Launchpad has imported 15 comments from the remote bug at https://bugs.freedesktop.org/show_bug.cgi?id=16770.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2008-07-18T07:43:49+00:00 Rastos wrote: Since poppler is the basis for most pdf-processing software on Linux it would be great if it provided some functionality to access digital signatures embedded in PDF documents, so that the applications can display details of signing certificate and verify the validity of signature. An example of such signatures can be seen on http://www.aloaha.com/cache/multiplesignatures.pdf Look at the objects along the right border of the page. On Windows the signatures can be checked using Adobe Acrobat 8.x Reply at: https://bugs.launchpad.net/poppler/+bug/740506/comments/0 ------------------------------------------------------------------------ On 2008-12-17T08:44:47+00:00 Carlos Garcia Campos wrote: *** Bug 19120 has been marked as a duplicate of this bug. *** Reply at: https://bugs.launchpad.net/poppler/+bug/740506/comments/1 ------------------------------------------------------------------------ On 2008-12-17T23:22:30+00:00 Advax wrote: http://www.adobe.com/devnet/acrobat/pdfs/PDF32000_2008.pdf I hacked Xpdf to tell me of the existence of SigFlags bits, but lack the skill to implement this properly in finite time Reply at: https://bugs.launchpad.net/poppler/+bug/740506/comments/2 ------------------------------------------------------------------------ On 2010-07-28T18:07:28+00:00 Markus Kilås wrote: Created attachment 37425 Initial patch for parsing digitally signed PDFs I have started to look at support for verifying signed PDF documents. The attached patched gives very basic support by providing methods for getting the signature data (/Contents), the signature type (/SubFilter i.e. PKCS7) and the ByteRanges that the verifier needs to calculate the digest over. Then the actual signature and certificate chain verification is not specific to PDF and could be implemented by the applications using any crypto library. // Markus Kilås mar...@primekey.se Reply at: https://bugs.launchpad.net/poppler/+bug/740506/comments/3 ------------------------------------------------------------------------ On 2010-07-28T18:25:18+00:00 Markus Kilås wrote: Sample signed document: http://wwwpriv.primekey.se/~markus/pdfsigner/SignServer3.1.3-signed.pdf Reply at: https://bugs.launchpad.net/poppler/+bug/740506/comments/4 ------------------------------------------------------------------------ On 2010-07-28T22:01:38+00:00 Albert Astals Cid wrote: Why force the applications to implement it? After all they are all going to do the same, so it makes sense to have it at the poppler level too. Code related i don't see why you store contents as a GooString and the others as Objects, what's the reason? Also before doing getArray() and getName() you need to check with isArray and isName, otherwise if the file is broken we will crash. Reply at: https://bugs.launchpad.net/poppler/+bug/740506/comments/5 ------------------------------------------------------------------------ On 2010-07-28T22:55:34+00:00 Brad Hards wrote: I do kind-of agree with Markus that the verification operations can be done externally. There is an application level dependency in that the certificate store could depend on the desktop / user environment. Reply at: https://bugs.launchpad.net/poppler/+bug/740506/comments/6 ------------------------------------------------------------------------ On 2010-07-28T23:05:21+00:00 Brad Hards wrote: It would be very useful to have example code that actually does the validation operations (e.g. in the glib or qt examples). Perhaps gnutls (LGPLv2+) may be suitable. Reply at: https://bugs.launchpad.net/poppler/+bug/740506/comments/7 ------------------------------------------------------------------------ On 2010-07-29T09:48:37+00:00 Markus Kilås wrote: I can see you point that the verification should be included if all applications were to use it. However, I was not just sure if it is good to add a dependency to a particular crypto library. There are Gnutls, openssl and NSS and possibly other? I have not used any of them for this purpose (I am mainly a Java developer now days and normally use the Bouncy Castle API). And as Brad mentions the trusted root certificates might be fetched from some keystore integrated with the desktop. I think my initial idea was to have support in poppler to get only that is needed and then an application could implement the rest and later some of that could be refactored and moved back into poppler, but that's just and idea you know better how poppler works. Regarding the code related question: I have not been using poppler before and I noticed while looking at this that there was at least two ways of doing it. I did not really understand the implications of choosing one over the other. What is recommended - storing the Object in the class or copy the string? I wasn't also sure I was freeing the memory correctly... Reply at: https://bugs.launchpad.net/poppler/+bug/740506/comments/8 ------------------------------------------------------------------------ On 2010-07-29T19:09:38+00:00 Albert Astals Cid wrote: Brad, you are the "expert" here, you think it makes sense commiting the patch (maybe fixing the style?) ? Reply at: https://bugs.launchpad.net/poppler/+bug/740506/comments/9 ------------------------------------------------------------------------ On 2010-07-29T22:40:14+00:00 Albert Astals Cid wrote: I've spoken with Brad off-line and i think i agree with him that we should have a working test/example showing how things work before commiting anything, otherwise it will just bitrot, no-one will be able to figure out how to use it, etc... So if you could hack a quick test/example using the library of your choose it would be great Reply at: https://bugs.launchpad.net/poppler/+bug/740506/comments/10 ------------------------------------------------------------------------ On 2010-08-19T17:18:58+00:00 RedDwarf wrote: I'm far from understanding all of this. But notice it seems NSS will be *the* Linux crypto library. Fedora is pursuing it: http://fedoraproject.org/wiki/FedoraCryptoConsolidation And it's in Linux Standard Base 4: http://ldn.linuxfoundation.org/article/lsb-40-the-cryptography-strategy Reply at: https://bugs.launchpad.net/poppler/+bug/740506/comments/11 ------------------------------------------------------------------------ On 2011-04-15T08:15:17+00:00 Jelle de Jong wrote: Any progress or possible ETA for digital signature support for PDF documents? Reply at: https://bugs.launchpad.net/poppler/+bug/740506/comments/13 ------------------------------------------------------------------------ On 2011-12-11T19:44:40+00:00 iroli wrote: bump Reply at: https://bugs.launchpad.net/poppler/+bug/740506/comments/14 ------------------------------------------------------------------------ On 2012-02-09T13:36:13+00:00 nodata wrote: Since there hasn't been any progress for a couple of years, would it be possible to close this bug? Reply at: https://bugs.launchpad.net/poppler/+bug/740506/comments/15 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/740506 Title: verify digital signatures To manage notifications about this bug go to: https://bugs.launchpad.net/poppler/+bug/740506/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
