[okular] [Bug 496604] New: signing PDF documents in Okular using EiDAS certificat generates signature of type adbe.pkcs7.detached instead of type ETSI.CAdES.detached

Richard PALO bugzilla_noreply at kde.org
Sat Nov 23 08:36:42 GMT 2024 

https://bugs.kde.org/show_bug.cgi?id=496604

            Bug ID: 496604
           Summary: signing PDF documents in Okular using EiDAS certificat
                    generates signature of type adbe.pkcs7.detached
                    instead of type ETSI.CAdES.detached
    Classification: Applications
           Product: okular
           Version: 24.08.3
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: PDF backend
          Assignee: okular-devel at kde.org
          Reporter: richard.palo at free.fr
  Target Milestone: ---

SUMMARY
Signing PDF with recent Okular creates signature non-compatible with the ETSI
formats (CAdES/PAdES)
Chorus-pro (in France) now rejects documents signed with my EiDAS certificat as
the verification tool 
with (in French, naturally):
Signature 1/1
Cette signature est mal formatée : champ manquant, valeur invalide, incohérence
Signature 1/1
Statut de la signature
 Au moins une erreur a été trouvée
Identifiant de la signature : {db739815-6935-4f56-8f3d-d1d3b955b63b}

STEPS TO REPRODUCE
1.  Open pdf document to sign
2.  sign the document, with the image being a facsimile of my handwritten
signature+company stamp
3.  pdfsig -nocert on the new __signed file 

OBSERVED RESULT
Digital Signature Info of: AELOT9_signé.pdf
Signature #1:
  - Signature Field Name: {db739815-6935-4f56-8f3d-d1d3b955b63b}
  - Signer Certificate Common Name: Richard PALO
  - Signer full Distinguished Name:
OID.2.5.4.97=NTRFR-441322385,serialNumber=cdef60dc95be86f4926592c28baeae6365968311,givenName=Richard,SN=PALO,CN=Richard
PALO,OU=0002 441322385,O=BAOU,C=FR
  - Signing Time: Nov 20 2024 10:10:44
  - Signing Hash Algorithm: SHA-256
  - Signature Type: adbe.pkcs7.detached
  - Signed Ranges: [0 - 312764], [332766 - 333269]
  - Total document signed
  - Signature Validation: Signature is Valid.

EXPECTED RESULT
Digital Signature Info of: AELOT9_signé.pdf
Signature #1:
  - Signature Field Name: Signature1
  - Signer Certificate Common Name: Richard PALO
  - Signer full Distinguished Name:
OID.2.5.4.97=NTRFR-441322385,serialNumber=cdef60dc95be86f4926592c28baeae6365968311,givenName=Richard,SN=PALO,CN=Richard
PALO,OU=0002 441322385,O=BAOU,C=FR
  - Signing Time: Nov 21 2024 16:44:08
  - Signing Hash Algorithm: SHA-256
  - Signature Type: ETSI.CAdES.detached
  - Signed Ranges: [0 - 239409], [289411 - 290760]
  - Total document signed
  - Signature Validation: Signature is Valid.

(this was signed with LibreOffice)

By the way, cannot sign using pdfsig -add-signature -etsi either,
where I get the message '-etsi is not supported yet with -add-signature'


SOFTWARE/OS VERSIONS
Operating System: EndeavourOS 
KDE Plasma Version: 6.2.3
KDE Frameworks Version: 6.8.0
Qt Version: 6.8.0
Kernel Version: 6.6.62-1-lts (64-bit)
Graphics Platform: Wayland
Processors: 12 × AMD Ryzen 5 5500U with Radeon Graphics
Memory: 30.7 Gio of RAM
Graphics Processor: AMD Radeon Graphics
Manufacturer: ASUSTeK COMPUTER INC.
Product Name: MINIPC PN51-E1
System Version: 0509

ADDITIONAL INFORMATION
can be provided upon demand

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Okular-devel mailing list