 SubFilter 条目应指定签名值和密钥信息的编码，而 Filter 条目应指定用于验证签名的首选处理程序。当根据附件 E 注册处理程序时，它们应指定它们支持的 SubFilter 编码，使首选处理程序以外的处理程序能够验证首选处理程序创建的签名。

SubFilter 条目有多个定义值，均基于 RSA Security 发布的公钥加密标准，也是互联网工程任务组 (IETF) 公钥基础设施 (PKIX) 工作组发布的标准的一部分；请参阅参考书目以获取参考资料。

It is intended that conforming readers allow interoperability between signature handlers; that is, a PDF file signed with a handler from one vendor shall be able to be validated with a handler from a different vendor.

If present, the SubFilter entry in the signature dictionary shall specify the encoding of the signature value and key information, while the Filter entry shall specify the preferred handler that should be used to validate the signature. When handlers are being registered according to Annex E they shall specify the SubFilter encodings they support enabling handlers other than the preferred handler to validate the signatures that the preferred handler creates.

There are several defined values for the SubFilter entry, all based on public-key cryptographic standards published by RSA Security and also as part of the standards issued by the Internet Engineering Task Force (IETF) Public Key Infrastructure (PKIX) working group; see the Bibliography for references.

12.8.3.2 PKCS#1 签名¶

12.8.3.2 PKCS#1 Signatures

中文英文

PKCS#1 标准支持多种公钥加密算法和摘要方法，包括 RSA 加密、DSA 签名以及 SHA-1 和 MD5 摘要（请参阅参考书目）。对于使用 PKCS#1 签名 PDF 文件，应使用的唯一 SubFilter 值是 adbe.x509.rsa_sha1，它使用 RSA 加密算法和 SHA-1 摘要方法。签名者的证书链应存储在 Cert 条目中。

The PKCS#1 standard supports several public-key cryptographic algorithms and digest methods, including RSA encryption, DSA signatures, and SHA-1 and MD5 digests (see the Bibliography for references). For signing PDF files using PKCS#1, the only value of SubFilter that should be used is adbe.x509.rsa_sha1, which uses the RSA encryption algorithm and SHA-1 digest method. The certificate chain of the signer shall be stored in the Cert entry.

12.8.3.3 PKCS#7 ISO 32000 中使用的签名¶

12.8.3.3 PKCS#7 Signatures as used in ISO 32000

12.8.3.3.1 概述¶

12.8.3.3.1 General

中文英文

使用 PKCS#7 签名时，Contents 的值应为包含签名的 DER 编码 PKCS#7 二进制数据对象。PKCS#7 对象应符合 RFC3852 加密消息语法。可以使用不同的子过滤器，并应根据附件 E 进行注册。SubFilter 应采用以下值之一：

adbe.pkcs7.detached：文档字节范围内的原始签名消息摘要应作为常规 PKCS#7 SignedData 字段合并。PKCS#7 SignedData 字段中不应封装任何数据。
adbe.pkcs7.sha1：文档字节范围的 SHA1 摘要应与 Data 类型的 ContentInfo 一起封装在 PKCS#7 SignedData 字段中。该 SignedData 的摘要应作为常规 PKCS#7 摘要合并。

PKCS#7 对象应符合 Internet RFC 2315、PKCS #7：加密消息语法，版本 1.5（参见参考书目）中的 PKCS#7 规范。它至少应包含签名者的 X.509 签名证书。此证书应用于验证内容中的签名值。

PKCS#7 对象应包含以下内容：

时间戳信息作为未签名属性 (PDF 1.6)：时间戳标记应符合 RFC 3161，并应按照 RFC 3161 附录 A 中所述计算并嵌入 PKCS#7 对象中。时间戳的具体处理及其处理由特定签名处理程序定义。
撤销信息作为签名属性 (PDF 1.6)：此属性可能包括对签名者的证书及其颁发者证书执行撤销检查所需的所有撤销信息。由于撤销信息是签名属性，因此必须在计算数字签名之前获取它。这意味着签名者使用的软件必须能够构建证书路径和相关的撤销信息。如果无法获取其中一个元素（例如无法连接），则无法使用此属性进行签名。 -（PDF 1.6）。这与使用 adbe.x509.rsa_sha1 时的处理不同，使用 adbe.x509.rsa_sha1 时，证书应放置在签名字典的 Cert 键中，如表 252 中定义。
与签名者证书关联的一个或多个 RFC 3281 属性证书（PDF 1.7）。属性证书的具体处理及其处理由特定的签名处理程序定义。

