[okular] [Bug 446298] New: PDF signature certificate chain validation

[bugzilla_noreply at kde.org]

https://bugs.kde.org/show_bug.cgi?id=446298

            Bug ID: 446298
           Summary: PDF signature certificate chain validation
           Product: okular
           Version: unspecified
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: PDF backend
          Assignee: okular-devel at kde.org
          Reporter: gustavo at angulosolido.pt
  Target Milestone: ---

Created attachment 144101
  --> https://bugs.kde.org/attachment.cgi?id=144101&action=edit
messages from Adobe Reader

I have recently checked that Poppler can provide both:

1. signed PDF content verification (i.e. content was not changed after
signature)
2. identify verification, given trusted CA certificates (inserted into the
Firefox NSS cert db)

Reference:

https://gitlab.freedesktop.org/poppler/poppler/-/issues/896#note_1172603

It seems to me that oKular when it says "the signature is cryptographically
valid" it refers to 1), which might not be 100% clear to whoever sees that
message. Ideally oKular would be able to perform 1 and 2, like Poppler does,
and display different messages depending on whether both checks are performed
or only the first so that the users understands the level of validation.

I am attaching the messages from Adobe Reader to illustrate the idea.

-- 
You are receiving this mail because:
You are the assignee for the bug.