[Poppler-bugs] [Bug 99271] make it possible to extract digital signature data (also in pdfsig)

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Jun 27 07:32:34 UTC 2017 

https://bugs.freedesktop.org/show_bug.cgi?id=99271

--- Comment #26 from Hans-Ulrich Jüttner <huj at froreich-bioscientia.de> ---
(In reply to Albert Astals Cid from comment #25)
> Should
> 
> +  if (subfilterName.isName("adbe.pkcs7.sha1")) {
> +    signature_type = adbe_pkcs7_sha1;
> +    signature_info->setSubFilterSupport(true);
> +  }
> +  if (subfilterName.isName("adbe.pkcs7.detached")) {
> 
> be an else if?
> 

Yes, of course.

> 
> 
> Also can you explain getSignedRangeBounds vs getCheckedSignature ? In one
> you assume an indefinite number of ranges in getByteRange but the other one
> only works if there's exactly 2 ranges (4 elements in getByteRange). Why is
> that?

A document from Adobe
https://www.adobe.com/devnet-docs/acrobatetk/tools/DigSig/Acrobat_DigitalSignatures_in_PDF.pdf
describes a signature in PDF files to have exactly four numbers defining
2 ranges:

"ByteRange is an array of four numbers. The first number in each pair is the
offset in the file (from the beginning, starting from 0) of the beginning of a
stream of bytes to be included in the hash. The second number is the length of
that stream. The two pairs define two sequences of bytes that define what is to
be hashed. The actual signature value is stored in the /Contents key between
the end of the first sequence and the beginning of the second one." (Page 5)

I abided to this in getCheckedSignature() as the name of this function
indicates
that the signature has been checked according to the standard. On the other
hand
in getByteRange I wanted to return what actually is in the PDF document.
Because
of the definition of the byte range as containing pairs of offset and length,
I had to assume the number to be even. But we can be more restrictive here too,
returning an empty list if there aren't exactly four elements in the byte
range.

What do you think?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20170627/fa23591c/attachment.html>

More information about the Poppler-bugs mailing list