[poppler] Pdfsig checking revocation list
Albert Astals Cid
aacid at kde.org
Sun Apr 25 22:42:51 UTC 2021
El divendres, 23 d’abril de 2021, a les 19:55:43 (CEST), Andrés Soria va escriure:
> Hello everyone. Hope you are doing well.
>
> I need to work with some government documentation that has a digital
> signature on it with the local ID card.
> Until now I was working with adobe reader 9.5 for linux wich whenever I
> opened a document It checked the signature going through the internet and
> downloaded the revocation list.
>
> We are looking forward to stop using adobe reader for linux (It is old
> software and has a lot of security issues) and replace it with okular wich
> uses poppler and pdfsig to verify signatures.
Okular does not use pdfsig (it just uses poppler)
> As far as we know testing okular signatures are checked ok but only
> identity and integrity, we can not make or we don't know how to use it to
> check revocation as it did Adobe reader.
>
> How does pdfsig check revocation list on the internet?
pdfsig does not contact the internet (and as far as i know NSS doesn't either).
> Or we have to
> download the crl file and make pdfsig check locally?
poppler (and thus pdfsig) uses NSS for signature validation.
You can see how you can manage CRLs for NSS in https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_crlutil
Hope that helps :)
Cheers,
Albert
>
> Thanks for the help.
>
> Regards.
> Andrés.
>
More information about the poppler
mailing list