[Poppler-bugs] [Bug 16770] support for digital signatures
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Fri Sep 7 09:50:48 PDT 2012
https://bugs.freedesktop.org/show_bug.cgi?id=16770
--- Comment #19 from Andre Guerreiro <aguerreiro1985 at gmail.com> 2012-09-07 16:50:48 UTC ---
@Albert
OK, I can see the problem for poppler in terms of licensing.
A quick evaluation of the alternatives:
gnutls seems to be unsuited for this because it doesn't have a decent PKCS7 API
that would allow me to parse the signature and access each component.
I've only found this in the docs:
http://www.gnu.org/software/gnutls/manual/html_node/X509-certificate-API.html#X509-certificate-API
NSS seems to be more promising as I've found example code for PKCS#7 validation
in its source tarball: mozilla/security/nss/cmd/p7verify/p7verify.c
The disadvantage I see with nss is that we won't be able to reuse the system
certificate store usually in /etc/ssl/certs because it will need to use a
particular Berkeley DB cert store as you can find in your Firefox/Thunderbird
Profile. So we'd have an implicit dependency on .mozilla/... being present or
worse we'll need to introduce our own cert store.
I have no experience with gnutls or nss so if anyone can correct me or add
something, feel free.
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the Poppler-bugs
mailing list