NOTE

为了最大限度地兼容早期版本，符合要求的编写者应遵循此做法。

如何建立可信身份列表以验证嵌入式证书的策略取决于验证签名处理程序。

When PKCS#7 signatures are used, the value of Contents shall be a DER-encoded PKCS#7 binary data object containing the signature. The PKCS#7 object shall conform to RFC3852 Cryptographic Message Syntax. Different subfilters may be used and shall be registered in accordance with Annex E. SubFilter shall take one of the following values:

adbe.pkcs7.detached: The original signed message digest over the document’s byte range shall be incorporated as the normal PKCS#7 SignedData field. No data shall be encapsulated in the PKCS#7 SignedData field.
adbe.pkcs7.sha1: The SHA1 digest of the document’s byte range shall be encapsulated in the PKCS#7 SignedData field with ContentInfo of type Data. The digest of that SignedData shall be incorporated as the normal PKCS#7 digest.

The PKCS#7 object shall conform to the PKCS#7 specification in Internet RFC 2315, PKCS #7: Cryptographic Message Syntax, Version 1.5 (see the Bibliography). At minimum, it shall include the signer’s X.509 signing certificate. This certificate shall be used to verify the signature value in Contents.

The PKCS#7 object should contain the following:

Time stamp information as an unsigned attribute (PDF 1.6): The timestamp token shall conform to RFC 3161 and shall be computed and embedded into the PKCS#7 object as described in Appendix A of RFC 3161. The specific treatment of timestamps and their processing is left to the particular signature handlers to define.
Revocation information as an signed attribute (PDF 1.6): This attribute may include all the revocation information that is necessary to carry out revocation checks for the signer's certificate and its issuer certificates. Since revocation information is a signed attribute, it must be obtained before the computation of the digital signature. This means that the software used by the signer must be able to construct the certification path and the associated revocation information. If one of the elements cannot be obtained (e.g. no connection is possible), a signature with this attribute will not be possible.
(PDF 1.6). This differs from the treatment when using adbe.x509.rsa_sha1 when the certificates shall be placed in the Cert key of the signature dictionary as defined in Table 252.
One or more RFC 3281 attribute certificates associated with the signer certificate (PDF 1.7). The specific treatment of attribute certificates and their processing is left to the particular signature handlers to define.

NOTE

For maximum compatibility with earlier versions, conforming writers should follow this practice.

The policy of how to establish trusted identity lists to validate embedded certificates is up to the validation signature handler.

12.8.3.3.2 吊销信息¶

12.8.3.3.2 Revocation Information

中文英文

adbe 撤销信息属性：

adbe-revocationInfoArchival OBJECT IDENTIFIER ::= { adbe(1.2.840.113583) acrobat(1) security(1) 8 }

撤销信息属性的值可以包括以下任何数据类型：

证书撤销列表（CRLs），在 RFC 3280 中描述（参见参考文献）：CRLs 通常较大，因此不应嵌入到 PKCS#7 对象中。
在线证书状态协议（OCSP）响应，在 RFC 2560 中描述，X.509 互联网公钥基础设施在线证书状态协议—OCSP（参见参考文献）：这些通常较小且大小固定，应该是包含在 PKCS#7 对象中的数据类型。
自定义撤销信息：该格式本规范未规定，唯一的要求是其编码为 OCTET STRING。应用程序应能够通过查看关联的 OBJECT IDENTIFIER 来确定 OCTET STRING 中包含的数据类型。

adbe 的撤销信息属性值具有 ASN.1 类型 RevocationInfoArchival：

RevocationInfoArchival ::= SEQUENCE {
    crl          [0] EXPLICIT SEQUENCE of CRLs, OPTIONAL
    ocsp         [1] EXPLICIT SEQUENCE of OCSP Responses, OPTIONAL
    otherRevInfo [2] EXPLICIT SEQUENCE of OtherRevInfo, OPTIONAL
}
OtherRevInfo ::= SEQUENCE {
Type OBJECT IDENTIFIER
Value OCTET STRING
}

