Q: I am using your Java library jPDFSecure to add 2 digital signatures to a PDF document (sign, save, sign again and save) but only the last signature shows as valid, the first signature is showing as invalid. Am I doing anything wrong?

This KB entry applies to the following Java libraries and components: jPDFProcess, jPDFSecure, jPDFNotes, jPDFEditor

Watermark in Demo Version

When using our libraries in demo mode, the first signature added is invalidated because the software adds a  watermark so the document content is in effect modified.

Update Mode when Saving a Signed PDF Document: 

When editing a PDF document that has a digital signature, Qoppa’s PDF engine will save the document in “update mode”, in such a way that the original content (that was signed) remains the same and new objects or changes to existing objects are added at the end of the file.

Validating Multiple Digital Signatures in PDF:

The PDF format has not been designed for a clean validation of a PDF document containing two digital signatures. We are hoping that PDF 2.0 may resolve this issue.  Advanced PDF viewers perform a trick when validating multiple signatures:  they analyze the content that was added to see what was added after the first signature. If only a second signature was added, they show the first signature as valid.

In version 2013R2 and later, Qoppa’s libraries and components validate multiple digital signatures in the same way as Adobe’s and other advanced PDF viewers. 

In version 2013R1 and earlier, when verifying a document with 2 digital signatures that were added back to back, Qoppa’s Engine will indicate that the first digital signature is “valid with a warning”. The first signature details will indicate that the original contents was not modified, but there has been content added after the signature. Note that the signatures will show properly in Adobe’s reader and other advanced PDF viewers.