@Albert OK, I can see the problem for poppler in terms of licensing. A quick evaluation of the alternatives: gnutls seems to be unsuited for this because it doesn't have a decent PKCS7 API that would allow me to parse the signature and access each component. I've only found this in the docs: http://www.gnu.org/software/gnutls/manual/html_node/X509-certificate-API.html#X509-certificate-API
NSS seems to be more promising as I've found example code for PKCS#7 validation in its source tarball: mozilla/security/nss/cmd/p7verify/p7verify.c The disadvantage I see with nss is that we won't be able to reuse the system certificate store usually in /etc/ssl/certs because it will need to use a particular Berkeley DB cert store as you can find in your Firefox/Thunderbird Profile. So we'd have an implicit dependency on .mozilla/... being present or worse we'll need to introduce our own cert store. I have no experience with gnutls or nss so if anyone can correct me or add something, feel free. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/740506 Title: verify digital signatures Status in Poppler: Confirmed Status in “poppler” package in Ubuntu: Triaged Bug description: Binary package hint: evince This is a feature request to verify digital signatures. I'm receiving more and more digitally signed PDF's and evince already acknowledges them with: Signature Not Verified Digitally signed by <signer> Date: <time stamp> Reason: <reason> Location: <location> but it would be great if Evince would be integrated into the distro's ca-certificate infrastructure to verify these signatures. To manage notifications about this bug go to: https://bugs.launchpad.net/poppler/+bug/740506/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