对于字节范围签名，Contents 应为带有“<” 和 “>” 定界符的十六进制字符串。它应精确地适应由 ByteRange 指定的范围之间的空间。由于 PKCS#7 对象的长度无法完全预测，Contents 的值应在字符串末尾（在“>”定界符之前）填充零，然后将 PKCS#7 写入文件中分配的空间。

签名值的编码格式应为 adbe.pkcs7.detached。这种编码提供了在算法使用方面最多的选择。下表显示了不同 SubFilter 值支持的算法。

**表 257 – SubFilter 值算法支持**
	SubFilter 值
	adbe.pkcs7.detached	adbe.pkcs7.sha1	adbe.x509.rsa.sha1^a
消息摘要	SHA1 (PDF 1.3) SHA256 (PDF 1.6) SHA384 (PDF 1.7) SHA512 (PDF 1.7) RIPEMD160 (PDF 1.7)	SHA1 (PDF 1.3)^b	SHA1 (PDF 1.3) SHA256 (PDF 1.6) SHA384 (PDF 1.7) SHA512 (PDF 1.7) RIPEMD160 (PDF 1.7)
RSA 算法支持	最多 1024 位 (PDF 1.3) 最多 2048 位 (PDF 1.5) 最多 4096 位 (PDF 1.5)	见 adbe.pkcs7.detached	见 adbe.pkcs7.detached
DSA 算法支持	最多 4096 位 (PDF 1.6)	见 adbe.pkcs7.detached	否
^a 尽管 SubFilter 值的名称中出现了 sha1，但支持的编码不应仅限于 SHA1 算法。PKCS#1 对象包含一个标识符，指示应使用哪个算法。 ^b 可以使用其他摘要算法来摘要签名数据字段；但是，SHA1 应用于摘要正在签名的数据。

The adbe Revocation Information attribute:

adbe-revocationInfoArchival OBJECT IDENTIFIER ::= { adbe(1.2.840.113583) acrobat(1) security(1) 8 }

The value of the revocation information attribute can include any of the following data types:

Certificate Revocation Lists (CRLs), described in RFC 3280 (see the Bibliography): CRLs are generally large and therefore should not be embedded in the PKCS#7 object.
Online Certificate Status Protocol (OCSP) Responses, described in RFC 2560, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol—OCSP (see the Bibliography): These are generally small and constant in size and should be the data type included in the PKCS#7 object.
Custom revocation information: The format is not prescribed by this specification, other than that it be encoded as an OCTET STRING. The application should be able to determine the type of data contained within the OCTET STRING by looking at the associated OBJECT IDENTIFIER.

adbe's Revocation Information attribute value has ASN.1 type RevocationInfoArchival:

RevocationInfoArchival ::= SEQUENCE {
    crl          [0] EXPLICIT SEQUENCE of CRLs, OPTIONAL
    ocsp         [1] EXPLICIT SEQUENCE of OCSP Responses, OPTIONAL
    otherRevInfo [2] EXPLICIT SEQUENCE of OtherRevInfo, OPTIONAL
}
OtherRevInfo ::= SEQUENCE {
Type OBJECT IDENTIFIER
Value OCTET STRING
}

For byte range signatures, Contents shall be a hexadecimal string with “<” and “>” delimiters. It shall fit precisely in the space between the ranges specified by ByteRange. Since the length of PKCS#7 objects is not entirely predictable, the value of Contents shall be padded with zeros at the end of the string (before the “>” delimiter) before writing the PKCS#7 to the allocated space in the file.

The format for encoding signature values should be adbe.pkcs7.detached. This encoding allows the most options in terms of algorithm use. The following table shows the algorithms supported for the various SubFilter values.

