Breaking the Specification: PDF Certification
Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Jörg Schwenk
42nd IEEE Symposium on Security and Privacy (S&P 2021)
The Portable Document Format (PDF) is the de-facto standard for document exchange. The PDF specification defines two different types of digital signatures to guarantee the authenticity and integrity of documents: approval signatures and certification signatures. Approval signatures testify one specific state of the PDF document. Their security has been investigated at CCS'19. Certification signatures are more powerful and flexible. They cover more complex workflows, such as signing contracts by multiple parties. To achieve this goal, users can make specific changes to a signed document without invalidating the signature.
We responsibly disclosed these issues and supported the vendors to fix the vulnerabilities. We also propose concrete countermeasures and improvements to the current specification to fix the issues.