summaryrefslogtreecommitdiff
path: root/pdf/pdf.go
diff options
context:
space:
mode:
authorPřemysl Eric Janouch <p@janouch.name>2020-09-04 18:33:12 +0200
committerPřemysl Eric Janouch <p@janouch.name>2020-09-04 18:33:12 +0200
commit796a9640d36328465cef66752a811eac5f7b3da5 (patch)
tree269a5090a5fc6f0dcf7ef78273901ae124fdc036 /pdf/pdf.go
parent2d08100b58b6c7e06f124aef3e2761bcdaeac85b (diff)
downloadpdf-simple-sign-796a9640d36328465cef66752a811eac5f7b3da5.tar.gz
pdf-simple-sign-796a9640d36328465cef66752a811eac5f7b3da5.tar.xz
pdf-simple-sign-796a9640d36328465cef66752a811eac5f7b3da5.zip
Make it possible to change the signature reservation
Diffstat (limited to 'pdf/pdf.go')
-rw-r--r--pdf/pdf.go8
1 files changed, 5 insertions, 3 deletions
diff --git a/pdf/pdf.go b/pdf/pdf.go
index a6f1ae8..f871c70 100644
--- a/pdf/pdf.go
+++ b/pdf/pdf.go
@@ -1115,12 +1115,14 @@ func FillInSignature(document []byte, signOff, signLen int,
// There must be at least one certificate, matching the private key.
// The certificates must form a chain.
//
+// A good default for the reservation is around 4096 (the value is in bytes).
+//
// The presumption here is that the document is valid and that it doesn't
// employ cross-reference streams from PDF 1.5, or at least constitutes
// a hybrid-reference file. The results with PDF 2.0 (2017) are currently
// unknown as the standard costs money.
-func Sign(document []byte,
- key crypto.PrivateKey, certs []*x509.Certificate) ([]byte, error) {
+func Sign(document []byte, key crypto.PrivateKey, certs []*x509.Certificate,
+ reservation int) ([]byte, error) {
pdf, err := NewUpdater(document)
if err != nil {
return nil, err
@@ -1152,7 +1154,7 @@ func Sign(document []byte,
buf.WriteString("\n /Contents <")
signOff = buf.Len()
- signLen = 8192 // cert, digest, encrypted digest, ...
+ signLen = reservation * 2 // cert, digest, encrypted digest, ...
buf.Write(bytes.Repeat([]byte{'0'}, signLen))
buf.WriteString("> >>")