Launchpad has imported 37 comments from the remote bug at
https://bugs.freedesktop.org/show_bug.cgi?id=16770.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
On 2008-07-18T00:43:49+00:00 Rastos wrote:
Since poppler is the basis for most pdf-processing software on Linux it
would be great if it provided some functionality to access digital
signatures embedded in PDF documents, so that the applications can
display details of signing certificate and verify the validity of
signature.
An example of such signatures can be seen on
http://www.aloaha.com/cache/multiplesignatures.pdf
Look at the objects along the right border of the page. On Windows the
signatures can be checked using Adobe Acrobat 8.x
Reply at:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1085526/comments/0
On 2008-12-17T00:44:47+00:00 Carlos Garcia Campos wrote:
*** Bug 19120 has been marked as a duplicate of this bug. ***
Reply at:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1085526/comments/1
On 2008-12-17T15:22:30+00:00 Advax wrote:
http://www.adobe.com/devnet/acrobat/pdfs/PDF32000_2008.pdf
I hacked Xpdf to tell me of the existence of SigFlags bits, but lack the skill
to implement this properly in finite time
Reply at:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1085526/comments/2
On 2010-07-28T11:07:28+00:00 Markus Kilås wrote:
Created attachment 37425
Initial patch for parsing digitally signed PDFs
I have started to look at support for verifying signed PDF documents.
The attached patched gives very basic support by providing methods for
getting the signature data (/Contents), the signature type (/SubFilter
i.e. PKCS7) and the ByteRanges that the verifier needs to calculate the
digest over. Then the actual signature and certificate chain
verification is not specific to PDF and could be implemented by the
applications using any crypto library.
// Markus Kilås
mar...@primekey.se
Reply at:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1085526/comments/3
On 2010-07-28T11:25:18+00:00 Markus Kilås wrote:
Sample signed document:
http://wwwpriv.primekey.se/~markus/pdfsigner/SignServer3.1.3-signed.pdf
Reply at:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1085526/comments/4
On 2010-07-28T15:01:38+00:00 Albert Astals Cid wrote:
Why force the applications to implement it? After all they are all going
to do the same, so it makes sense to have it at the poppler level too.
Code related i don't see why you store contents as a GooString and the
others as Objects, what's the reason?
Also before doing getArray() and getName() you need to check with
isArray and isName, otherwise if the file is broken we will crash.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1085526/comments/5
On 2010-07-28T15:55:34+00:00 Brad Hards wrote:
I do kind-of agree with Markus that the verification operations can be
done externally. There is an application level dependency in that the
certificate store could depend on the desktop / user environment.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1085526/comments/6
On 2010-07-28T16:05:21+00:00 Brad Hards wrote:
It would be very useful to have example code that actually does the
validation operations (e.g. in the glib or qt examples). Perhaps gnutls
(LGPLv2+) may be suitable.
Reply at:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1085526/comments/7
On 2010-07-29T02:48:37+00:00 Markus Kilås wrote:
I can see you point that the verification should be included if all
applications were to use it.
However, I was not just sure if it is good to add a dependency to a
particular crypto library. There are Gnutls, openssl and NSS and
possibly other? I have not used any of them for this purpose (I am
mainly a Java developer now days and normally use the Bouncy Castle
API). And as Brad mentions the trusted root certificates might be
fetched from some keystore integrated with the desktop.
I think my initial idea was to have support in poppler to get only that
is needed and then an application could implement the rest and later
some of that could be refactored and moved back into poppler, but that's
just and i