[Poppler-bugs] [Bug 16770] support for digital signatures
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Tue Sep 11 08:00:50 PDT 2012
https://bugs.freedesktop.org/show_bug.cgi?id=16770
--- Comment #32 from Carlos Garcia Campos <carlosgc at gnome.org> 2012-09-11 15:00:50 UTC ---
(In reply to comment #30)
> (In reply to comment #26)
> > What's missing in gnutls is a way to parse all the relevant components of the
> > PKCS#7 object as present in a PDF signature.
> >
> > It seems that in gnutls they assume those objects can only contain certificates
> > and CRLs as you can confirm if you go through the functions that take
> > gnutls_pkcs7_t as argument.
> >
> > With openssl you can get the certificates, signature, and the digest of the
> > signed content (these are the essential parts for detached signatures as used
> > in PDF) as well as any optional timestamps or CRLs.
>
> Would it be a lot of work to add support for that to gnutls?
Replying to myself:
<KaL> I wonder if it could be useful for glib-networking to implement the
missing things in gnutls, or if we don't need that at all
<danw> reading...
<danw> chpe, KaL_out: both gnutls and glib-networking intentionally only do
TLS, not crypto in general, so I don't think it makes sense to add the extra
PKCS#7 functionality to either of them
<danw> NSS would be better than OpenSSL, and once all the p11-kit /
NSS-shared-DB stuff gets figured out fully, then NSS-based apps will be able to
access your gnome-keyring certificates via PKCS#11
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the Poppler-bugs
mailing list