In May 2021, a group of researchers at the Ruhr University Bochum (RUB) published an IEEE symposium paper on problems with certification signatures in PDF. The authors’ findings are summarized on the PDF Insecurity website. Since iText’s products are often used as part of digital signing workflows (including to create certification signatures), we felt compelled to comment. In this blog post, we’ll take you through some background on these new attacks, and explain what you can do about them.
Read full article