issue with signature validation
Pablo Rodríguez
oinos at web.de
Sat Jun 22 13:03:18 UTC 2024
Dear list,
pdfsig-24.02 gives the following verification results from a digitally
signed PDF document:
- Signing Hash Algorithm: SHA1
- Signature Type: ETSI.CAdES.detached
- Signed Ranges: [0 - 248], [54250 - 87428]
- Total document signed
- Signature Validation: Signature is Invalid.
Acrobat Reader had no problem with this signature (tested weeks ago).
MuPDF-1.24.4 (mutool sign -v) complains about the certificate, but not
about the signature:
Certificate error: Self-signed certificate in chain.
The document is unchanged since signing.
I guess signature verification is rejected because of SHA1.
If you allow me a suggestion (I can provide an MR myself), please
consider another message.
For most (non-tech) users, signature validity is mainly its correctness
(no digest mismatch).
Even some PDF viewers (I cannot remember Acrobat right now) use "invalid
signature" for digest mismatch.
I wonder whether the following wording would be better:
Signature may be valid, but cryptographically insecure.
I know that the expression seems too complex at first, but I thinks it
dispels the misleading idea "the signature is wrong".
Many thanks for your help,
Pablo
More information about the poppler
mailing list