desktop-packages team mailing list archive

Thread
Date

[Bug 740506]

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Adrian Johnson <ajohnson@xxxxxxxxxxx>
Date: Thu, 07 Jan 2016 12:31:05 -0000
Reply-to: Bug 740506 <740506@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I don't think we need to check if the byte range covers the entire
document. Our job, when verifying the signature, is to use the byte
ranges provided in the signature dictionary. It is up to the pdf
producer to ensure the byte range covers the entire document (excluding
the signature value).

All we need to do is ensure we check all bytes ranges in the ByteRange
array. We should also check that each byte range is within the file. eg
check that each offset is >= 0 and offset + length <= file size.

While it would be nice to check if the byte range covers the entire
document, poppler does not provide any easy way to determine the file
offsets of a dictionary value. This makes it difficult to check if the
excluded range only covers the signature value.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/740506

Title:
  verify digital signatures

Status in Evince:
  Confirmed
Status in Poppler:
  Confirmed
Status in poppler package in Ubuntu:
  Triaged

Bug description:
  Binary package hint: evince

  This is a feature request to verify digital signatures.  I'm receiving more and more digitally signed PDF's and evince already acknowledges them with:
  Signature Not Verified
  Digitally signed by <signer>
  Date:  <time stamp>
  Reason: <reason>
  Location: <location>
  but it would be great if Evince would be integrated into the distro's ca-certificate infrastructure to verify these signatures.

To manage notifications about this bug go to:
https://bugs.launchpad.net/evince/+bug/740506/+subscriptions