Is a Digital Signature in PDF Really Secure ?

By January 12, 2012 2 comments
Keywords : Smart city, Europe

Changing the content of a PDF file without invalidating the digital signature is apparently possible if you manipulate the code beforehand.


E-business and e-government both commonly use digital signatures on portable document format (PDF) files to confirm the integrity of the document and the identity of its signatory. However, it now seems that this method is not infallible. A researcher at the Military Technical Academy in Bucharest, Romania has found a means of modifying the information content of a signed PDF without it being invalidated. What the researcher actually did was to use the structure of the document code to insert, from the outset, hidden elements which are difficult to detect. The procedure is based on a technique called Dali Attack. An attacker can create a dual file - an original PDF, plus a TIFF image in which there are, for example, changes to a sum of money or a percentage figure. Using a ‘hex editor’, the attacker can copy the whole of the PDF content as a code inside the image file. Then all he has to do is introduce the PDF tracker, which ensures that the new file is compatible with Acrobat Reader.

A dynamic file which reacts according to the software used to open the file

By manipulating the document structure, it is thus possible to establish dynamic content which will react according to the method of opening the file. If you use Acrobat, you will see the original amount of money stated in the PDF. On the other hand, if you use software for looking at images, you’ll see the ‘doctored’ amount from the TIFF file. So, by modifying the extension of the polymorphically constituted document from .TIFF to .PDF, the attacker ensures the PDF document can be read without any problems in Acrobat Reader and no syntax error will be detected. When the signatory receives the file, s/he just sees an ordinary PDF document and signs it using a software application or a smartcard. The file then takes the extension .PDF.PKCS7. All the attacker has to do is to change the new extension back to .TIFF.PKCS7 and open it with an "Image Viewer" to show the fraudulent amount. This works because the digital signature verification process does not use the document extension.

Relatively simple means of detection

The verification will not be invalidated because no file ‘bits’ have been altered and all the elements of the code were already there from the beginning. Fortunately, it’s possible to detect this type of polymorphic file. Acrobat Reader X Pro systematically rewrites documents when they are opened, taking out all previous modifications. Only the amount from the original PDF will be kept. The researcher has also created a batch file using the ImageMagick suite. This spots when a PDF document contains the parameters of a TIFF image – such as sizing or image resolution. If this is the case, it replicates the document, converts the extension to TIFF and opens it with a web browser, thus revealing the attempted fraud.

Page top


I have to clarify that the above article includes a big mistake.
The Dalì attack, as well as its careful implementation and the
implementation of its detection is NOT due to
any "Military Technical Academy in Buchares".
It is indeed a scientific result published
from 2008 to 2009 in many articles by
the authors, who are:
Francesco Buccafurri, Gianluca Caminiti, and Gianluca Lax,
all from University of Reggio Calabria (Italy).

In particular, the technique concerning PDF here summarized is included in the paper:

while other aspects of the same attack can be found in:

Observe that the recent article you improperly link:
(under the word "means") is
just a replication (done in 2011) of our attack in which the author (Popescu, - who contacted me by e-mail a number of times in order to have detail necessary to reproduce the attack) DOES NOT add anything new to the attack.
Actually, the author cites 2 our papers (see references [4] and [5] of his work), but probably he is little clear about the fact that his paper does not contain ANY meaningful new result.

Francesco Buccafurri
Full Professor at
University of Reggio Calabria

Submitted by Francesco Buccafurri (not verified) - on April 11, 2012 at 02:56 pm

I think above information's regarding digital signature is very useful for all of us.

Submitted by MineMirror - on February 17, 2013 at 02:48 pm

Legal mentions © L’Atelier BNP Paribas