[Poppler-bugs] [Bug 99365] Certificate chain from PDF digital signature back to trusted root certificate not verified?

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Thu Jan 12 14:04:32 UTC 2017


https://bugs.freedesktop.org/show_bug.cgi?id=99365

--- Comment #3 from Andre Guerreiro <aguerreiro1985 at gmail.com> ---
There are indeed 2 different validations happening here:
1- Verification of the cryptographic signature in a strict sense
2- Certificate verification: which includes validity checking and making sure
that the certificate chain ends in a trusted root.

Maybe we can change the output string of pdfsig for the 1st validation to
something more specific if people find the wording to be misleading:
"Signature Validation: the document was not modified since the document was
signed"

Additionally we could output a "global" validation result for each signature
which would have 3 possible values: Valid, Invalid or has Issues (when the
certificate is not valid or wasn't even verified).
This seems to be the approach taken by Adobe Reader for the signature status
icons (Green check, Red Cross, Question Mark)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20170112/06047dd3/attachment.html>


More information about the Poppler-bugs mailing list