**Table 257 – SubFilter value algorithm support**
	SubFilter value
	adbe.pkcs7.detached	adbe.pkcs7.sha1	adbe.x509.rsa.sha1^a
Message Digest	SHA1 (PDF 1.3) SHA256 (PDF 1.6) SHA384 (PDF 1.7) SHA512 (PDF 1.7) RIPEMD160 (PDF 1.7)	SHA1 (PDF 1.3)^b	SHA1 (PDF 1.3) SHA256 (PDF 1.6) SHA384 (PDF 1.7) SHA512 (PDF 1.7) RIPEMD160 (PDF 1.7)
RSA Algorithm Support	Up to 1024-bit (PDF 1.3) Up to 2048-bit (PDF 1.5) Up to 4096-bit (PDF 1.5)	See adbe.pkcs7.detached	See adbe.pkcs7.detached
DSA Algorithm Support	Up to 4096-bits (PDF 1.6)	See adbe.pkcs7.detached	No
^a Despite the appearance of sha1 in the name of this SubFilter value, supported encodings shall not be limited to the SHA1 algorithm. The PKCS#1 object contains an identifier that indicates which al-gorithm shall be used. ^b Other digest algorithms may be used to digest the signed-data field; however, SHA1 shall be used to digest the data that is being signed.

12.8.4 权限¶

12.8.4 Permissions

中文英文

文档目录中的 Perms 条目（参见表 28）应指定一个 权限字典 （PDF 1.5）。该字典中的每个条目（当前定义的条目参见表 258）应指定一个控制文档访问权限的权限处理器的名称。这些权限类似于安全处理器定义的权限（参见表 22），但不要求文档被加密。为了实际授予文档的权限，它必须被权限字典中存在的每个权限处理器以及安全处理器允许。

注意

一个权限的例子是填写表单字段的能力。

**表 258 – 权限字典中的条目**
键	类型	值
DocMDP	字典	(可选) 对签名字典的间接引用（参见表 252）。此字典应包含一个 Reference 条目，该条目应是一个签名引用字典（参见表 252），该字典具有 DocMDP 转换方法（参见 12.8.2.2，“DocMDP”）和相应的转换参数。如果此条目存在，消费者应用程序应强制执行 DocMDP 转换参数字典中的 P 属性所指定的权限，并且还应基于是否违反了这些权限来验证相应的签名。
UR3	字典	(可选) 一个签名字典，用于指定和验证为该文档授予的附加功能（使用权限）；即启用符合要求的阅读器中默认不可用的交互式功能。例如，符合要求的阅读器默认不允许保存文档，但代理可以授予权限，允许保存特定文档。签名应用于验证由执行签署的代理授予的权限。签名字典应包含一个 Reference 条目，该条目应是一个签名引用字典，具有 UR 转换方法（参见 12.8.2.3，“UR”）。此方法的转换参数字典指示应为文档授予哪些附加权限。如果签名有效，符合要求的阅读器应允许为文档授予指定的权限，此外还包括应用程序的默认权限。

The Perms entry in the document catalogue (see Table 28) shall specify a permissions dictionary (PDF 1.5). Each entry in this dictionary (see Table 258 for the currently defined entries) shall specify the name of a permission handler that controls access permissions for the document. These permissions are similar to those defined by security handlers (see Table 22) but do not require that the document be encrypted. For a permission to be actually granted for a document, it shall be allowed by each permission handler that is present in the permissions dictionary as well as by the security handler.

NOTE

An example of a permission is the ability to fill in a form field.

**Table 258 – Entries in a permissions dictionary**
Key	Type	Value
DocMDP	dictionary	(Optional) An indirect reference to a signature dictionary (see Table 252). This dictionary shall contain a Reference entry that shall be a signature reference dictionary (see Table 252) that has a DocMDP transform method (see 12.8.2.2, “DocMDP”) and corresponding transform parameters. If this entry is present, consumer applications shall enforce the permissions specified by the P attribute in the DocMDP transform parameters dictionary and shall also validate the corresponding signature based on whether any of these permissions have been violated.
UR3	dictionary	(Optional) A signature dictionary that shall be used to specify and validate additional capabilities (usage rights) granted for this document; that is, the enabling of interactive features of the conforming reader that are not available by default. For example, A conforming reader does not permit saving documents by default, but an agent may grant permissions that enable saving specific documents. The signature shall be used to validate that the permissions have been granted by the agent that did the signing. The signature dictionary shall contain a Reference entry that shall be a signature reference dictionary that has a UR transform method (see 12.8.2.3, “UR”). The transform parameter dictionary for this method indicates which additional permissions shall be granted for the document. If the signature is valid, the conforming reader shall allow the specified permissions for the document, in addition to the application’s default permissions.

