SUMMARY Once opened in Acrobat Reader or DC, it may allow you to make modifications, but when you try to save the PDF again, it gives this vague error: "The document could not be saved. There was a problem reading this document (105)." It is important to have Okular interoperable with other tools, so that it can be more widely used. The digital signature feature works well and it was a feature I have been waiting for a long time, but I hope this issue can be fixed. I would not be able to share signed documents with my colleagues who use non-open source tools. Theoretically, PDFs can be locked or left open after being digitally signed, but even Adobe does not give you an option to lock a document. It is also not clear if the locking is the issue here, or there is another problem with the generated file. STEPS TO REPRODUCE 1. Open a PDF file in Okular 2. Digitally sign it and save as a new PDF 3. Open the new PDF in Acrobat Reader or DC, try to sign or save OBSERVED RESULT Getting the above error. EXPECTED RESULT For forms that need to be signed by multiple people, I would expect to be able to add another signature in Adobe products. SOFTWARE/OS VERSIONS Windows: 10/Acrobat DC (new install) Linux/KDE Plasma: (available in About System) KDE Plasma Version: 5.23.3 KDE Frameworks Version: 5.88.0 Qt Version: 5.15.2 ADDITIONAL INFORMATION I can provide example files if needed.
A colleague of mine just confirmed this.
PDF allows for some fine-grained control about what you can do with a signed document and what not Looking at https://www.verypdf.com/document/pdf-format-reference/pg_0733.htm I see this: The access permissions granted for this document. Valid values are: 1 No changes to the document are permitted; any change to the document invalidates the signature 2 Permitted changes are filling in forms, instantiating page templates, and signing; other changes invalidate the signature. 3 Permitted changes are the same as for 2, as well as annotation creation, deletion, and modification; other changes invalidate the signature Default value: 2 Okular/Poppler doesn't set this, so the default (2) applies. That should explain why you cannot add a new signature (which is technically similar to adding an annotation). You should be able to do the things described in 2, like filling in forms. Note that this is my understanding based on reading the linked site and the poppler source, I haven't reproduced the issue to confirm yet
It looks like this does not explain the problem. Signing https://invent.kde.org/graphics/okular/-/blob/master/autotests/data/hello_with_dummy_signature.pdf with Acrobat doesn't add a DocMDP entry either. The relevant part of the document signed by Okular: %% Original object ID: 32 0 29 0 obj << /ByteRange [ 0 490918 499126 378 ] /Contents /Filter /Adobe.PPKLite /M (D:20230428140625+02'00') /Name (Nicolas Fella) /SubFilter /adbe.pkcs7.detached /Type /Sig >> endobj And by Acrobat: %% Original object ID: 18 0 23 0 obj << /ByteRange [ 0 3871 8413 9388 ] /Contents /Filter /Adobe.PPKLite /M (D:20230428140204+02'00') /Name (Nicolas Fella) /Prop_Build << /App << /Name /Adobe#20Acrobat#20Reader#20#2864-bit#29 /OS [ /Win ] /R 1507584 /REx (2023.001.20143) /TrustedMode true >> /Filter << /Date (Apr 4 2023 18:35:16) /Name /Adobe.PPKLite /R 131104 /V 2 >> /PubSec << /Date (Apr 4 2023 18:35:16) /R 131105 >> >> /SubFilter /adbe.pkcs7.detached /Type /Sig >> endobj The difference is the /Prop_Build entry, but not sure this explains the issue
https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1372 fixes the issue for me
I asked the colleague I mentioned above to test this, and it seems that the issue is indeed fixed for us as well. Thank you!