El divendres, 23 d’abril de 2021, a les 19:55:43 (CEST), Andrés Soria va escriure: > Hello everyone. Hope you are doing well. > > I need to work with some government documentation that has a digital > signature on it with the local ID card. > Until now I was working with adobe reader 9.5 for linux wich whenever I > opened a document It checked the signature going through the internet and > downloaded the revocation list. > > We are looking forward to stop using adobe reader for linux (It is old > software and has a lot of security issues) and replace it with okular wich > uses poppler and pdfsig to verify signatures.
Okular does not use pdfsig (it just uses poppler) > As far as we know testing okular signatures are checked ok but only > identity and integrity, we can not make or we don't know how to use it to > check revocation as it did Adobe reader. > > How does pdfsig check revocation list on the internet? pdfsig does not contact the internet (and as far as i know NSS doesn't either). > Or we have to > download the crl file and make pdfsig check locally? poppler (and thus pdfsig) uses NSS for signature validation. You can see how you can manage CRLs for NSS in https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_crlutil Hope that helps :) Cheers, Albert > > Thanks for the help. > > Regards. > Andrés. > _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