12.8.5 合法内容认证¶

12.8.5 Legal Content Attestations

中文英文

PDF 语言提供了一些功能，可以使 PDF 文档的渲染外观发生变化。这些功能可能被用来构建一个有意或无意地误导文档接收者的文档。在考虑已签名 PDF 文档的法律影响时，这些情况是相关的。

因此，必须提供一种机制，使文档接收者可以确定文档是否可以被信任。主要方法是只接受包含认证签名的文档（即具有 DocMDP 签名，定义了允许在文档中进行更改的内容；参见 12.8.2.2，“DocMDP”）。

在创建认证签名时，符合要求的作者还应创建一个法律认证字典，其条目如表 259 所示。此字典应为文档目录中 Legal 条目的值（参见表 28）。其条目应指定可能导致文档内容意外渲染的所有内容。作者可以通过 Attestation 条目进一步澄清这些内容。审阅者应自行确认他们信任文档的作者和内容。在发生法律挑战的情况下，任何可疑内容可以在此字典中的信息的上下文中进行审查。

**表 259 – 法律认证字典中的条目**
键	类型	值
JavaScriptActions	整数	(可选) 文档中找到的 JavaScript 动作的数量（参见 12.6.4.16，“JavaScript 动作”）。
LaunchActions	整数	(可选) 文档中找到的启动动作的数量（参见 12.6.4.5，“启动动作”）。
URIActions	整数	(可选) 文档中找到的 URI 动作的数量（参见，“URI 动作”）。
MovieActions	整数	(可选) 文档中找到的电影动作的数量（参见 12.6.4.9，“电影动作”）。
SoundActions	整数	(可选) 文档中找到的声音动作的数量（参见 12.6.4.8，“声音动作”）。
HideAnnotationActions	整数	(可选) 文档中找到的隐藏动作的数量（参见 12.6.4.10，“隐藏动作”）。
GoToRemoteActions	整数	(可选) 文档中找到的远程跳转动作的数量（参见 12.6.4.3，“远程跳转动作”）。
AlternateImages	整数	(可选) 文档中找到的替代图像的数量（参见 8.9.5.4，“替代图像”）。
ExternalStreams	整数	(可选) 文档中找到的外部流的数量。
TrueTypeFonts	整数	(可选) 文档中找到的 TrueType 字体的数量（参见 9.6.3，“TrueType 字体”）。
ExternalRefXobjects	整数	(可选) 文档中找到的参考 XObjects 的数量（参见 8.10.4，“参考 XObjects”）。
ExternalOPIdicts	整数	(可选) 文档中找到的 OPI 字典的数量（参见 14.11.7，“开放预印接口（OPI）”）。
NonEmbeddedFonts	整数	(可选) 文档中找到的未嵌入字体的数量（参见 9.9，“嵌入字体程序”）。
DevDepGS_OP	整数	(可选) 文档中找到的对图形状态参数 OP 的引用数量（参见表 58）。
DevDepGS_HT	整数	(可选) 文档中找到的对图形状态参数 HT 的引用数量（参见表 58）。
DevDepGS_TR	整数	(可选) 文档中找到的对图形状态参数 TR 的引用数量（参见表 58）。
DevDepGS_UCR	整数	(可选) 文档中找到的对图形状态参数 UCR 的引用数量（参见表 58）。
DevDepGS_BG	整数	(可选) 文档中找到的对图形状态参数 BG 的引用数量（参见表 58）。
DevDepGS_FL	整数	(可选) 文档中找到的对图形状态参数 FL 的引用数量（参见表 58）。
Annotations	整数	(可选) 文档中找到的注释数量（参见 12.5，“注释”）。
OptionalContent	布尔值	(可选) 如果文档中存在可选内容，则为 true（参见 8.11，“可选内容”）。
Attestation	文本字符串	(可选) 由文档作者创建的认证，解释该字典中任何其他条目或任何影响文档法律完整性的其他内容的存在。

