touch-packages team mailing list archive

[Adrian Johnson <ajohnson@xxxxxxxxxxx>]

(In reply to Andre Guerreiro from comment #63)
> I also thought of adding the feature to pdfinfo but it seems wrong to mix up
> something which performs various computations and relies on external state
> (NSS cert DB) to pdfinfo which just reads metadata from the file itself.

pdfinfo already performs various computations. If the file is encrypted
it has to decrypt the objects to read the file. Reading from other
sources is not an issue if a switch is used to enable the signature
checking.

It seems pointless to me to add an entire new utility to perform one
function that can be enabled by adding a switch to pdfinfo.

I'll leave it to Albert decide. But if we keep pdfsigverify I suggest
making it more generic to allow for the possibility of later adding the
capability to sign pdfs. eg call it pdfsig and if verifying signatures
it not a fast operation, maybe enable the check with a switch and make
the default operation (ie no switch specified) report whether the pdf
contains a signature.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/740506

Title:
  verify digital signatures

Status in Evince:
  Confirmed
Status in Poppler:
  Confirmed
Status in poppler package in Ubuntu:
  Triaged

Bug description:
  Binary package hint: evince

  This is a feature request to verify digital signatures.  I'm receiving more and more digitally signed PDF's and evince already acknowledges them with:
  Signature Not Verified
  Digitally signed by <signer>
  Date:  <time stamp>
  Reason: <reason>
  Location: <location>
  but it would be great if Evince would be integrated into the distro's ca-certificate infrastructure to verify these signatures.

To manage notifications about this bug go to:
https://bugs.launchpad.net/evince/+bug/740506/+subscriptions