[Poppler-bugs] [Bug 99416] Sign PDF with digital signature
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Sep 13 14:05:10 UTC 2017
https://bugs.freedesktop.org/show_bug.cgi?id=99416
--- Comment #42 from Adrian Johnson <ajohnson at redneon.com> ---
(In reply to Hans-Ulrich Jüttner from comment #41)
> I have a little conceptual problem with patch (3), attachment #134081
> [details] [review].
> Calling method sign() from qt5 interface now writes directly to disk with
> the file name as new first parameter of that method. But this leaves the
> document in memory with an invalid signature and invalid ByteRange
> parameters.
> Poppler::PDFConverter::convert() called afterwards would write this invalid
> document to disk and Poppler::FormFieldSignature::validate() called after
> signing would tell us that the signature is invalid.
I'm not familiar with the qt5 interface. There a a couple of options:
- reread the document after signing so the in memory copy is consistent with
the on disk copy
- document the signing as a "save a copy" operation. ie the saved copy will be
different to the in memory copy. And fix the code so the in memory copy is not
changed.
> This behaviour can be argued as signing should always be the last thing to do
> before writing the signed document to disk. But I think that should be
> clearly
> documented in the header file qt5/src/poppler-form.h saying that the document
> has to be reread from disk before doing anything with it after signing.
And user interfaces should display a warning of modification of a signed
document is attempted to warning the signature will be invalidated.
> Moreover, the new parameter saveFilename of method sign() should be added to
> the documentation of that method with an @param line just as it was done for
> the other parameters.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20170913/5eb23b13/attachment-0001.html>
More information about the Poppler-bugs
mailing list