How to use pdfPassword successfully?

msageryd

I'm having trouble securing my PDFs with an owner password. When I provide ownerPassword the PDF is not viewable.

This is my template settings for the API call:

        pdfPassword: {
          ownerPassword: 'password',
          printing: 'HighResolution',
          modifying: false,
          copying: false,
          annotating: false,
          fillingForms: true,
          contentAccessibility: true,
          documentAssembly: true
       }

When I open the PDF in Acrobat reader I get the following error and the PDF is blank. File size is exactly the same as a PDF rendered without ownerPassword.
0_1605703821397_upload-5bf14c28-e4de-4cb1-adce-32d2223b49cc

If I open the PDF in Chrome preview I get no error, but still blank pages.

OSX Preview behaves the same as Chrome, i.e. no error but blank pages.

msageryd

Update:
The problematic file was also signed. When I only use pdfPassword the file is readable (i.e. I removed pdfSign)

msageryd

Update 2:
pdfSign works if I don't use pdfPassword. There seems to be a problem while using both.

jan_blaha

Thanks. I confirm this is a bug. I apologize for the inconvenience.
The problem is inside the third-party library we use, I don't know how to fix this at the moment.
It is now tracked here and we look at it later.
https://github.com/jsreport/jsreport/issues/776

msageryd

Is this a bug in the node-signpdf package? It seems like jsreport uses a really old version of this package (0.3.0). Current version is 1.3.2, in which exactly this bug seems to be fixed.

https://github.com/vbuch/node-signpdf/issues/98

N.B. This might be completely inaccurate, and I might have misunderstood something.

jan_blaha

Yes, I am aware, see my comment in test :)
https://github.com/jsreport/jsreport-pdf-utils/commit/60be85f57ee620238b95239d3eb401d3c72fdcac#diff-a561630bb56b82342bc66697aee2ad96efddcbc9d150665abd6fb7ecb7c0ab2fR1419

msageryd

Ok, that's a pity. It seemed to be a perfect match between the problem and the fix.

jan_blaha

@msageryd

This should be fixed now, would you be able to retest it before we ship the 2.11 with it? Thank you

npm i jsreport/jsreport-pdf-utils#3007f480fca945e3517c963b32d4f563ad754d05

msageryd

Great Jan!
I will try this tomorrow. I'm preparing a big update, so my dev-environment is not ready for other stuff right now.

msageryd

I have tested the following:

Lock editing, copying, etc with ownerPassword
Lock pdf with password
Sign pdf with self signed cert, pdfSign
Sign with pdfSign AND lock with ownerPassword
Sign wiht pdfSign AND lock with ownerPassword AND protect with password

Everything works in various combinations.

Great work, Jan!

edit: all tests where done via the API, i.e. I have not tried to do this from within Studio.

jan_blaha

Thank you very much. I don't plan to touch the code again so this will be in 2.11 in the same form...

Actually what doesn't work, is when you use the pdfFormElement and add a field to pdf and then sign it with a certificate.
The certificate signature won't popup then, because the pdf form fields are re-rendering the content streams which removes the certificate signature. This seems by design and described here
https://manuals.setasign.com/setapdf-signer-manual/signing-pdf-forms/
So we take this as a fact for now.

msageryd

This post deleted (was previously a bug report, but there is no bug).
Sorry, I read an old error from the error log.