Page MenuHome GnuPG

PDF signed with --clearsign has image distorted.
Closed, ResolvedPublic


Signing a PDF file containing an image causes distortion to the image (using --clearsign).

gpg --clearsign --output='dices - signed with gpg.pdf' 'dices - unsigned.pdf'

File signed with distorted image.

Original file, unsigned and undistorted.

PNG used to create the unsigned file. Comes from Wikimedia, so it is ok to distribute.

Blank PDF used to add the image dices.png to.


gpg (GnuPG) 2.2.19, libgcrypt 1.8.5

Event Timeline

deragon updated the task description. (Show Details)
werner added a subscriber: werner.

--clearsign may only be used for plain text documents due to line ending conversion etc.

werner claimed this task.

The surprising thing is that it works at all. I wouldn't be surprised if certain would simply reject it as "not a pdf" given that the "%PDF-1.x" marker isn't at the beginning.

PDF is a "text-based format" which then includes binary contents (e.g. compressed blocks) and uses byte offsets (so not really text).

For this specific file you could get away with the non-standard --not-dash-escaped option, as the issue on this is caused by 0a 2d being escaped into 0a 2d 20 2d:

gpg --clearsign --not-dash-escaped --output='dices - signed with gpg not dash escaped.pdf' 'dices - unsigned.pdf'

Even if you only used gpg to validate it, so that you can use --not-dash-escaped, certain pdf contents could confuse it, though. If you want to keep the signed pdf readable without gpg, the real solution would be to use a detached signature.