<html>
<head>
<base href="https://bugs.freedesktop.org/">
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - Sign PDF with digital signature"
href="https://bugs.freedesktop.org/show_bug.cgi?id=99416#c42">Comment # 42</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - Sign PDF with digital signature"
href="https://bugs.freedesktop.org/show_bug.cgi?id=99416">bug 99416</a>
from <span class="vcard"><a class="email" href="mailto:ajohnson@redneon.com" title="Adrian Johnson <ajohnson@redneon.com>"> <span class="fn">Adrian Johnson</span></a>
</span></b>
<pre>(In reply to Hans-Ulrich Jüttner from <a href="show_bug.cgi?id=99416#c41">comment #41</a>)
<span class="quote">> I have a little conceptual problem with patch (3), <span class=""><a href="attachment.cgi?id=134081" name="attach_134081" title="write document then update byte offsets and sig on disk v2">attachment #134081</a> <a href="attachment.cgi?id=134081&action=edit" title="write document then update byte offsets and sig on disk v2">[details]</a></span> <a href='page.cgi?id=splinter.html&bug=99416&attachment=134081'>[review]</a>
> [details] [review].
> Calling method sign() from qt5 interface now writes directly to disk with
> the file name as new first parameter of that method. But this leaves the
> document in memory with an invalid signature and invalid ByteRange
> parameters.
> Poppler::PDFConverter::convert() called afterwards would write this invalid
> document to disk and Poppler::FormFieldSignature::validate() called after
> signing would tell us that the signature is invalid.</span >
I'm not familiar with the qt5 interface. There a a couple of options:
- reread the document after signing so the in memory copy is consistent with
the on disk copy
- document the signing as a "save a copy" operation. ie the saved copy will be
different to the in memory copy. And fix the code so the in memory copy is not
changed.
<span class="quote">> This behaviour can be argued as signing should always be the last thing to do
> before writing the signed document to disk. But I think that should be
> clearly
> documented in the header file qt5/src/poppler-form.h saying that the document
> has to be reread from disk before doing anything with it after signing.</span >
And user interfaces should display a warning of modification of a signed
document is attempted to warning the signature will be invalidated.
<span class="quote">> Moreover, the new parameter saveFilename of method sign() should be added to
> the documentation of that method with an @param line just as it was done for
> the other parameters.</span ></pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>