The PDF language provides a number of capabilities that can make the rendered appearance of a PDF document vary. These capabilities could potentially be used to construct a document that misleads the recipient of a document, intentionally or unintentionally. These situations are relevant when considering the legal implications of a signed PDF document.

Therefore, a mechanism shall be provided by which a document recipient can determine whether the document can be trusted. The primary method is to accept only documents that contain certification signatures (one that has a DocMDP signature that defines what shall be permitted to change in a document; see 12.8.2.2, “DocMDP”).

When creating certification signatures, conforming writers should also create a legal attestation dictionary, whose entries are shown in Table 259. This dictionary shall be the value of the Legal entry in the document catalogue (see Table 28). Its entries shall specify all content that may result in unexpected rendering of the document contents. The author may provide further clarification of such content by means of the Attestation entry. Reviewers should establish for themselves that they trust the author and contents of the document. In the case of a legal challenge to the document, any questionable content can be reviewed in the context of the information in this dictionary.

Actions”). (OPI)”).

**Table 259 – Entries in a legal attestation dictionary**
Key	Type	Value
JavaScriptActions	integer	(Optional) The number of JavaScript actions found in the document (see 12.6.4.16, “JavaScript Actions”).
LaunchActions	integer	(Optional) The number of launch actions found in the document (see 12.6.4.5, “Launch Actions”).
URIActions	integer	(Optional) The number of URI actions found in the document (see , “URI Actions”).
MovieActions	integer	(Optional) The number of movie actions found in the document (see 12.6.4.9, “Movie Actions”).
SoundActions	integer	(Optional) The number of sound actions found in the document (see 12.6.4.8, “Sound Actions”).
HideAnnotationActions	integer	(Optional) The number of hide actions found in the document (see 12.6.4.10, “Hide Actions”).
GoToRemoteActions	integer	(Optional) The number of remote go-to actions found in the document (see 12.6.4.3, “Remote Go-To
AlternateImages	integer	(Optional) The number of alternate images found in the document (see 8.9.5.4, “Alternate Images”)
ExternalStreams	integer	(Optional) The number of external streams found in the document.
TrueTypeFonts	integer	(Optional) The number of TrueType fonts found in the document (see 9.6.3, “TrueType Fonts”).
ExternalRefXobjects	integer	(Optional) The number of reference XObjects found in the document (see 8.10.4, “Reference XObjects”).
ExternalOPIdicts	integer	(Optional) The number of OPI dictionaries found in the document (see 14.11.7, “Open Prepress Interface
NonEmbeddedFonts	integer	(Optional) The number of non-embedded fonts found in the document (see 9.9, “Embedded Font Programs””)
DevDepGS_OP	integer	(Optional) The number of references to the graphics state parameter OP found in the document (see Table 58).
DevDepGS_HT	integer	(Optional) The number of references to the graphics state parameter HT found in the document (see Table 58).
DevDepGS_TR	integer	(Optional) The number of references to the graphics state parameter TR found in the document (see Table 58).
DevDepGS_UCR	integer	(Optional) The number of references to the graphics state parameter UCR found in the document (see Table 58).
DevDepGS_BG	integer	(Optional) The number of references to the graphics state parameter BG found in the document (see Table 58).
DevDepGS_FL	integer	(Optional) The number of references to the graphics state parameter FL found in the document (see Table 58).
Annotations	integer	(Optional) The number of annotations found in the document (see 12.5, “Annotations”).
OptionalContent	boolean	(Optional) true if optional content is found in the document (see 8.11, “Optional Content”).
Attestation	text string	(Optional) An attestation, created by the author of the document, explaining the presence of any of the other entries in this dictionary or the presence of any other content affecting the legal integrity of the document.